KRB5: Move ccache-related functions to krb5_ccache.c

Add a new module krb5_ccache.c that contains all ccache-related
operations. The only user of this module shall be krb5_child.c as the
other modules will run unprivileged and accessing the ccache requires
either privileges of root or the ccache owner.

Related:
https://fedorahosted.org/sssd/ticket/2370

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

1 files changed, 1 insertions, 15 deletions

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index c96b7aee9..bd8b51f47 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -39,21 +39,7 @@
 #include "util/child_common.h"
 #include "providers/krb5/krb5_auth.h"
 #include "providers/krb5/krb5_utils.h"
-
-static errno_t safe_remove_old_ccache_file(const char *old_ccache,
-                                           const char *new_ccache,
-                                           uid_t uid, gid_t gid)
-{
-    if ((old_ccache == new_ccache)
-        || (old_ccache && new_ccache
-            && (strcmp(old_ccache, new_ccache) == 0))) {
-        DEBUG(SSSDBG_TRACE_FUNC, "New and old ccache file are the same, "
-                                  "none will be deleted.\n");
-        return EOK;
-    }
-
-    return sss_krb5_cc_destroy(old_ccache, uid, gid);
-}
+#include "providers/krb5/krb5_ccache.h"
 
 static errno_t
 check_old_ccache(const char *old_ccache, struct krb5child_req *kr,