summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/krb5/krb5_auth.c6
-rw-r--r--src/providers/krb5/krb5_utils.c71
-rw-r--r--src/providers/krb5/krb5_utils.h14
3 files changed, 22 insertions, 69 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 1ea179be..d2c53f98 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -333,9 +333,9 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
return EINVAL;
}
- ret = kr->cc_be->create(kr->ccname,
- kr->krb5_ctx->illegal_path_re,
- kr->uid, kr->gid, private_path);
+ ret = sss_krb5_precreate_ccache(kr->ccname,
+ kr->krb5_ctx->illegal_path_re,
+ kr->uid, kr->gid, private_path);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n"));
return ret;
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index c4849e74..83e61e14 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -722,19 +722,31 @@ done:
return EOK;
}
-static errno_t
-create_ccache_dir_head(const char *parent, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path)
+errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
+ uid_t uid, gid_t gid, bool private_path)
{
- char *ccdirname;
TALLOC_CTX *tmp_ctx = NULL;
+ const char *filename;
+ char *ccdirname;
char *end;
errno_t ret;
+ if (ccname[0] == '/') {
+ filename = ccname;
+ } else if (strncmp(ccname, "FILE:", 5) == 0) {
+ filename = ccname + 5;
+ } else if (strncmp(ccname, "DIR:", 4) == 0) {
+ filename = ccname + 4;
+ } else {
+ /* only FILE and DIR types need precreation so far, we ignore any
+ * other type */
+ return EOK;
+ }
+
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
- ccdirname = talloc_strdup(tmp_ctx, parent);
+ ccdirname = talloc_strdup(tmp_ctx, filename);
if (ccdirname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n"));
ret = ENOMEM;
@@ -1066,72 +1078,23 @@ get_cc_be_ops_ccache(const char *ccache)
}
/*======== Operations on the FILE: back end ========*/
-errno_t
-cc_file_create(const char *location, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path)
-{
- const char *filename;
-
- filename = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_FILE);
- if (filename == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("Bad ccache type %s\n", location));
- return EINVAL;
- }
-
- return create_ccache_dir_head(filename, illegal_re, uid, gid, private_path);
-}
struct sss_krb5_cc_be file_cc = {
.type = SSS_KRB5_TYPE_FILE,
- .create = cc_file_create,
};
#ifdef HAVE_KRB5_CC_COLLECTION
/*======== Operations on the DIR: back end ========*/
-errno_t
-cc_dir_create(const char *location, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path)
-{
- const char *dir_name;
-
- dir_name = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_DIR);
- if (dir_name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Bad residual type\n"));
- return EINVAL;
- }
-
- return create_ccache_dir_head(dir_name, illegal_re, uid, gid, private_path);
-}
struct sss_krb5_cc_be dir_cc = {
.type = SSS_KRB5_TYPE_DIR,
- .create = cc_dir_create,
};
/*======== Operations on the KEYRING: back end ========*/
-errno_t
-cc_keyring_create(const char *location, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path)
-{
- const char *residual;
-
- residual = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_KEYRING);
- if (residual == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("Bad ccache type %s\n", location));
- return EINVAL;
- }
-
- /* No special steps are needed to create a kernel keyring.
- * Everything is handled in libkrb5.
- */
- return EOK;
-}
-
struct sss_krb5_cc_be keyring_cc = {
.type = SSS_KRB5_TYPE_KEYRING,
- .create = cc_keyring_create,
};
#endif /* HAVE_KRB5_CC_COLLECTION */
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index b364f87a..5f720335 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -42,15 +42,9 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb,
const char *user,
const char *upn);
-/* Operations on a credential cache */
-typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path);
-
/* A ccache back end */
struct sss_krb5_cc_be {
enum sss_krb5_cc_type type;
-
- cc_be_create_fn create;
};
extern struct sss_krb5_cc_be file_cc;
@@ -58,9 +52,6 @@ extern struct sss_krb5_cc_be file_cc;
errno_t create_ccache_dir(const char *dirname, pcre *illegal_re,
uid_t uid, gid_t gid, bool private_path);
-errno_t cc_file_create(const char *filename, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path);
-
struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type);
struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache);
@@ -76,6 +67,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
struct sss_creds **saved_creds);
errno_t restore_creds(struct sss_creds *saved_creds);
+errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re,
+ uid_t uid, gid_t gid, bool private_path);
errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid);
errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid,
const char *ccname, const char *principal);
@@ -90,9 +83,6 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
extern struct sss_krb5_cc_be dir_cc;
extern struct sss_krb5_cc_be keyring_cc;
-errno_t cc_dir_create(const char *location, pcre *illegal_re,
- uid_t uid, gid_t gid, bool private_path);
-
#endif /* HAVE_KRB5_CC_COLLECTION */