On 01/29/2016 01:41 PM, Lukas Slebodnik wrote:
https://fedorahosted.org/sssd/ticket/2931
---
src/providers/krb5/krb5_child.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 12eb9e2093d2bdd7d67e8d029fec1455488aa67c..88bcaddc419c1e6dc5d9a0c69b50c45a45c95efc
100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -2675,6 +2675,23 @@ int main(int argc, const char *argv[])
goto done;
}
+ ret = open("/etc/krb5.conf", O_RDONLY);
+ if (ret == EOK)
I thought that open() returns file descriptor on success and and -1 in case of error. Was
I wrong?
{
> + close(ret);
> + } else {
> + ret = errno;
> + if (ret == EPERM) {
> + DEBUG(SSSDBG_CRIT_FAILURE,
> + "User with uid:%"SPRIuid" gid:%"SPRIgid"
cannot read "
> + "/etc/krb5.conf. It might cause problems.",
> + geteuid(), getegid());
> + } else {
> + DEBUG(SSSDBG_MINOR_FAILURE,
> + "Cannot open /etc/krb5.conf [%d]: %s\n",
> + ret, strerror(ret));
> + }
> + }
> +
> DEBUG(SSSDBG_TRACE_INTERNAL,
> "Running as [%"SPRIuid"][%"SPRIgid"].\n",
geteuid(), getegid());
>
> -- 2.5.0