summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/winbindd/winbindd_pam.c79
1 files changed, 28 insertions, 51 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 7a77b186d7..0d481c2b3d 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -463,7 +463,7 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
const char *type,
uid_t uid,
- bool *internal_ccache)
+ const char **user_ccache_file)
{
/* accept FILE and WRFILE as krb5_cc_type from the client and then
* build the full ccname string based on the user's uid here -
@@ -471,58 +471,33 @@ static const char *generate_krb5_ccache(TALLOC_CTX *mem_ctx,
const char *gen_cc = NULL;
- *internal_ccache = true;
-
- if (uid == -1) {
- goto memory_ccache;
- }
-
- if (strequal(type, "FILE")) {
- gen_cc = talloc_asprintf(mem_ctx, "FILE:/tmp/krb5cc_%d", uid);
- } else if (strequal(type, "WRFILE")) {
- gen_cc = talloc_asprintf(mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
- } else {
- DEBUG(10,("we don't allow to set a %s type ccache\n", type));
- goto memory_ccache;
+ if (uid != -1) {
+ if (strequal(type, "FILE")) {
+ gen_cc = talloc_asprintf(
+ mem_ctx, "FILE:/tmp/krb5cc_%d", uid);
+ }
+ if (strequal(type, "WRFILE")) {
+ gen_cc = talloc_asprintf(
+ mem_ctx, "WRFILE:/tmp/krb5cc_%d", uid);
+ }
}
- *internal_ccache = false;
- goto done;
+ *user_ccache_file = gen_cc;
- memory_ccache:
- gen_cc = talloc_strdup(mem_ctx, "MEMORY:winbindd_pam_ccache");
-
- done:
+ if (gen_cc == NULL) {
+ gen_cc = talloc_strdup(mem_ctx, "MEMORY:winbindd_pam_ccache");
+ }
if (gen_cc == NULL) {
DEBUG(0,("out of memory\n"));
return NULL;
}
- DEBUG(10,("using ccache: %s %s\n", gen_cc, *internal_ccache ? "(internal)":""));
+ DEBUG(10, ("using ccache: %s%s\n", gen_cc,
+ (*user_ccache_file == NULL) ? " (internal)":""));
return gen_cc;
}
-static void setup_return_cc_name(struct winbindd_cli_state *state, const char *cc)
-{
- const char *type = state->request->data.auth.krb5_cc_type;
-
- state->response->data.auth.krb5ccname[0] = '\0';
-
- if (type[0] == '\0') {
- return;
- }
-
- if (!strequal(type, "FILE") &&
- !strequal(type, "WRFILE")) {
- DEBUG(10,("won't return krbccname for a %s type ccache\n",
- type));
- return;
- }
-
- fstrcpy(state->response->data.auth.krb5ccname, cc);
-}
-
#endif
uid_t get_uid_from_request(struct winbindd_request *request)
@@ -565,7 +540,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
uid_t uid = -1;
ADS_STRUCT *ads;
time_t time_offset = 0;
- bool internal_ccache = true;
+ const char *user_ccache_file;
struct PAC_LOGON_INFO *logon_info = NULL;
*info3 = NULL;
@@ -581,7 +556,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
cc = generate_krb5_ccache(state->mem_ctx,
state->request->data.auth.krb5_cc_type,
state->request->data.auth.uid,
- &internal_ccache);
+ &user_ccache_file);
if (cc == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -619,7 +594,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
/************************ ENTERING NON-ROOT **********************/
- if (!internal_ccache) {
+ if (user_ccache_file != NULL) {
set_effective_uid(uid);
DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
}
@@ -636,7 +611,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
NULL,
&logon_info);
- if (!internal_ccache) {
+ if (user_ccache_file != NULL) {
gain_root_privilege();
}
@@ -654,9 +629,10 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
/* if we had a user's ccache then return that string for the pam
* environment */
- if (!internal_ccache) {
+ if (user_ccache_file != NULL) {
- setup_return_cc_name(state, cc);
+ fstrcpy(state->response->data.auth.krb5ccname,
+ user_ccache_file);
result = add_ccache_to_list(principal_s,
cc,
@@ -940,7 +916,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
char *realm = NULL;
const char *principal_s = NULL;
const char *service = NULL;
- bool internal_ccache = false;
+ const char *user_ccache_file;
uid = get_uid_from_state(state);
if (uid == -1) {
@@ -951,7 +927,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
cc = generate_krb5_ccache(state->mem_ctx,
state->request->data.auth.krb5_cc_type,
state->request->data.auth.uid,
- &internal_ccache);
+ &user_ccache_file);
if (cc == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -969,9 +945,10 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
}
- if (!internal_ccache) {
+ if (user_ccache_file != NULL) {
- setup_return_cc_name(state, cc);
+ fstrcpy(state->response->data.auth.krb5ccname,
+ user_ccache_file);
result = add_ccache_to_list(principal_s,
cc,