summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_auth.c5
-rw-r--r--src/providers/krb5/krb5_common.c17
-rw-r--r--src/providers/krb5/krb5_utils.c22
-rw-r--r--src/providers/krb5/krb5_utils.h2
4 files changed, 22 insertions, 24 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 178f18a3..ca00ce7a 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -60,7 +60,6 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
const char *realm, bool *active, bool *valid)
{
struct sss_krb5_cc_be *old_cc_ops;
- const char *cc_template;
errno_t ret;
/* ccache file might be of a different type if the user changed
@@ -73,10 +72,8 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
return EINVAL;
}
- cc_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
-
ret = old_cc_ops->check_existing(old_ccache, kr->uid, realm, kr->upn,
- cc_template, valid);
+ valid);
if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_FUNC,
("Saved ccache %s doesn't exist.\n", old_ccache));
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index c7ce574d..de7ae0a8 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -144,6 +144,19 @@ static errno_t sss_get_system_ccname_template(TALLOC_CTX *mem_ctx,
}
#endif
+static void sss_check_cc_template(const char *cc_template)
+{
+ size_t template_len;
+
+ template_len = strlen(cc_template);
+ if (template_len >= 6 &&
+ strcmp(cc_template + (template_len - 6), "XXXXXX") != 0) {
+ DEBUG(SSSDBG_CONF_SETTINGS, ("ccache file name template [%s] doesn't "
+ "contain randomizing characters (XXXXXX), file might not "
+ "be rewritable\n", cc_template));
+ }
+}
+
errno_t check_and_export_options(struct dp_option *opts,
struct sss_domain_info *dom,
struct krb5_ctx *krb5_ctx)
@@ -282,6 +295,10 @@ errno_t check_and_export_options(struct dp_option *opts,
switch (cc_be) {
case SSS_KRB5_TYPE_FILE:
DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type FILE\n"));
+ /* warn if the file type (which is usally created in a sticky bit
+ * laden directory) does not have randomizing chracters */
+ sss_check_cc_template(ccname);
+
krb5_ctx->cc_be = &file_cc;
if (ccname[0] != '/') {
/* FILE:/path/to/cc */
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 7f2ca2d5..b174462e 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -1122,24 +1122,10 @@ cc_residual_exists(uid_t uid, const char *ccname,
return EOK;
}
-static void
-cc_check_template(const char *cc_template)
-{
- size_t template_len;
-
- template_len = strlen(cc_template);
- if (template_len >= 6 &&
- strcmp(cc_template + (template_len - 6), "XXXXXX") != 0) {
- DEBUG(SSSDBG_CONF_SETTINGS, ("ccache file name template [%s] doesn't "
- "contain randomizing characters (XXXXXX), file might not "
- "be rewritable\n", cc_template));
- }
-}
-
errno_t
cc_file_check_existing(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *_valid)
+ bool *_valid)
{
errno_t ret;
bool valid;
@@ -1162,7 +1148,6 @@ cc_file_check_existing(const char *location, uid_t uid,
DEBUG(SSSDBG_OP_FAILURE,
("Could not check if ccache is active.\n"));
}
- cc_check_template(cc_template);
return ret;
}
@@ -1201,7 +1186,7 @@ cc_dir_create(const char *location, pcre *illegal_re,
errno_t
cc_dir_check_existing(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *_valid)
+ bool *_valid)
{
bool valid;
enum sss_krb5_cc_type type;
@@ -1262,7 +1247,6 @@ cc_dir_check_existing(const char *location, uid_t uid,
DEBUG(SSSDBG_OP_FAILURE,
("Could not check if ccache is active.\n"));
}
- cc_check_template(cc_template);
goto done;
}
@@ -1326,7 +1310,7 @@ cc_keyring_create(const char *location, pcre *illegal_re,
errno_t
cc_keyring_check_existing(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *_valid)
+ bool *_valid)
{
errno_t ret;
bool valid;
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index ca332058..e2416662 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -47,7 +47,7 @@ typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re,
uid_t uid, gid_t gid, bool private_path);
typedef errno_t (*cc_be_check_existing)(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *valid);
+ bool *valid);
/* A ccache back end */
struct sss_krb5_cc_be {