diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-18 22:03:13 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-30 16:36:50 +0100 |
commit | d969ba46904766480d65cf8c13e92210dc15227f (patch) | |
tree | 111c862a5676fe538aafdb7a1b0d4f4ac025f4f5 /src/tests | |
parent | 1710f23d8195ae8438b5c64cf9b745fb464c9a0d (diff) | |
download | sssd-d969ba46904766480d65cf8c13e92210dc15227f.tar.gz sssd-d969ba46904766480d65cf8c13e92210dc15227f.tar.xz sssd-d969ba46904766480d65cf8c13e92210dc15227f.zip |
KRB5: Move all ccache operations to krb5_child.c
The credential cache operations must be now performed by the krb5_child
completely, because the sssd_be process might be running as the sssd
user who doesn't have access to the ccaches.
src/providers/krb5/krb5_ccache.c is still linked against libsss_krb5
until we fix Kerberos ticket renewal as non-root.
Also includes a new error code that indicates that the back end should
remove the old ccache attribute -- the child can't do that if it's
running as the user.
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/krb5_child-test.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c index 09f23d538..a59863b4d 100644 --- a/src/tests/krb5_child-test.c +++ b/src/tests/krb5_child-test.c @@ -239,7 +239,7 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, kr->ccname = expand_ccname_template(kr, kr, dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL), - true, true); + kr->krb5_ctx->illegal_path_re, true, true); if (!kr->ccname) goto fail; DEBUG(SSSDBG_FUNC_DATA, "ccname [%s] uid [%llu] gid [%llu]\n", @@ -254,7 +254,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, kr->ccname, kr->uid, kr->gid); ret = sss_krb5_precreate_ccache(kr->ccname, - kr->krb5_ctx->illegal_path_re, kr->uid, kr->gid); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "create_ccache_dir failed.\n"); |