summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_auth.c26
-rw-r--r--src/providers/krb5/krb5_auth.h1
-rw-r--r--src/providers/krb5/krb5_common.c52
-rw-r--r--src/providers/krb5/krb5_common.h2
-rw-r--r--src/providers/krb5/krb5_utils.c60
-rw-r--r--src/providers/krb5/krb5_utils.h17
-rw-r--r--src/tests/krb5_child-test.c23
7 files changed, 14 insertions, 167 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index d2c53f98..1585f709 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -324,15 +324,6 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
return ENOMEM;
}
- if (kr->cc_be == NULL) {
- kr->cc_be = get_cc_be_ops_ccache(kr->ccname);
- }
- if (kr->cc_be == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("Cannot get operations on new ccache %s\n", kr->ccname));
- return EINVAL;
- }
-
ret = sss_krb5_precreate_ccache(kr->ccname,
kr->krb5_ctx->illegal_path_re,
kr->uid, kr->gid, private_path);
@@ -340,19 +331,6 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n"));
return ret;
}
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Saved ccache %s if of different type than ccache in "
- "configuration file, reusing the old ccache\n",
- kr->old_ccname));
-
- kr->cc_be = get_cc_be_ops_ccache(kr->old_ccname);
- if (kr->cc_be == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("Cannot get operations on saved ccache %s\n",
- kr->old_ccname));
- return EINVAL;
- }
}
return EOK;
@@ -614,10 +592,6 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
goto done;
}
- /* The type of the ccache might change during the request if we
- * end up reusing an old ccache */
- kr->cc_be = krb5_ctx->cc_be;
-
ccache_file = ldb_msg_find_attr_as_string(res->msgs[0],
SYSDB_CCACHE_FILE,
NULL);
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index d31925da..022dc9b7 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -41,7 +41,6 @@ struct krb5child_req {
struct pam_data *pd;
struct krb5_ctx *krb5_ctx;
- struct sss_krb5_cc_be *cc_be;
const char *ccname;
const char *old_ccname;
const char *homedir;
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index de7ae0a8..dedb734f 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -167,7 +167,6 @@ errno_t check_and_export_options(struct dp_option *opts,
const char *dummy;
char *use_fast_str;
char *fast_principal;
- enum sss_krb5_cc_type cc_be;
char *ccname;
tmp_ctx = talloc_new(NULL);
@@ -291,53 +290,30 @@ errno_t check_and_export_options(struct dp_option *opts,
}
}
- cc_be = sss_krb5_get_type(ccname);
- switch (cc_be) {
- case SSS_KRB5_TYPE_FILE:
+ if ((ccname[0] == '/') || (strncmp(ccname, "FILE:", 5) == 0)) {
DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type FILE\n"));
/* warn if the file type (which is usally created in a sticky bit
* laden directory) does not have randomizing chracters */
sss_check_cc_template(ccname);
- krb5_ctx->cc_be = &file_cc;
- if (ccname[0] != '/') {
- /* FILE:/path/to/cc */
- break;
- }
-
- DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was "
+ if (ccname[0] == '/') {
+ /* /path/to/cc prepend FILE: */
+ DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was "
"missing an explicit type, but is an absolute "
"path specifier. Assuming FILE:\n"));
- ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname);
- if (!ccname) {
- ret = ENOMEM;
- goto done;
- }
+ ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname);
+ if (!ccname) {
+ ret = ENOMEM;
+ goto done;
+ }
- ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n"));
- goto done;
+ ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n"));
+ goto done;
+ }
}
- break;
-
-#ifdef HAVE_KRB5_CC_COLLECTION
- case SSS_KRB5_TYPE_DIR:
- DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type DIR\n"));
- krb5_ctx->cc_be = &dir_cc;
- break;
-
- case SSS_KRB5_TYPE_KEYRING:
- DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type KEYRING\n"));
- krb5_ctx->cc_be = &keyring_cc;
- break;
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
- default:
- DEBUG(SSSDBG_OP_FAILURE, ("Unknown ccname database\n"));
- ret = EINVAL;
- goto done;
}
ret = EOK;
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index e56bd496..eac0d6b1 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -89,7 +89,6 @@ struct krb5_service {
