From 04c49a183f49c28f9ef900bdbc4eb30f23278e17 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 28 Aug 2013 22:12:07 -0400
Subject: krb5: Add helper to destroy ccache as user

This function safely destroy a ccache given a cache name and user crdentials.
It becomes the user so no possible races can compromise the system, then
uses libkrb5 functions to properly destroy a ccache, independently of the
cache type.
Finally restores the original credentials after closing the ccache handlers.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
---
 src/providers/krb5/krb5_utils.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/providers/krb5/krb5_utils.h')

diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index aac3ec72..ebcfe938 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -87,6 +87,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx,
                      struct sss_creds **saved_creds);
 errno_t restore_creds(struct sss_creds *saved_creds);
 
+errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid);
+
 errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
                              struct tgt_times *tgtt);
 
-- 
cgit