summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2015-08-12 12:56:14 +0200
committerJakub Hrozek <jhrozek@redhat.com>2015-08-17 15:22:00 +0200
commitf5db13d4462faa531c9924181f0fd51364647e2d (patch)
treee0cd47ab5c39c69d15c9b67acec837530f7965a2 /src/providers
parent4772d3f1fe5015a25ba1fb4c3779ee3117ec6fcb (diff)
downloadsssd-f5db13d4462faa531c9924181f0fd51364647e2d.tar.gz
sssd-f5db13d4462faa531c9924181f0fd51364647e2d.tar.xz
sssd-f5db13d4462faa531c9924181f0fd51364647e2d.zip
KRB5: Use sss_unique file in krb5_child
In krb5_child, we intentionally don' set the owner of the temporary file, because we're not renaming it to a 'stable' name, but rather directly using it as the ccache. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/krb5/krb5_child.c27
1 files changed, 11 insertions, 16 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 2c5e446a0..e5f48b713 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -671,8 +671,6 @@ static errno_t handle_randomized(char *in)
size_t ccname_len;
char *ccname = NULL;
int ret;
- int fd;
- mode_t old_umask;
/* We only treat the FILE type case in a special way due to the history
* of storing FILE type ccache in /tmp and associated security issues */
@@ -687,21 +685,18 @@ static errno_t handle_randomized(char *in)
ccname_len = strlen(ccname);
if (ccname_len >= 6 && strcmp(ccname + (ccname_len - 6), "XXXXXX") == 0) {
/* NOTE: this call is only used to create a unique name, as later
- * krb5_cc_initialize() will unlink and recreate the file.
- * This is ok because this part of the code is called with
- * privileges already dropped when handling user ccache, or the ccache
- * is stored in a private directory. So we do not have huge issues if
- * something races, we mostly care only about not accidentally use
- * an existing name and thus failing in the process of saving the
- * cache. Malicious races can only be avoided by libkrb5 itself. */
- old_umask = umask(077);
- fd = mkstemp(ccname);
- umask(old_umask);
- if (fd == -1) {
- ret = errno;
+ * krb5_cc_initialize() will unlink and recreate the file.
+ * This is ok because this part of the code is called with
+ * privileges already dropped when handling user ccache, or the ccache
+ * is stored in a private directory. So we do not have huge issues if
+ * something races, we mostly care only about not accidentally use
+ * an existing name and thus failing in the process of saving the
+ * cache. Malicious races can only be avoided by libkrb5 itself. */
+ ret = sss_unique_filename(NULL, ccname);
+ if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
- "mkstemp(\"%s\") failed [%d]: %s!\n",
- ccname, ret, strerror(ret));
+ "mkstemp(\"%s\") failed [%d]: %s!\n",
+ ccname, ret, strerror(ret));
return ret;
}
}