From 8fe574521b7f8b14e17aea1d9afb471b80761b83 Mon Sep 17 00:00:00 2001
From: Ondrej Kos <okos@redhat.com>
Date: Tue, 2 Oct 2012 18:56:39 +0200
Subject: Log possibly non-randomizable ccache file template

fixes https://fedorahosted.org/sssd/ticket/1533

ccache file template is now checked for appended XXXXXX for use with
mkstemp. When those characters are not present, warning is written to log.
---
 src/providers/krb5/krb5_auth.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/providers/krb5/krb5_auth.c')

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index a305bb69..e244cea5 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -88,6 +88,7 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
                  const char *realm, bool *active, bool *valid)
 {
     struct sss_krb5_cc_be *old_cc_ops;
+    const char *cc_template;
     errno_t ret;
 
     /* ccache file might be of a different type if the user changed
@@ -100,8 +101,10 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
         return EINVAL;
     }
 
-    ret = old_cc_ops->check_existing(old_ccache, kr->uid, realm,
-                                     kr->upn, active, valid);
+    cc_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
+
+    ret = old_cc_ops->check_existing(old_ccache, kr->uid, realm, kr->upn,
+                                     cc_template, active, valid);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE,
               ("Cannot check if saved ccache %s is active and valid\n",
-- 
cgit