diff options
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.c | 71 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.h | 14 | ||||
-rw-r--r-- | src/tests/krb5_child-test.c | 6 | ||||
-rw-r--r-- | src/tests/krb5_utils-tests.c | 40 |
5 files changed, 43 insertions, 94 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 1ea179be..d2c53f98 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -333,9 +333,9 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, return EINVAL; } - ret = kr->cc_be->create(kr->ccname, - kr->krb5_ctx->illegal_path_re, - kr->uid, kr->gid, private_path); + ret = sss_krb5_precreate_ccache(kr->ccname, + kr->krb5_ctx->illegal_path_re, + kr->uid, kr->gid, private_path); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n")); return ret; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index c4849e74..83e61e14 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -722,19 +722,31 @@ done: return EOK; } -static errno_t -create_ccache_dir_head(const char *parent, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) +errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, + uid_t uid, gid_t gid, bool private_path) { - char *ccdirname; TALLOC_CTX *tmp_ctx = NULL; + const char *filename; + char *ccdirname; char *end; errno_t ret; + if (ccname[0] == '/') { + filename = ccname; + } else if (strncmp(ccname, "FILE:", 5) == 0) { + filename = ccname + 5; + } else if (strncmp(ccname, "DIR:", 4) == 0) { + filename = ccname + 4; + } else { + /* only FILE and DIR types need precreation so far, we ignore any + * other type */ + return EOK; + } + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; - ccdirname = talloc_strdup(tmp_ctx, parent); + ccdirname = talloc_strdup(tmp_ctx, filename); if (ccdirname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; @@ -1066,72 +1078,23 @@ get_cc_be_ops_ccache(const char *ccache) } /*======== Operations on the FILE: back end ========*/ -errno_t -cc_file_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) -{ - const char *filename; - - filename = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_FILE); - if (filename == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("Bad ccache type %s\n", location)); - return EINVAL; - } - - return create_ccache_dir_head(filename, illegal_re, uid, gid, private_path); -} struct sss_krb5_cc_be file_cc = { .type = SSS_KRB5_TYPE_FILE, - .create = cc_file_create, }; #ifdef HAVE_KRB5_CC_COLLECTION /*======== Operations on the DIR: back end ========*/ -errno_t -cc_dir_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) -{ - const char *dir_name; - - dir_name = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_DIR); - if (dir_name == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Bad residual type\n")); - return EINVAL; - } - - return create_ccache_dir_head(dir_name, illegal_re, uid, gid, private_path); -} struct sss_krb5_cc_be dir_cc = { .type = SSS_KRB5_TYPE_DIR, - .create = cc_dir_create, }; /*======== Operations on the KEYRING: back end ========*/ -errno_t -cc_keyring_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) -{ - const char *residual; - - residual = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_KEYRING); - if (residual == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("Bad ccache type %s\n", location)); - return EINVAL; - } - - /* No special steps are needed to create a kernel keyring. - * Everything is handled in libkrb5. - */ - return EOK; -} - struct sss_krb5_cc_be keyring_cc = { .type = SSS_KRB5_TYPE_KEYRING, - .create = cc_keyring_create, }; #endif /* HAVE_KRB5_CC_COLLECTION */ diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index b364f87a..5f720335 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -42,15 +42,9 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb, const char *user, const char *upn); -/* Operations on a credential cache */ -typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - /* A ccache back end */ struct sss_krb5_cc_be { enum sss_krb5_cc_type type; - - cc_be_create_fn create; }; extern struct sss_krb5_cc_be file_cc; @@ -58,9 +52,6 @@ extern struct sss_krb5_cc_be file_cc; errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); -errno_t cc_file_create(const char *filename, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type); struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache); @@ -76,6 +67,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, struct sss_creds **saved_creds); errno_t restore_creds(struct sss_creds *saved_creds); +errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, + uid_t uid, gid_t gid, bool private_path); errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid); errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid, const char *ccname, const char *principal); @@ -90,9 +83,6 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, extern struct sss_krb5_cc_be dir_cc; extern struct sss_krb5_cc_be keyring_cc; -errno_t cc_dir_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - #endif /* HAVE_KRB5_CC_COLLECTION */ diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c index dff62ab6..5ea30014 100644 --- a/src/tests/krb5_child-test.c +++ b/src/tests/krb5_child-test.c @@ -287,9 +287,9 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n", kr->ccname, kr->uid, kr->gid)); - ret = kr->krb5_ctx->cc_be->create(kr->ccname, - kr->krb5_ctx->illegal_path_re, - kr->uid, kr->gid, private); + ret = sss_krb5_precreate_ccache(kr->ccname, + kr->krb5_ctx->illegal_path_re, + kr->uid, kr->gid, private); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("create_ccache_dir failed.