X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=driver%2Fpasswd-kerberos.c;h=398fc3c29e5112d7fa35cc467f19f395cdf6b39d;hb=9c9d475ff889ed8be02e8ce8c17da28b93278fca;hp=cdb22b595d0ade04aa309caacd861e080f2bf9b7;hpb=96a411663168b0ba5432b407a83be55f3df0c802;p=xscreensaver diff --git a/driver/passwd-kerberos.c b/driver/passwd-kerberos.c index cdb22b59..398fc3c2 100644 --- a/driver/passwd-kerberos.c +++ b/driver/passwd-kerberos.c @@ -1,7 +1,6 @@ /* kpasswd.c --- verify kerberos passwords. * written by Nat Lanza (magus@cs.cmu.edu) for - * xscreensaver, Copyright (c) 1993-1997, 1998, 2000, 2003 - * Jamie Zawinski + * xscreensaver, Copyright (c) 1993-2004 Jamie Zawinski * * Permission to use, copy, modify, distribute, and sell this software and its * documentation for any purpose is hereby granted without fee, provided that @@ -26,6 +25,7 @@ #include #include #include +#include /* I'm not sure if this is exactly the right test... Might __APPLE__ be defined if this is apple hardware, but not @@ -192,6 +192,7 @@ kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p) C_Block mitkey; Bool success; char *newtkfile; + int fh = -1; /* temporarily switch to a new ticketfile. I'm not using tmpnam() because it isn't entirely portable. @@ -199,7 +200,19 @@ kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p) newtkfile = malloc(80 * sizeof(char)); memset(newtkfile, 0, sizeof(newtkfile)); - sprintf(newtkfile, "/tmp/xscrn-%i", getpid()); + sprintf(newtkfile, "/tmp/xscrn-%i.XXXXXX", getpid()); + + if( (fh = mkstemp(newtkfile)) < 0) + { + free(newtkfile); + return(False); + } + if( fchmod(fh, 0600) < 0) + { + free(newtkfile); + return(False); + } + krb_set_tkt_string(newtkfile); @@ -222,6 +235,7 @@ kerberos_passwd_valid_p (const char *typed_passwd, Bool verbose_p) krb_set_tkt_string(tk_file); free(newtkfile); memset(mitkey, 0, sizeof(mitkey)); + close(fh); /* #### tom: should the file be removed? */ /* Did we verify successfully? */