krb5/krb5-1.3-ksu-access.patch

The idea is to not complain about problems in the default ticket file if we
couldn't read it, because the client would be able to tell if it's there or
not.  Still needs work, I think.
--- krb5-1.3/src/clients/ksu/ccache.c
+++ krb5-1.3/src/clients/ksu/ccache.c
@@ -77,7 +77,7 @@
     cc_def_name = krb5_cc_get_name(context, cc_def);    
     cc_other_name = krb5_cc_get_name(context, *cc_other);    
 
-    if ( ! stat(cc_def_name, &st_temp)){
+    if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
 	if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
 		return retval;
 	}
--- krb5-1.3/src/clients/ksu/heuristic.c
+++ krb5-1.3/src/clients/ksu/heuristic.c
@@ -412,7 +412,7 @@
 
     cc_source_name = krb5_cc_get_name(context, cc);
 
-    if ( ! stat(cc_source_name, &st_temp)){
+    if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
 
 	retval = find_ticket(context, cc, client, end_server, &temp_found);
 	if (retval)
@@ -572,7 +572,7 @@
     cc_source_name = krb5_cc_get_name(context, cc_source);
 
 	
-    if (! stat(cc_source_name, &st_temp)) {
+    if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
 	retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
 	if (retval)
 	    return retval;
--- krb5-1.3/src/clients/ksu/main.c
+++ krb5-1.3/src/clients/ksu/main.c
@@ -263,7 +263,7 @@
 		if ( strchr(cc_source_tag, ':')){
 		    cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
 		    
-		    if( stat( cc_source_tag_tmp, &st_temp)){
+		    if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
 			com_err (prog_name, errno,
 				 "while looking for credentials file %s",
 				 cc_source_tag_tmp);
auto-import changelog data from krb5-1.3.1-6.src.rpm Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-6 - fix bug in patch to make rlogind start login with a clean environment a la netkit rlogin, spotted and fixed by Scott McClung Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-5 - include profile.d scriptlets in krb5-devel so that krb5-config will be in the path, reported by Kir Kolyshkin Mon Sep 08 2003 Nalin Dahyabhai <nalin@redhat.com> - add more etypes (arcfour) to the default enctype list in kdc.conf - don't apply previous patch, refused upstream Fri Sep 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-4 - fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials Wed Sep 03 2003 Dan Walsh <dwalsh@redhat.com> 1.3.1-3 - Don't check for write access on /etc/krb5.conf if SELinux Tue Aug 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-2 - fixup some int/pointer varargs wackiness Tue Aug 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-1 - rebuild Mon Aug 04 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-0 - update to 1.3.1 Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-2 - pull fix for non-compliant encoding of salt field in etype-info2 preauth data from 1.3.1 beta 1, until 1.3.1 is released. Mon Jul 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-1 - update to 1.3 Mon Jul 07 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-4 - correctly use stdargs Wed Jun 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-0.beta.4 - test update to 1.3 beta 4 - ditch statglue build option - krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> - rebuilt Wed May 21 2003 Jeremy Katz <katzj@redhat.com> 1.2.8-2 - gcc 3.3 doesn't implement varargs.h, include stdarg.h instead Wed Apr 09 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-1 - update to 1.2.8 2004-09-09 07:16:22 +00:00			`The idea is to not complain about problems in the default ticket file if we`
			`couldn't read it, because the client would be able to tell if it's there or`
			`not. Still needs work, I think.`
			`--- krb5-1.3/src/clients/ksu/ccache.c`
			`+++ krb5-1.3/src/clients/ksu/ccache.c`
			`@@ -77,7 +77,7 @@`
			`cc_def_name = krb5_cc_get_name(context, cc_def);`
			`cc_other_name = krb5_cc_get_name(context, *cc_other);`

			`- if ( ! stat(cc_def_name, &st_temp)){`
			`+ if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){`
			`if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){`
			`return retval;`
			`}`
			`--- krb5-1.3/src/clients/ksu/heuristic.c`
			`+++ krb5-1.3/src/clients/ksu/heuristic.c`
			`@@ -412,7 +412,7 @@`

			`cc_source_name = krb5_cc_get_name(context, cc);`

			`- if ( ! stat(cc_source_name, &st_temp)){`
			`+ if ( ! access(cc_source_name, F_OK \| R_OK) && ! stat(cc_source_name, &st_temp)){`

			`retval = find_ticket(context, cc, client, end_server, &temp_found);`
			`if (retval)`
			`@@ -572,7 +572,7 @@`
			`cc_source_name = krb5_cc_get_name(context, cc_source);`


			`- if (! stat(cc_source_name, &st_temp)) {`
			`+ if (! access(cc_source_name, F_OK \| R_OK) && ! stat(cc_source_name, &st_temp)) {`
			`retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);`
			`if (retval)`
			`return retval;`
			`--- krb5-1.3/src/clients/ksu/main.c`
			`+++ krb5-1.3/src/clients/ksu/main.c`
			`@@ -263,7 +263,7 @@`
			`if ( strchr(cc_source_tag, ':')){`
			`cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;`

			`- if( stat( cc_source_tag_tmp, &st_temp)){`
			`+ if( access( cc_source_tag_tmp, F_OK \| R_OK) \|\| stat( cc_source_tag_tmp, &st_temp)){`
			`com_err (prog_name, errno,`
			`"while looking for credentials file %s",`
			`cc_source_tag_tmp);`