X-Git-Url: http://dolda2000.com/gitweb/?a=blobdiff_plain;f=pam_krb5auto.c;h=eb990d263f99b353b58f5ea3251d2fb1792b2639;hb=6087eccbf847ed0c3916a3e508ae1dd6e25dcf23;hp=3f7bf0014b69870a119f72d47f7bbf927f51d40b;hpb=4fb861a52220666fa147e30670fe6b8a60cd40e3;p=utils.git

diff --git a/pam_krb5auto.c b/pam_krb5auto.c
index 3f7bf00..eb990d2 100644
--- a/pam_krb5auto.c
+++ b/pam_krb5auto.c
@@ -32,6 +32,7 @@ struct data
     krb5_creds initcreds;
     int hascreds;
     uid_t uid;
+    gid_t gid;
 };
 
 static void log(int prio, char *format, ...)
@@ -126,6 +127,7 @@ static struct data *getdata(pam_handle_t *pamh, struct options *opts)
 	    return(NULL);
 	}
 	data->uid = pwent->pw_uid;
+	data->gid = pwent->pw_gid;
 	if((ret = krb5_init_context(&data->ctx)) != 0) {
 	    log(LOG_CRIT, "could not create krb5 context: %s", error_message(ret));
 	    freedata(data);
@@ -183,8 +185,8 @@ static int savecreds(pam_handle_t *pamh, struct options *opts, struct data *data
     if(opts->debug)
 	log(LOG_DEBUG, "got creds successfully");
     snprintf(buf, sizeof(buf), "KRB5CCNAME=FILE:/tmp/krb5cc_%i_XXXXXX", data->uid);
-    ccname = buf + sizeof("KRB5CCNAME=");
-    filename = ccname + sizeof("FILE:");
+    ccname = buf + sizeof("KRB5CCNAME=") - 1;
+    filename = ccname + sizeof("FILE:") - 1;
     if((fd = mkstemp(filename)) < 0) {
 	log(LOG_ERR, "could not create tempfile for credentials cache: %s", strerror(errno));
 	ret = PAM_SERVICE_ERR;
@@ -211,6 +213,7 @@ static int savecreds(pam_handle_t *pamh, struct options *opts, struct data *data
 	ret = PAM_SERVICE_ERR;
 	goto out;
     }
+    chown(filename, data->uid, data->gid);
     pam_putenv(pamh, strdup(buf));
     if(opts->debug)
 	log(LOG_DEBUG, "successfully initialized ccache");