diff options
Diffstat (limited to 'src/providers/krb5')
-rw-r--r-- | src/providers/krb5/krb5_child.c | 73 |
1 files changed, 69 insertions, 4 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 588c6d64..9480d2b3 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -436,6 +436,69 @@ done: return kerr; } +#ifdef HAVE_KRB5_DIRCACHE +static bool need_switch_to_principal(krb5_context ctx, krb5_principal princ) +{ + krb5_error_code kerr; + krb5_ccache default_cc = NULL; + krb5_principal default_princ = NULL; + char *default_full_name = NULL; + char *full_name = NULL; + bool ret = false; + + kerr = krb5_cc_default(ctx, &default_cc); + if (kerr !=0) { + KRB5_CHILD_DEBUG(SSSDBG_TRACE_INTERNAL, kerr); + goto done; + } + + kerr = krb5_cc_get_principal(ctx, default_cc, &default_princ); + if (kerr == KRB5_FCC_NOFILE) { + /* There is not any default cache. */ + ret = true; + goto done; + } else if (kerr != 0) { + KRB5_CHILD_DEBUG(SSSDBG_TRACE_INTERNAL, kerr); + goto done; + } + + kerr = krb5_unparse_name(ctx, default_princ, &default_full_name); + if (kerr !=0) { + KRB5_CHILD_DEBUG(SSSDBG_TRACE_INTERNAL, kerr); + goto done; + } + + kerr = krb5_unparse_name(ctx, princ, &full_name); + if (kerr !=0) { + KRB5_CHILD_DEBUG(SSSDBG_TRACE_INTERNAL, kerr); + goto done; + } + + DEBUG(SSSDBG_FUNC_DATA, + ("Comparing default principal [%s] and new principal [%s].\n", + default_full_name, full_name)); + if (0 == strcmp(default_full_name, full_name)) { + ret = true; + } + +done: + if (default_cc != NULL) { + kerr = krb5_cc_close(ctx, default_cc); + if (kerr != 0) { + KRB5_CHILD_DEBUG(SSSDBG_OP_FAILURE, kerr); + goto done; + } + } + + /* all functions can be safely called with NULL. */ + krb5_free_principal(ctx, default_princ); + krb5_free_unparsed_name(ctx, default_full_name); + krb5_free_unparsed_name(ctx, full_name); + + return ret; +} +#endif /* HAVE_KRB5_DIRCACHE */ + static krb5_error_code store_creds_in_ccache(krb5_context ctx, krb5_principal princ, krb5_ccache cc, krb5_creds *creds) @@ -466,10 +529,12 @@ store_creds_in_ccache(krb5_context ctx, krb5_principal princ, } #ifdef HAVE_KRB5_DIRCACHE - kerr = krb5_cc_switch(ctx, cc); - if (kerr != 0) { - KRB5_CHILD_DEBUG(SSSDBG_OP_FAILURE, kerr); - goto done; + if (need_switch_to_principal(ctx, princ)) { + kerr = krb5_cc_switch(ctx, cc); + if (kerr != 0) { + KRB5_CHILD_DEBUG(SSSDBG_OP_FAILURE, kerr); + goto done; + } } #endif /* HAVE_KRB5_DIRCACHE */ |