diff options
author | Simo Sorce <simo@redhat.com> | 2013-08-30 00:58:24 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2013-09-09 15:11:45 -0400 |
commit | 1536e39c191a013bc50bb6fd4b8eaef11cf0d436 (patch) | |
tree | 400ef0a27c7af7d5f611585dc50db90c0e982ab6 /src/providers/krb5/krb5_auth.c | |
parent | a70e88f62e8ba48c5042b881f20ed6586cb135a8 (diff) | |
download | sssd-1536e39c191a013bc50bb6fd4b8eaef11cf0d436.tar.gz sssd-1536e39c191a013bc50bb6fd4b8eaef11cf0d436.tar.xz sssd-1536e39c191a013bc50bb6fd4b8eaef11cf0d436.zip |
krb5: Replace type-specific ccache/principal check
Instead of having duplicate functions that are type custom use a signle common
function that also performs access to the cache as the user owner, implicitly
validating correctness of ownership.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
Diffstat (limited to 'src/providers/krb5/krb5_auth.c')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 5d33dddb6..976fdec09 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -837,7 +837,6 @@ static void krb5_auth_done(struct tevent_req *subreq) uint8_t *buf = NULL; ssize_t len = -1; struct krb5_child_response *res; - const char *store_ccname; struct fo_server *search_srv; krb5_deltat renew_interval_delta; char *renew_interval_str; @@ -1076,17 +1075,15 @@ static void krb5_auth_done(struct tevent_req *subreq) goto done; } - store_ccname = kr->cc_be->ccache_for_princ(kr, kr->ccname, - kr->upn); - if (store_ccname == NULL) { + ret = sss_krb5_check_ccache_princ(kr->uid, kr->gid, kr->ccname, kr->upn); + if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, ("No ccache for %s in %s?\n", kr->upn, kr->ccname)); - ret = EIO; goto done; } if (kr->old_ccname) { - ret = safe_remove_old_ccache_file(kr->old_ccname, store_ccname, + ret = safe_remove_old_ccache_file(kr->old_ccname, kr->ccname, kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -1096,7 +1093,7 @@ static void krb5_auth_done(struct tevent_req *subreq) } ret = krb5_save_ccname(state, state->sysdb, state->domain, - pd->user, store_ccname); + pd->user, kr->ccname); if (ret) { DEBUG(1, ("krb5_save_ccname failed.\n")); goto done; |