diff options
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 5 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.c | 17 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.c | 22 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.h | 2 |
4 files changed, 22 insertions, 24 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 178f18a3..ca00ce7a 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -60,7 +60,6 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr, const char *realm, bool *active, bool *valid) { struct sss_krb5_cc_be *old_cc_ops; - const char *cc_template; errno_t ret; /* ccache file might be of a different type if the user changed @@ -73,10 +72,8 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr, return EINVAL; } - cc_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL); - ret = old_cc_ops->check_existing(old_ccache, kr->uid, realm, kr->upn, - cc_template, valid); + valid); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, ("Saved ccache %s doesn't exist.\n", old_ccache)); diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index c7ce574d..de7ae0a8 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -144,6 +144,19 @@ static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx, } #endif +static void sss_check_cc_template(const char *cc_template) +{ + size_t template_len; + + template_len = strlen(cc_template); + if (template_len >= 6 && + strcmp(cc_template + (template_len - 6), "XXXXXX") != 0) { + DEBUG(SSSDBG_CONF_SETTINGS, ("ccache file name template [%s] doesn't " + "contain randomizing characters (XXXXXX), file might not " + "be rewritable\n", cc_template)); + } +} + errno_t check_and_export_options(struct dp_option *opts, struct sss_domain_info *dom, struct krb5_ctx *krb5_ctx) @@ -282,6 +295,10 @@ errno_t check_and_export_options(struct dp_option *opts, switch (cc_be) { case SSS_KRB5_TYPE_FILE: DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type FILE\n")); + /* warn if the file type (which is usally created in a sticky bit + * laden directory) does not have randomizing chracters */ + sss_check_cc_template(ccname); + krb5_ctx->cc_be = &file_cc; if (ccname[0] != '/') { /* FILE:/path/to/cc */ diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 7f2ca2d5..b174462e 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -1122,24 +1122,10 @@ cc_residual_exists(uid_t uid, const char *ccname, return EOK; } -static void -cc_check_template(const char *cc_template) -{ - size_t template_len; - - template_len = strlen(cc_template); - if (template_len >= 6 && - strcmp(cc_template + (template_len - 6), "XXXXXX") != 0) { - DEBUG(SSSDBG_CONF_SETTINGS, ("ccache file name template [%s] doesn't " - "contain randomizing characters (XXXXXX), file might not " - "be rewritable\n", cc_template)); - } -} - errno_t cc_file_check_existing(const char *location, uid_t uid, const char *realm, const char *princ, - const char *cc_template, bool *_valid) + bool *_valid) { errno_t ret; bool valid; @@ -1162,7 +1148,6 @@ cc_file_check_existing(const char *location, uid_t uid, DEBUG(SSSDBG_OP_FAILURE, ("Could not check if ccache is active.\n")); } - cc_check_template(cc_template); return ret; } @@ -1201,7 +1186,7 @@ cc_dir_create(const char *location, pcre *illegal_re, errno_t cc_dir_check_existing(const char *location, uid_t uid, const char *realm, const char *princ, - const char *cc_template, bool *_valid) + bool *_valid) { bool valid; enum sss_krb5_cc_type type; @@ -1262,7 +1247,6 @@ cc_dir_check_existing(const char *location, uid_t uid, DEBUG(SSSDBG_OP_FAILURE, ("Could not check if ccache is active.\n")); } - cc_check_template(cc_template); goto done; } @@ -1326,7 +1310,7 @@ cc_keyring_create(const char *location, pcre *illegal_re, errno_t cc_keyring_check_existing(const char *location, uid_t uid, const char *realm, const char *princ, - const char *cc_template, bool *_valid) + bool *_valid) { errno_t ret; bool valid; diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index ca332058..e2416662 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -47,7 +47,7 @@ typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); typedef errno_t (*cc_be_check_existing)(const char *location, uid_t uid, const char *realm, const char *princ, - const char *cc_template, bool *valid); + bool *valid); /* A ccache back end */ struct sss_krb5_cc_be { |