diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-18 22:03:13 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-18 20:33:42 +0100 |
commit | 2745b0156f12df7a7eb93d57716233243658e4d9 (patch) | |
tree | c0accf228b7d15d1d9114b7522ac3bf7b8efd492 /Makefile.am | |
parent | 7c5cd2e7711621af9163a41393e88896a91ac33b (diff) | |
download | sssd-2745b0156f12df7a7eb93d57716233243658e4d9.tar.gz sssd-2745b0156f12df7a7eb93d57716233243658e4d9.tar.xz sssd-2745b0156f12df7a7eb93d57716233243658e4d9.zip |
KRB5: Move all ccache operations to krb5_child.c
The credential cache operations must be now performed by the krb5_child
completely, because the sssd_be process might be running as the sssd
user who doesn't have access to the ccaches.
src/providers/krb5/krb5_ccache.c is still linked against libsss_krb5
until we fix Kerberos ticket renewal as non-root.
Also includes a new error code that indicates that the back end should
remove the old ccache attribute -- the child can't do that if it's
running as the user.
Related:
https://fedorahosted.org/sssd/ticket/2370
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'Makefile.am')
-rw-r--r-- | Makefile.am | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am index 4a69ecb0c..5325d51e7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2496,27 +2496,36 @@ libsss_ad_la_LDFLAGS = \ krb5_child_SOURCES = \ src/providers/krb5/krb5_child.c \ + src/providers/krb5/krb5_ccache.c \ src/providers/dp_pam_data_util.c \ src/util/user_info_msg.c \ src/util/sss_krb5.c \ + src/util/find_uid.c \ src/util/atomic_io.c \ src/util/authtok.c \ src/util/util.c \ src/util/signal.c \ + src/util/strtonum.c \ src/util/become_user.c \ src/sss_client/common.c \ $(NULL) krb5_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ - $(KRB5_CFLAGS) + $(KRB5_CFLAGS) \ + $(PCRE_CFLAGS) \ + $(SYSTEMD_LOGIN_CFLAGS) \ + $(NULL) krb5_child_LDADD = \ libsss_debug.la \ $(TALLOC_LIBS) \ $(POPT_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ - $(CLIENT_LIBS) + $(CLIENT_LIBS) \ + $(PCRE_LIBS) \ + $(SYSTEMD_LOGIN_LIBS) \ + $(NULL) ldap_child_SOURCES = \ src/providers/ldap/ldap_child.c \ |