diff options
| author | Ondrej Kos <okos@redhat.com> | 2012-10-02 18:56:39 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-04 19:43:23 +0200 |
| commit | 8fe574521b7f8b14e17aea1d9afb471b80761b83 (patch) | |
| tree | 4ae0aa549e9e5c43e2c6862a0ec72a740d1aca87 /src/providers/krb5/krb5_utils.c | |
| parent | e7dd2a5102ba6cfd28be6eccdd62768e9758d9f4 (diff) | |
| download | sssd-8fe574521b7f8b14e17aea1d9afb471b80761b83.tar.gz sssd-8fe574521b7f8b14e17aea1d9afb471b80761b83.tar.xz sssd-8fe574521b7f8b14e17aea1d9afb471b80761b83.zip | |
Log possibly non-randomizable ccache file template
fixes https://fedorahosted.org/sssd/ticket/1533
ccache file template is now checked for appended XXXXXX for use with
mkstemp. When those characters are not present, warning is written to log.
Diffstat (limited to 'src/providers/krb5/krb5_utils.c')
| -rw-r--r-- | src/providers/krb5/krb5_utils.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 774f62dad..73a711d91 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -695,10 +695,24 @@ cc_residual_is_used(uid_t uid, const char *ccname, return EOK; } +static void +cc_check_template(const char *cc_template) +{ + size_t template_len; + + template_len = strlen(cc_template); + if (template_len >= 6 && + strcmp(cc_template + (template_len - 6), "XXXXXX") != 0) { + DEBUG(SSSDBG_CONF_SETTINGS, ("ccache file name template [%s] doesn't " + "contain randomizing characters (XXXXXX), file might not " + "be rewritable\n", cc_template)); + } +} + errno_t cc_file_check_existing(const char *location, uid_t uid, const char *realm, const char *princ, - bool *_active, bool *_valid) + const char *cc_template, bool *_active, bool *_valid) { errno_t ret; bool active; @@ -723,6 +737,7 @@ cc_file_check_existing(const char *location, uid_t uid, if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not check if ccache is active. " "Will create a new one.\n")); + cc_check_template(cc_template); active = false; } @@ -846,7 +861,7 @@ get_ccache_for_princ(krb5_context context, const char *location, errno_t cc_dir_check_existing(const char *location, uid_t uid, const char *realm, const char *princ, - bool *_active, bool *_valid) + const char *cc_template, bool *_active, bool *_valid) { bool active = false; bool valid = false; @@ -893,6 +908,7 @@ cc_dir_check_existing(const char *location, uid_t uid, if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not check if ccache is active. " "Will create a new one.\n")); + cc_check_template(cc_template); active = false; } |