\n")); goto fail; diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index 4715774f..ea029256 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -117,14 +117,14 @@ START_TEST(test_pub_ccache_dir) ret = chmod(testpath, 0754); fail_unless(ret == EOK, "chmod failed."); - ret = cc_file_create(filename, NULL, 12345, 12345, false); - fail_unless(ret == EINVAL, "cc_file_create does not return EINVAL " + ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false); + fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL " "while x-bit is missing."); ret = chmod(testpath, 0755); fail_unless(ret == EOK, "chmod failed."); - ret = cc_file_create(filename, NULL, 12345, 12345, false); - fail_unless(ret == EOK, "cc_file_create failed."); + ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false); + fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed."); check_dir(subdirname, 0, 0, 01777); RMDIR(subdirname); @@ -158,7 +158,7 @@ START_TEST(test_pub_ccache_dir_in_user_dir) filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname); fail_unless(filename != NULL, "talloc_asprintf failed."); - ret = cc_file_create(filename, NULL, 12345, 12345, false); + ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, false); fail_unless(ret == EINVAL, "Creating public ccache dir in user dir " "does not failed with EINVAL."); @@ -193,14 +193,14 @@ START_TEST(test_priv_ccache_dir) ret = chmod(testpath, 0754); fail_unless(ret == EOK, "chmod failed."); - ret = cc_file_create(filename, NULL, uid, gid, true); - fail_unless(ret == EINVAL, "cc_file_create does not return EINVAL " + ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); + fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL " "while x-bit is missing."); ret = chmod(testpath, 0755); fail_unless(ret == EOK, "chmod failed."); - ret = cc_file_create(filename, NULL, uid, gid, true); - fail_unless(ret == EOK, "cc_file_create failed."); + ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); + fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed."); check_dir(subdir, uid, gid, 0700); RMDIR(subdir); @@ -248,14 +248,14 @@ START_TEST(test_private_ccache_dir_in_user_dir) ret = chmod(user_dir, 0600); fail_unless(ret == EOK, "chmod failed."); - ret = cc_file_create(filename, NULL, uid, gid, true); - fail_unless(ret == EINVAL, "cc_file_create does not return EINVAL " + ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); + fail_unless(ret == EINVAL, "sss_krb5_precreate_ccache does not return EINVAL " "while x-bit is missing."); ret = chmod(user_dir, 0700); fail_unless(ret == EOK, "chmod failed."); - ret = cc_file_create(filename, NULL, uid, gid, true); - fail_unless(ret == EOK, "cc_file_create failed."); + ret = sss_krb5_precreate_ccache(filename, NULL, uid, gid, true); + fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed."); check_dir(dn3, uid, gid, 0700); RMDIR(dn3); @@ -292,7 +292,7 @@ START_TEST(test_private_ccache_dir_in_wrong_user_dir) filename = talloc_asprintf(tmp_ctx, "%s/ccfile", subdirname); fail_unless(filename != NULL, "talloc_asprintf failed."); - ret = cc_file_create(filename, NULL, 12345, 12345, true); + ret = sss_krb5_precreate_ccache(filename, NULL, 12345, 12345, true); fail_unless(ret == EINVAL, "Creating private ccache dir in wrong user " "dir does not failed with EINVAL."); @@ -357,7 +357,6 @@ START_TEST(test_illegal_patterns) } END_TEST -#ifdef HAVE_KRB5_CC_COLLECTION START_TEST(test_cc_dir_create) { char *residual; @@ -386,8 +385,8 @@ START_TEST(test_cc_dir_create) residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir"); fail_unless(residual != NULL, "talloc_asprintf failed."); - ret = cc_dir_create(residual, illegal_re, uid, gid, true); - fail_unless(ret == EOK, "cc_dir_create failed\n"); + ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid, true); + fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n"); ret = rmdir(dirname); if (ret < 0) ret = errno; fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret)); @@ -399,8 +398,8 @@ START_TEST(test_cc_dir_create) residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir/"); fail_unless(residual != NULL, "talloc_asprintf failed."); - ret = cc_dir_create(residual, illegal_re, uid, gid, true); - fail_unless(ret == EOK, "cc_dir_create failed\n"); + ret = sss_krb5_precreate_ccache(residual, illegal_re, uid, gid, true); + fail_unless(ret == EOK, "sss_krb5_precreate_ccache failed\n"); ret = rmdir(dirname); if (ret < 0) ret = errno; fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret)); @@ -408,7 +407,6 @@ START_TEST(test_cc_dir_create) free(cwd); } END_TEST -#endif /* HAVE_KRB5_CC_COLLECTION */ void setup_talloc_context(void) @@ -774,9 +772,7 @@ Suite *krb5_utils_suite (void) tcase_add_checked_fixture (tc_create_dir, setup_create_dir, teardown_create_dir); tcase_add_test (tc_create_dir, test_illegal_patterns); -#ifdef HAVE_KRB5_CC_COLLECTION tcase_add_test (tc_create_dir, test_cc_dir_create); -#endif /* HAVE_KRB5_CC_COLLECTION */ if (getuid() == 0) { tcase_add_test (tc_create_dir, test_priv_ccache_dir); tcase_add_test (tc_create_dir, test_private_ccache_dir_in_user_dir); |