summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2013-07-18 19:05:51 +0200
committerJeremy Allison <jra@samba.org>2013-07-23 15:39:29 -0700
commit7ad3a367d52b1f123c318946d654e95639202130 (patch)
tree710a299195c05707480537dbe7a9497e18d5fdfc
parent73e6feff9b3f30e70d84fe256aff239fafdfdb95 (diff)
downloadsamba-7ad3a367d52b1f123c318946d654e95639202130.tar.gz
samba-7ad3a367d52b1f123c318946d654e95639202130.tar.bz2
samba-7ad3a367d52b1f123c318946d654e95639202130.zip
s3-winbindd: support the DIR pragma for raw kerberos user pam authentication.
It is currently only available in MIT. In addition, allow to define custom filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the %u pattern. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r--source3/winbindd/winbindd_pam.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index aed47416ac..7b671542a2 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -492,6 +492,29 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
gen_cc = talloc_asprintf(
mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
}
+ if (strequal(type, "DIR")) {
+ gen_cc = talloc_asprintf(
+ mem_ctx, "DIR:/run/user/%d/krb5cc", uid);
+ }
+
+ if (strnequal(type, "FILE:/", 6) ||
+ strnequal(type, "WRFILE:/", 8) ||
+ strnequal(type, "DIR:/", 5)) {
+
+ /* we allow only one "%u" substitution */
+
+ char *p;
+
+ p = strchr(type, '%');
+ if (p != NULL) {
+
+ p++;
+
+ if (p != NULL && *p == 'u' && strchr(p, '%') == NULL) {
+ gen_cc = talloc_asprintf(mem_ctx, type, uid);
+ }
+ }
+ }
}
*user_ccache_file = gen_cc;