From 5dc3b01fd9b2fa244e7c2820ce04602c9f059370 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 30 Aug 2013 12:21:39 -0400
Subject: krb5: move template check to initializzation

The randomized template check realy only makes sense for the FILE ccache
which is the only one that normally needs to use randomizing chars.
Also it is better to warn the admin early rather than to warn 'when it
is too late'.
So move the check at initialization time when we determine what the
template actually is.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
---
 src/providers/krb5/krb5_utils.c | 22 +++-------------------
 1 file changed, 3 insertions(+), 19 deletions(-)

(limited to 'src/providers/krb5/krb5_utils.c')

diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 7f2ca2d5..b174462e 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -1122,24 +1122,10 @@ cc_residual_exists(uid_t uid, const char *ccname,
     return EOK;
 }
 
-static void
-cc_check_template(const char *cc_template)
-{
-    size_t template_len;
-
-    template_len = strlen(cc_template);
-    if (template_len >= 6 &&
-        strcmp(cc_template + (template_len - 6), "XXXXXX") != 0) {
-        DEBUG(SSSDBG_CONF_SETTINGS, ("ccache file name template [%s] doesn't "
-                   "contain randomizing characters (XXXXXX), file might not "
-                   "be rewritable\n", cc_template));
-    }
-}
-
 errno_t
 cc_file_check_existing(const char *location, uid_t uid,
                        const char *realm, const char *princ,
-                       const char *cc_template, bool *_valid)
+                       bool *_valid)
 {
     errno_t ret;
     bool valid;
@@ -1162,7 +1148,6 @@ cc_file_check_existing(const char *location, uid_t uid,
             DEBUG(SSSDBG_OP_FAILURE,
                   ("Could not check if ccache is active.\n"));
         }
-        cc_check_template(cc_template);
         return ret;
     }
 
@@ -1201,7 +1186,7 @@ cc_dir_create(const char *location, pcre *illegal_re,
 errno_t
 cc_dir_check_existing(const char *location, uid_t uid,
                       const char *realm, const char *princ,
-                      const char *cc_template, bool *_valid)
+                      bool *_valid)
 {
     bool valid;
     enum sss_krb5_cc_type type;
@@ -1262,7 +1247,6 @@ cc_dir_check_existing(const char *location, uid_t uid,
             DEBUG(SSSDBG_OP_FAILURE,
                   ("Could not check if ccache is active.\n"));
         }
-        cc_check_template(cc_template);
         goto done;
     }
 
@@ -1326,7 +1310,7 @@ cc_keyring_create(const char *location, pcre *illegal_re,
 errno_t
 cc_keyring_check_existing(const char *location, uid_t uid,
                           const char *realm, const char *princ,
-                          const char *cc_template, bool *_valid)
+                          bool *_valid)
 {
     errno_t ret;
     bool valid;
-- 
cgit