struct fo_service;
struct deferred_auth_ctx;
struct renew_tgt_ctx;
-struct sss_krb5_cc_be;
enum krb5_config_type {
K5C_GENERIC,
@@ -127,7 +126,6 @@ struct krb5_ctx {
struct krb5_service *kpasswd_service;
int child_debug_fd;
- struct sss_krb5_cc_be *cc_be;
pcre *illegal_path_re;
struct deferred_auth_ctx *deferred_auth_ctx;
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 83e61e14..d0ccd2d7 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -1039,66 +1039,6 @@ done:
}
-/*======== ccache back end utilities ========*/
-struct sss_krb5_cc_be *
-get_cc_be_ops(enum sss_krb5_cc_type type)
-{
- struct sss_krb5_cc_be *be = NULL;
-
- switch (type) {
- case SSS_KRB5_TYPE_FILE:
- be = &file_cc;
- break;
-
-#ifdef HAVE_KRB5_CC_COLLECTION
- case SSS_KRB5_TYPE_DIR:
- be = &dir_cc;
- break;
-
- case SSS_KRB5_TYPE_KEYRING:
- be = &keyring_cc;
- break;
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
- case SSS_KRB5_TYPE_UNKNOWN:
- be = NULL;
- break;
- }
-
- return be;
-}
-
-struct sss_krb5_cc_be *
-get_cc_be_ops_ccache(const char *ccache)
-{
- enum sss_krb5_cc_type type;
-
- type = sss_krb5_get_type(ccache);
- return get_cc_be_ops(type);
-}
-
-/*======== Operations on the FILE: back end ========*/
-
-struct sss_krb5_cc_be file_cc = {
- .type = SSS_KRB5_TYPE_FILE,
-};
-
-#ifdef HAVE_KRB5_CC_COLLECTION
-/*======== Operations on the DIR: back end ========*/
-
-struct sss_krb5_cc_be dir_cc = {
- .type = SSS_KRB5_TYPE_DIR,
-};
-
-
-/*======== Operations on the KEYRING: back end ========*/
-
-struct sss_krb5_cc_be keyring_cc = {
- .type = SSS_KRB5_TYPE_KEYRING,
-};
-
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
errno_t get_domain_or_subdomain(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx,
char *domain_name,
struct sss_domain_info **dom)
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index 5f720335..e41309e7 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -42,19 +42,9 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb,
const char *user,
const char *upn);
-/* A ccache back end */
-struct sss_krb5_cc_be {
- enum sss_krb5_cc_type type;
-};
-
-extern struct sss_krb5_cc_be file_cc;
-
errno_t create_ccache_dir(const char *dirname, pcre *illegal_re,
uid_t uid, gid_t gid, bool private_path);
-struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type);
-struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache);
-
char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
const char *template, bool file_mode,
bool case_sensitive, bool *private_path);
@@ -78,13 +68,6 @@ errno_t sss_krb5_cc_verify_ccache(const char *ccname, uid_t uid, gid_t gid,
errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
struct tgt_times *tgtt);
-#ifdef HAVE_KRB5_CC_COLLECTION
-
-extern struct sss_krb5_cc_be dir_cc;
-extern struct sss_krb5_cc_be keyring_cc;
-
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
errno_t get_domain_or_subdomain(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx,
char *domain_name,
diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
index 5ea30014..c32ccc31 100644
--- a/src/tests/krb5_child-test.c
+++ b/src/tests/krb5_child-test.c
@@ -196,7 +196,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
const char *ccname, const char *ccname_template,
int timeout)
{
- enum sss_krb5_cc_type cc_be;
struct krb5child_req *kr;
struct passwd *pwd;
bool private = false;
@@ -262,28 +261,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
}
if (!kr->ccname) goto fail;
- cc_be = sss_krb5_get_type(kr->ccname);
- switch (cc_be) {
- case SSS_KRB5_TYPE_FILE:
- kr->krb5_ctx->cc_be = &file_cc;
- break;
-#ifdef HAVE_KRB5_CC_COLLECTION
- case SSS_KRB5_TYPE_DIR:
- kr->krb5_ctx->cc_be = &dir_cc;
- break;
-#endif /* HAVE_KRB5_CC_COLLECTION */
- default:
- if (tmpl[0] != '/') {
- DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n"));
- ret = EINVAL;
- goto fail;
- }
- DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was "
- "missing an explicit type, but looks like an absolute "
- "path specifier. Assuming FILE:\n"));
- kr->krb5_ctx->cc_be = &file_cc;
- break;
- }
DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n",
kr->ccname, kr->uid, kr->gid));