[OpenAFS-devel] kuserok() checking UID ownership on afs
Harald Barth
haba@pdc.kth.se
Thu, 03 Feb 2005 12:36:16 +0100 (MET)
> Unfortunately, you're both trying to solve not the problem that Troy and
> Russ were actually discussing. You're trying to solve the "I can't access
> the user's .k5login" problem, but the problem they were talking about is
> "how can I prove that no one _except_ the user could have written to the
> .k5login?".
I wrote that if you can open the file for _writing_ you probably are the
user which could have written to it from the begining. I was
thinking about somethink like.... (code inserted into the nearest kuserok.c
I could find)...
static krb5_error_code
check_one_file(krb5_context context,
const char *filename,
struct passwd *pwd,
krb5_principal principal,
krb5_boolean *result)
{
FILE *f;
char buf[BUFSIZ];
krb5_error_code ret;
struct stat st;
*result = FALSE;
f = fopen (filename, "r");
if (f == NULL)
return errno;
/* check type and mode of file */
if (fstat(fileno(f), &st) != 0) {
fclose (f);
return errno;
}
if (S_ISDIR(st.st_mode)) {
fclose (f);
return EISDIR;
}
if (st.st_uid != pwd->pw_uid && st.st_uid != 0) {
FILE *tf;
if (access(filename, W_OK) && (tf = open(filename, "w")))
fclose(tf);
else {
fclose (f);
return EACCES;
}
}
if ((st.st_mode & (S_IWGRP | S_IWOTH)) != 0) {
fclose (f);
return EACCES;
}
.........
But for that to work the krb*afslog*something() must happen before.
Or do we have filesystems which return OK on both access() and open()
and then don't let you do the operation?
Yes, we have been in AFS land too long and we like it :-)
Harald.