projects
/
xscreensaver
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
http://www.tienza.es/crux/src/www.jwz.org/xscreensaver/xscreensaver-5.05.tar.gz
[xscreensaver]
/
driver
/
passwd-kerberos.c
diff --git
a/driver/passwd-kerberos.c
b/driver/passwd-kerberos.c
index 196e3bc59a494e98c463f926d307027dc6eb6496..bb8d99265eb6379debf527f852cd73ba4067eb10 100644
(file)
--- a/
driver/passwd-kerberos.c
+++ b/
driver/passwd-kerberos.c
@@
-1,7
+1,6
@@
/* kpasswd.c --- verify kerberos passwords.
* written by Nat Lanza (magus@cs.cmu.edu) for
/* kpasswd.c --- verify kerberos passwords.
* written by Nat Lanza (magus@cs.cmu.edu) for
- * xscreensaver, Copyright (c) 1993-1997, 1998, 2000, 2003
- * Jamie Zawinski <jwz@jwz.org>
+ * xscreensaver, Copyright (c) 1993-2004 Jamie Zawinski <jwz@jwz.org>
*
* Permission to use, copy, modify, distribute, and sell this software and its
* documentation for any purpose is hereby granted without fee, provided that
*
* Permission to use, copy, modify, distribute, and sell this software and its
* documentation for any purpose is hereby granted without fee, provided that
@@
-26,6
+25,7
@@
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
+#include <sys/stat.h>
/* I'm not sure if this is exactly the right test...
Might __APPLE__ be defined if this is apple hardware, but not
/* I'm not sure if this is exactly the right test...
Might __APPLE__ be defined if this is apple hardware, but not
@@
-75,7
+75,7
@@
static char realm[REALM_SZ];
static char name[ANAME_SZ];
static char inst[INST_SZ];
static char realm[REALM_SZ];
static char name[ANAME_SZ];
static char inst[INST_SZ];
- static char *tk_file;
+ static c
onst c
har *tk_file;
#endif /* !HAVE_DARWIN */
#endif /* !HAVE_DARWIN */
@@
-161,12
+161,14
@@
kerberos_lock_init (int argc, char **argv, Bool verbose_p)
we are. Calling it ive_got_your_local_function_right_here_buddy()
would have been rude.
*/
we are. Calling it ive_got_your_local_function_right_here_buddy()
would have been rude.
*/
+#ifndef HAVE_DARWIN
static int
key_to_key(char *user, char *instance, char *realm, char *passwd, C_Block key)
{
memcpy(key, passwd, sizeof(des_cblock));
return (0);
}
static int
key_to_key(char *user, char *instance, char *realm, char *passwd, C_Block key)
{
memcpy(key, passwd, sizeof(des_cblock));
return (0);
}
+#endif /* !HAVE_DARWIN */
/* Called to see if the user's typed password is valid. We do this by asking
the kerberos server for a ticket and checking to see if it gave us one.
/* Called to see if the user's typed password is valid. We do this by asking
the kerberos server for a ticket and checking to see if it gave us one.
@@
-190,6
+192,7
@@
kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
C_Block mitkey;
Bool success;
char *newtkfile;
C_Block mitkey;
Bool success;
char *newtkfile;
+ int fh = -1;
/* temporarily switch to a new ticketfile.
I'm not using tmpnam() because it isn't entirely portable.
/* temporarily switch to a new ticketfile.
I'm not using tmpnam() because it isn't entirely portable.
@@
-197,7
+200,19
@@
kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
newtkfile = malloc(80 * sizeof(char));
memset(newtkfile, 0, sizeof(newtkfile));
newtkfile = malloc(80 * sizeof(char));
memset(newtkfile, 0, sizeof(newtkfile));
- sprintf(newtkfile, "/tmp/xscrn-%i", getpid());
+ sprintf(newtkfile, "/tmp/xscrn-%i.XXXXXX", getpid());
+
+ if( (fh = mkstemp(newtkfile)) < 0)
+ {
+ free(newtkfile);
+ return(False);
+ }
+ if( fchmod(fh, 0600) < 0)
+ {
+ free(newtkfile);
+ return(False);
+ }
+
krb_set_tkt_string(newtkfile);
krb_set_tkt_string(newtkfile);
@@
-207,7
+222,7
@@
kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
des_string_to_key(typed_passwd, mitkey);
if (krb_get_in_tkt(name, inst, realm, "krbtgt", realm, DEFAULT_TKT_LIFE,
des_string_to_key(typed_passwd, mitkey);
if (krb_get_in_tkt(name, inst, realm, "krbtgt", realm, DEFAULT_TKT_LIFE,
- key_to_key, NULL, mitkey) != 0) {
+ key_to_key, NULL,
(char *)
mitkey) != 0) {
success = False;
} else {
success = True;
success = False;
} else {
success = True;
@@
-220,6
+235,7
@@
kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
krb_set_tkt_string(tk_file);
free(newtkfile);
memset(mitkey, 0, sizeof(mitkey));
krb_set_tkt_string(tk_file);
free(newtkfile);
memset(mitkey, 0, sizeof(mitkey));
+ close(fh); /* #### tom: should the file be removed? */
/* Did we verify successfully? */
/* Did we verify successfully? */