diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 26 | ||||
-rw-r--r-- | src/providers/krb5/krb5_auth.h | 1 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.c | 52 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.h | 2 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.c | 60 | ||||
-rw-r--r-- | src/providers/krb5/krb5_utils.h | 17 | ||||
-rw-r--r-- | src/tests/krb5_child-test.c | 23 |
7 files changed, 14 insertions, 167 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index d2c53f98..1585f709 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -324,15 +324,6 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, return ENOMEM; } - if (kr->cc_be == NULL) { - kr->cc_be = get_cc_be_ops_ccache(kr->ccname); - } - if (kr->cc_be == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Cannot get operations on new ccache %s\n", kr->ccname)); - return EINVAL; - } - ret = sss_krb5_precreate_ccache(kr->ccname, kr->krb5_ctx->illegal_path_re, kr->uid, kr->gid, private_path); @@ -340,19 +331,6 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr, DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n")); return ret; } - } else { - DEBUG(SSSDBG_MINOR_FAILURE, - ("Saved ccache %s if of different type than ccache in " - "configuration file, reusing the old ccache\n", - kr->old_ccname)); - - kr->cc_be = get_cc_be_ops_ccache(kr->old_ccname); - if (kr->cc_be == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Cannot get operations on saved ccache %s\n", - kr->old_ccname)); - return EINVAL; - } } return EOK; @@ -614,10 +592,6 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, goto done; } - /* The type of the ccache might change during the request if we - * end up reusing an old ccache */ - kr->cc_be = krb5_ctx->cc_be; - ccache_file = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CCACHE_FILE, NULL); diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h index d31925da..022dc9b7 100644 --- a/src/providers/krb5/krb5_auth.h +++ b/src/providers/krb5/krb5_auth.h @@ -41,7 +41,6 @@ struct krb5child_req { struct pam_data *pd; struct krb5_ctx *krb5_ctx; - struct sss_krb5_cc_be *cc_be; const char *ccname; const char *old_ccname; const char *homedir; diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index de7ae0a8..dedb734f 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -167,7 +167,6 @@ errno_t check_and_export_options(struct dp_option *opts, const char *dummy; char *use_fast_str; char *fast_principal; - enum sss_krb5_cc_type cc_be; char *ccname; tmp_ctx = talloc_new(NULL); @@ -291,53 +290,30 @@ errno_t check_and_export_options(struct dp_option *opts, } } - cc_be = sss_krb5_get_type(ccname); - switch (cc_be) { - case SSS_KRB5_TYPE_FILE: + if ((ccname[0] == '/') || (strncmp(ccname, "FILE:", 5) == 0)) { DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type FILE\n")); /* warn if the file type (which is usally created in a sticky bit * laden directory) does not have randomizing chracters */ sss_check_cc_template(ccname); - krb5_ctx->cc_be = &file_cc; - if (ccname[0] != '/') { - /* FILE:/path/to/cc */ - break; - } - - DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was " + if (ccname[0] == '/') { + /* /path/to/cc prepend FILE: */ + DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was " "missing an explicit type, but is an absolute " "path specifier. Assuming FILE:\n")); - ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname); - if (!ccname) { - ret = ENOMEM; - goto done; - } + ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname); + if (!ccname) { + ret = ENOMEM; + goto done; + } - ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n")); - goto done; + ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n")); + goto done; + } } - break; - -#ifdef HAVE_KRB5_CC_COLLECTION - case SSS_KRB5_TYPE_DIR: - DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type DIR\n")); - krb5_ctx->cc_be = &dir_cc; - break; - - case SSS_KRB5_TYPE_KEYRING: - DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type KEYRING\n")); - krb5_ctx->cc_be = &keyring_cc; - break; -#endif /* HAVE_KRB5_CC_COLLECTION */ - - default: - DEBUG(SSSDBG_OP_FAILURE, ("Unknown ccname database\n")); - ret = EINVAL; - goto done; } ret = EOK; diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index e56bd496..eac0d6b1 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -89,7 +89,6 @@ struct krb5_service { struct fo_service; struct deferred_auth_ctx; struct renew_tgt_ctx; -struct sss_krb5_cc_be; enum krb5_config_type { K5C_GENERIC, @@ -127,7 +126,6 @@ struct krb5_ctx { struct krb5_service *kpasswd_service; int child_debug_fd; - struct sss_krb5_cc_be *cc_be; pcre *illegal_path_re; struct deferred_auth_ctx *deferred_auth_ctx; diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 83e61e14..d0ccd2d7 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -1039,66 +1039,6 @@ done: } -/*======== ccache back end utilities ========*/ -struct sss_krb5_cc_be * -get_cc_be_ops(enum sss_krb5_cc_type type) -{ - struct sss_krb5_cc_be *be = NULL; - - switch (type) { - case SSS_KRB5_TYPE_FILE: - be = &file_cc; - break; - -#ifdef HAVE_KRB5_CC_COLLECTION - case SSS_KRB5_TYPE_DIR: - be = &dir_cc; - break; - - case SSS_KRB5_TYPE_KEYRING: - be = &keyring_cc; - break; -#endif /* HAVE_KRB5_CC_COLLECTION */ - - case SSS_KRB5_TYPE_UNKNOWN: - be = NULL; - break; - } - - return be; -} - -struct sss_krb5_cc_be * -get_cc_be_ops_ccache(const char *ccache) -{ - enum sss_krb5_cc_type type; - - type = sss_krb5_get_type(ccache); - return get_cc_be_ops(type); -} - -/*======== Operations on the FILE: back end ========*/ - -struct sss_krb5_cc_be file_cc = { - .type = SSS_KRB5_TYPE_FILE, -}; - -#ifdef HAVE_KRB5_CC_COLLECTION -/*======== Operations on the DIR: back end ========*/ - -struct sss_krb5_cc_be dir_cc = { - .type = SSS_KRB5_TYPE_DIR, -}; - - -/*======== Operations on the KEYRING: back end ========*/ - -struct sss_krb5_cc_be keyring_cc = { - .type = SSS_KRB5_TYPE_KEYRING, -}; - -#endif /* HAVE_KRB5_CC_COLLECTION */ - errno_t get_domain_or_subdomain(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char *domain_name, struct sss_domain_info **dom) diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index 5f720335..e41309e7 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -42,19 +42,9 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb, const char *user, const char *upn); -/* A ccache back end */ -struct sss_krb5_cc_be { - enum sss_krb5_cc_type type; -}; - -extern struct sss_krb5_cc_be file_cc; - errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); -struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type); -struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache); - char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, const char *template, bool file_mode, bool case_sensitive, bool *private_path); @@ -78,13 +68,6 @@ errno_t sss_krb5_cc_verify_ccache(const char *ccname, uid_t uid, gid_t gid, errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, struct tgt_times *tgtt); -#ifdef HAVE_KRB5_CC_COLLECTION - -extern struct sss_krb5_cc_be dir_cc; -extern struct sss_krb5_cc_be keyring_cc; - -#endif /* HAVE_KRB5_CC_COLLECTION */ - errno_t get_domain_or_subdomain(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char *domain_name, diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c index 5ea30014..c32ccc31 100644 --- a/src/tests/krb5_child-test.c +++ b/src/tests/krb5_child-test.c @@ -196,7 +196,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, const char *ccname, const char *ccname_template, int timeout) { - enum sss_krb5_cc_type cc_be; struct krb5child_req *kr; struct passwd *pwd; bool private = false; @@ -262,28 +261,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, } if (!kr->ccname) goto fail; - cc_be = sss_krb5_get_type(kr->ccname); - switch (cc_be) { - case SSS_KRB5_TYPE_FILE: - kr->krb5_ctx->cc_be = &file_cc; - break; -#ifdef HAVE_KRB5_CC_COLLECTION - case SSS_KRB5_TYPE_DIR: - kr->krb5_ctx->cc_be = &dir_cc; - break; -#endif /* HAVE_KRB5_CC_COLLECTION */ - default: - if (tmpl[0] != '/') { - DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n")); - ret = EINVAL; - goto fail; - } - DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was " - "missing an explicit type, but looks like an absolute " - "path specifier. Assuming FILE:\n")); - kr->krb5_ctx->cc_be = &file_cc; - break; - } DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n", kr->ccname, kr->uid, kr->gid)); |