diff options
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 6 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.c | 71 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.h | 14 |
3 files changed, 22 insertions, 69 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 1ea179be..d2c53f98 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -333,9 +333,9 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, return EINVAL; } - ret = kr->cc_be->create(kr->ccname, - kr->krb5_ctx->illegal_path_re, - kr->uid, kr->gid, private_path); + ret = sss_krb5_precreate_ccache(kr->ccname, + kr->krb5_ctx->illegal_path_re, + kr->uid, kr->gid, private_path); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n")); return ret; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index c4849e74..83e61e14 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -722,19 +722,31 @@ done: return EOK; } -static errno_t -create_ccache_dir_head(const char *parent, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) +errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, + uid_t uid, gid_t gid, bool private_path) { - char *ccdirname; TALLOC_CTX *tmp_ctx = NULL; + const char *filename; + char *ccdirname; char *end; errno_t ret; + if (ccname[0] == '/') { + filename = ccname; + } else if (strncmp(ccname, "FILE:", 5) == 0) { + filename = ccname + 5; + } else if (strncmp(ccname, "DIR:", 4) == 0) { + filename = ccname + 4; + } else { + /* only FILE and DIR types need precreation so far, we ignore any + * other type */ + return EOK; + } + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; - ccdirname = talloc_strdup(tmp_ctx, parent); + ccdirname = talloc_strdup(tmp_ctx, filename); if (ccdirname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup failed.\n")); ret = ENOMEM; @@ -1066,72 +1078,23 @@ get_cc_be_ops_ccache(const char *ccache) } /*======== Operations on the FILE: back end ========*/ -errno_t -cc_file_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) -{ - const char *filename; - - filename = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_FILE); - if (filename == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("Bad ccache type %s\n", location)); - return EINVAL; - } - - return create_ccache_dir_head(filename, illegal_re, uid, gid, private_path); -} struct sss_krb5_cc_be file_cc = { .type = SSS_KRB5_TYPE_FILE, - .create = cc_file_create, }; #ifdef HAVE_KRB5_CC_COLLECTION /*======== Operations on the DIR: back end ========*/ -errno_t -cc_dir_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) -{ - const char *dir_name; - - dir_name = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_DIR); - if (dir_name == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Bad residual type\n")); - return EINVAL; - } - - return create_ccache_dir_head(dir_name, illegal_re, uid, gid, private_path); -} struct sss_krb5_cc_be dir_cc = { .type = SSS_KRB5_TYPE_DIR, - .create = cc_dir_create, }; /*======== Operations on the KEYRING: back end ========*/ -errno_t -cc_keyring_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path) -{ - const char *residual; - - residual = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_KEYRING); - if (residual == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("Bad ccache type %s\n", location)); - return EINVAL; - } - - /* No special steps are needed to create a kernel keyring. - * Everything is handled in libkrb5. - */ - return EOK; -} - struct sss_krb5_cc_be keyring_cc = { .type = SSS_KRB5_TYPE_KEYRING, - .create = cc_keyring_create, }; #endif /* HAVE_KRB5_CC_COLLECTION */ diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index b364f87a..5f720335 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -42,15 +42,9 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb, const char *user, const char *upn); -/* Operations on a credential cache */ -typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - /* A ccache back end */ struct sss_krb5_cc_be { enum sss_krb5_cc_type type; - - cc_be_create_fn create; }; extern struct sss_krb5_cc_be file_cc; @@ -58,9 +52,6 @@ extern struct sss_krb5_cc_be file_cc; errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); -errno_t cc_file_create(const char *filename, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type); struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache); @@ -76,6 +67,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, struct sss_creds **saved_creds); errno_t restore_creds(struct sss_creds *saved_creds); +errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, + uid_t uid, gid_t gid, bool private_path); errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid); errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid, const char *ccname, const char *principal); @@ -90,9 +83,6 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, extern struct sss_krb5_cc_be dir_cc; extern struct sss_krb5_cc_be keyring_cc; -errno_t cc_dir_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - #endif /* HAVE_KRB5_CC_COLLECTION */ |