summaryrefslogtreecommitdiff
path: root/src/providers/krb5/krb5_init_shared.h
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-08-31 14:21:22 -0400
committerSimo Sorce <simo@redhat.com>2013-09-09 15:11:46 -0400
commit14050f35224360883e20ebd810d3eb40f39267cf (patch)
treec31be7accf7d69007010ef67f832076ceffe9a7a /src/providers/krb5/krb5_init_shared.h
parent0dbcc64a5cee58d5fffaaef923302d9c7a951a7d (diff)
downloadsssd-14050f35224360883e20ebd810d3eb40f39267cf.tar.gz
sssd-14050f35224360883e20ebd810d3eb40f39267cf.tar.bz2
sssd-14050f35224360883e20ebd810d3eb40f39267cf.zip
krb5: Add file/dir path precheck
Add a precheck on the actual existence at all of the file/dir ccname targeted (for FILE/DIR types), and bail early if nothing is available. While testing I found out that without this check, the krb5_cc_resolve() function we call as user to check old paths would try to create the directory if it didn't exist. With a ccname of DIR:/tmp/ccdir_1000 saved in the user entry this would cause two undesirable side effects: First it would actually create a directory with the old name, when it should not. Second, because for some reason the umask is set to 0127 in sssd_be, it would create the directory with permission 600 (missing the 'x' traverse bit on the directory. If the new ccache has the same name it would cause the krb5_child process to fal to store the credential cache in it. Related: https://fedorahosted.org/sssd/ticket/2061
Diffstat (limited to 'src/providers/krb5/krb5_init_shared.h')
0 files changed, 0 insertions, 0 deletions