From fe1afaccc7c9a99df823a7c44cd89fc3c619715a Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 23 Aug 2013 14:23:33 -0400 Subject: KRB5: Remove unnecessary call to become_user() By the time that the create_ccache_in_dir() routine is called, we are already guaranteed to have dropped privileges. This has either happened because we dropped them before the exec() in the normal operation case or because we dropped them explicitly after we completed the TGT validation step if that or FAST is configured. --- src/providers/krb5/krb5_child.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 8fce600f..3fd12fec 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -722,12 +722,6 @@ create_ccache_in_dir(uid_t uid, gid_t gid, return EIO; } - kerr = become_user(uid, gid); - if (kerr != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("become_user failed.\n")); - goto done; - } - if (dirname[0] == ':') { /* Cache name in the form of DIR::filepath represents a single * ccache in a collection that we are trying to reuse. -- cgit