diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-12 12:56:14 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-17 15:22:00 +0200 |
| commit | f5db13d4462faa531c9924181f0fd51364647e2d (patch) | |
| tree | e0cd47ab5c39c69d15c9b67acec837530f7965a2 /src/providers | |
| parent | 4772d3f1fe5015a25ba1fb4c3779ee3117ec6fcb (diff) | |
| download | sssd-f5db13d4462faa531c9924181f0fd51364647e2d.tar.gz sssd-f5db13d4462faa531c9924181f0fd51364647e2d.tar.xz sssd-f5db13d4462faa531c9924181f0fd51364647e2d.zip | |
KRB5: Use sss_unique file in krb5_child
In krb5_child, we intentionally don' set the owner of the temporary
file, because we're not renaming it to a 'stable' name, but rather
directly using it as the ccache.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 2c5e446a0..e5f48b713 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -671,8 +671,6 @@ static errno_t handle_randomized(char *in) size_t ccname_len; char *ccname = NULL; int ret; - int fd; - mode_t old_umask; /* We only treat the FILE type case in a special way due to the history * of storing FILE type ccache in /tmp and associated security issues */ @@ -687,21 +685,18 @@ static errno_t handle_randomized(char *in) ccname_len = strlen(ccname); if (ccname_len >= 6 && strcmp(ccname + (ccname_len - 6), "XXXXXX") == 0) { /* NOTE: this call is only used to create a unique name, as later - * krb5_cc_initialize() will unlink and recreate the file. - * This is ok because this part of the code is called with - * privileges already dropped when handling user ccache, or the ccache - * is stored in a private directory. So we do not have huge issues if - * something races, we mostly care only about not accidentally use - * an existing name and thus failing in the process of saving the - * cache. Malicious races can only be avoided by libkrb5 itself. */ - old_umask = umask(077); - fd = mkstemp(ccname); - umask(old_umask); - if (fd == -1) { - ret = errno; + * krb5_cc_initialize() will unlink and recreate the file. + * This is ok because this part of the code is called with + * privileges already dropped when handling user ccache, or the ccache + * is stored in a private directory. So we do not have huge issues if + * something races, we mostly care only about not accidentally use + * an existing name and thus failing in the process of saving the + * cache. Malicious races can only be avoided by libkrb5 itself. */ + ret = sss_unique_filename(NULL, ccname); + if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, - "mkstemp(\"%s\") failed [%d]: %s!\n", - ccname, ret, strerror(ret)); + "mkstemp(\"%s\") failed [%d]: %s!\n", + ccname, ret, strerror(ret)); return ret; } } |