diff options
author | Simo Sorce <simo@redhat.com> | 2013-08-30 00:58:24 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-08-30 01:00:33 -0400 |
commit | 4b1e4af6b7d2e86f3bfaccba07acc9beb44b3182 (patch) | |
tree | 17b04ca2555e90e59b95d4046ba4bb23c201cbad /src/providers/krb5/krb5_auth.c | |
parent | be894d65471bb6de25623f01a02c606a20b76468 (diff) | |
download | sssd-simo_ccname.tar.gz sssd-simo_ccname.tar.xz sssd-simo_ccname.zip |
krb5: Replace type-specific ccache/principal checksimo_ccname
Instead of having duplicate functions that are type custom use a signle common
function that also performs access to the cache as the user owner, implicitly
validating correctness of ownership.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
Diffstat (limited to 'src/providers/krb5/krb5_auth.c')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index cce2c9233..a5284ceae 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -847,7 +847,6 @@ static void krb5_auth_done(struct tevent_req *subreq) uint8_t *buf = NULL; ssize_t len = -1; struct krb5_child_response *res; - const char *store_ccname; struct fo_server *search_srv; krb5_deltat renew_interval_delta; char *renew_interval_str; @@ -1087,18 +1086,16 @@ static void krb5_auth_done(struct tevent_req *subreq) goto done; } - store_ccname = kr->cc_be->ccache_for_princ(kr, kr->ccname, - kr->upn); - if (store_ccname == NULL) { + ret = sss_krb5_check_ccache_princ(kr->uid, kr->gid, kr->ccname, kr->upn); + if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ccache for %s in %s?\n", kr->upn, kr->ccname)); - ret = EIO; goto done; } if (kr->old_ccname) { ret = safe_remove_old_ccache_file(kr->cc_be, - kr->old_ccname, store_ccname, + kr->old_ccname, kr->ccname, kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -1108,7 +1105,7 @@ static void krb5_auth_done(struct tevent_req *subreq) } ret = krb5_save_ccname(state, state->sysdb, state->domain, - pd->user, store_ccname); + pd->user, kr->ccname); if (ret) { DEBUG(1, ("krb5_save_ccname failed.\n")); goto done; |