From 1536e39c191a013bc50bb6fd4b8eaef11cf0d436 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 30 Aug 2013 00:58:24 -0400 Subject: krb5: Replace type-specific ccache/principal check Instead of having duplicate functions that are type custom use a signle common function that also performs access to the cache as the user owner, implicitly validating correctness of ownership. Resolves: https://fedorahosted.org/sssd/ticket/2061 --- src/providers/krb5/krb5_auth.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'src/providers/krb5/krb5_auth.c') diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 5d33dddb..976fdec0 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -837,7 +837,6 @@ static void krb5_auth_done(struct tevent_req *subreq) uint8_t *buf = NULL; ssize_t len = -1; struct krb5_child_response *res; - const char *store_ccname; struct fo_server *search_srv; krb5_deltat renew_interval_delta; char *renew_interval_str; @@ -1076,17 +1075,15 @@ static void krb5_auth_done(struct tevent_req *subreq) goto done; } - store_ccname = kr->cc_be->ccache_for_princ(kr, kr->ccname, - kr->upn); - if (store_ccname == NULL) { + ret = sss_krb5_check_ccache_princ(kr->uid, kr->gid, kr->ccname, kr->upn); + if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ccache for %s in %s?\n", kr->upn, kr->ccname)); - ret = EIO; goto done; } if (kr->old_ccname) { - ret = safe_remove_old_ccache_file(kr->old_ccname, store_ccname, + ret = safe_remove_old_ccache_file(kr->old_ccname, kr->ccname, kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -1096,7 +1093,7 @@ static void krb5_auth_done(struct tevent_req *subreq) } ret = krb5_save_ccname(state, state->sysdb, state->domain, - pd->user, store_ccname); + pd->user, kr->ccname); if (ret) { DEBUG(1, ("krb5_save_ccname failed.\n")); goto done; -- cgit