diff options
author | Ondrej Kos <okos@redhat.com> | 2012-10-02 18:56:39 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-04 19:43:23 +0200 |
commit | 8fe574521b7f8b14e17aea1d9afb471b80761b83 (patch) | |
tree | 4ae0aa549e9e5c43e2c6862a0ec72a740d1aca87 /src/providers/krb5/krb5_auth.c | |
parent | e7dd2a5102ba6cfd28be6eccdd62768e9758d9f4 (diff) | |
download | sssd-8fe574521b7f8b14e17aea1d9afb471b80761b83.tar.gz sssd-8fe574521b7f8b14e17aea1d9afb471b80761b83.tar.bz2 sssd-8fe574521b7f8b14e17aea1d9afb471b80761b83.zip |
Log possibly non-randomizable ccache file template
fixes https://fedorahosted.org/sssd/ticket/1533
ccache file template is now checked for appended XXXXXX for use with
mkstemp. When those characters are not present, warning is written to log.
Diffstat (limited to 'src/providers/krb5/krb5_auth.c')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index a305bb69..e244cea5 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -88,6 +88,7 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr, const char *realm, bool *active, bool *valid) { struct sss_krb5_cc_be *old_cc_ops; + const char *cc_template; errno_t ret; /* ccache file might be of a different type if the user changed @@ -100,8 +101,10 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr, return EINVAL; } - ret = old_cc_ops->check_existing(old_ccache, kr->uid, realm, - kr->upn, active, valid); + cc_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); + + ret = old_cc_ops->check_existing(old_ccache, kr->uid, realm, kr->upn, + cc_template, active, valid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot check if saved ccache %s is active and valid\n", |