krb5: Add helper to destroy ccache as user

This function safely destroy a ccache given a cache name and user crdentials. It becomes the user so no possible races can compromise the system, then uses libkrb5 functions to properly destroy a ccache, independently of the cache type. Finally restores the original credentials after closing the ccache handlers. Resolves: https://fedorahosted.org/sssd/ticket/2061
author: Simo Sorce <simo@redhat.com> 2013-08-28 22:12:07 -0400
committer: Simo Sorce <simo@redhat.com> 2013-09-09 15:11:45 -0400
commit: 04c49a183f49c28f9ef900bdbc4eb30f23278e17 (patch)
tree: 9dd97c871fb5c6a62a91343a1cdd677e14cdeaeb /src/providers/krb5/krb5_utils.h
parent: 0371fbcf60d4dd8e25b9bb0a83029c812b66f3d6 (diff)
download: sssd-04c49a183f49c28f9ef900bdbc4eb30f23278e17.tar.gz
sssd-04c49a183f49c28f9ef900bdbc4eb30f23278e17.tar.bz2
sssd-04c49a183f49c28f9ef900bdbc4eb30f23278e17.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index aac3ec72..ebcfe938 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -87,6 +87,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
                      struct sss_creds **saved_creds);
 errno_t restore_creds(struct sss_creds *saved_creds);
 
+errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid);
+
 errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
                              struct tgt_times *tgtt);
author	Simo Sorce <simo@redhat.com>	2013-08-28 22:12:07 -0400
committer	Simo Sorce <simo@redhat.com>	2013-09-09 15:11:45 -0400
commit	04c49a183f49c28f9ef900bdbc4eb30f23278e17 (patch)
tree	9dd97c871fb5c6a62a91343a1cdd677e14cdeaeb /src/providers/krb5/krb5_utils.h
parent	0371fbcf60d4dd8e25b9bb0a83029c812b66f3d6 (diff)
download	sssd-04c49a183f49c28f9ef900bdbc4eb30f23278e17.tar.gz sssd-04c49a183f49c28f9ef900bdbc4eb30f23278e17.tar.bz2 sssd-04c49a183f49c28f9ef900bdbc4eb30f23278e17.zip