krb5: Add file/dir path precheck

Add a precheck on the actual existence at all of the file/dir ccname
targeted (for FILE/DIR types), and bail early if nothing is available.

While testing I found out that without this check, the krb5_cc_resolve()
function we call as user to check old paths would try to create the
directory if it didn't exist.

With a ccname of DIR:/tmp/ccdir_1000 saved in the user entry this would
cause two undesirable side effects:

First it would actually create a directory with the old name, when it
should not.

Second, because for some reason the umask is set to 0127 in sssd_be, it
would create the directory with permission 600 (missing the 'x' traverse
bit on the directory. If the new ccache has the same name it would cause
the krb5_child process to fal to store the credential cache in it.

Related:
https://fedorahosted.org/sssd/ticket/2061

0 files changed, 0 insertions, 0 deletions