int main(int argc, char **argv) { struct passwd pwd, *result; char buf[1024]; int ret; const char *user; user = getenv("USER"); if (!user) user = "******"; ret = rk_getpwnam_r(user, &pwd, buf, sizeof(buf), &result); if (ret) errx(1, "rk_getpwnam_r"); print_result(result); ret = rk_getpwnam_r(user, &pwd, buf, 1, &result); if (ret == 0) errx(1, "rk_getpwnam_r too small buf"); ret = rk_getpwnam_r("no-user-here-promise", &pwd, buf, sizeof(buf), &result); if (ret == 0) errx(1, "rk_getpwnam_r no user"); return 0; }
static krb5_error_code check_owner_file(krb5_context context, const char *filename, FILE *file, const char *owner) { #ifdef _WIN32 /* * XXX Implement this! * * The thing to do is to call _get_osfhandle() on fileno(file) and * dirfd(dir) to get HANDLEs to the same, then call * GetSecurityInfo() on those HANDLEs to get the security descriptor * (SD), then check the owner and DACL. Checking the DACL sounds * like a lot of work (what, derive a mode from the ACL the way * NFSv4 servers do?). Checking the owner means doing an LSARPC * lookup at least (to get the user's SID). */ if (owner == NULL) return 0; krb5_set_error_message(context, EACCES, "User k5login files not supported on Windows"); return EACCES; #else struct passwd pw, *pwd = NULL; char pwbuf[2048]; struct stat st; if (owner == NULL) return 0; if (rk_getpwnam_r(owner, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0) { krb5_set_error_message(context, errno, "User unknown %s (getpwnam_r())", owner); return EACCES; } if (pwd == NULL) { krb5_set_error_message(context, EACCES, "no user %s", owner); return EACCES; } if (fstat(fileno(file), &st) == -1) { krb5_set_error_message(context, EACCES, "fstat(%s) of k5login failed", filename); return EACCES; } if (S_ISDIR(st.st_mode)) { krb5_set_error_message(context, EISDIR, "k5login: %s is a directory", filename); return EISDIR; } if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) { krb5_set_error_message(context, EISDIR, "k5login %s has world and/or group write " "permissions", filename); return EACCES; } if (pwd->pw_uid != st.st_uid && st.st_uid != 0) { krb5_set_error_message(context, EACCES, "k5login %s not owned by the user or root", filename); return EACCES; } return 0; #endif }