diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-15 13:59:44 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-15 14:38:22 -0400 |
| commit | 6ca87e797982061576885f944e2ccfaba9573897 (patch) | |
| tree | 6128b84210a53f5f0f98feb8aba1d8056dffc8d7 /src | |
| parent | 7cc8729dec26c1fd5b06323237acc9ba2bdaaa17 (diff) | |
| download | sssd-6ca87e797982061576885f944e2ccfaba9573897.tar.gz sssd-6ca87e797982061576885f944e2ccfaba9573897.tar.xz sssd-6ca87e797982061576885f944e2ccfaba9573897.zip | |
KRB5: Auto-detect DIR cache support in configure
We can't support the DIR cache features in systems with kerberos
libraries older than 1.10. Make sure we don't build it on those
systems.
Diffstat (limited to 'src')
| -rw-r--r-- | src/external/krb5.m4 | 4 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 8 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_common.c | 6 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_utils.c | 9 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_utils.h | 15 | ||||
| -rw-r--r-- | src/tests/krb5_child-test.c | 2 | ||||
| -rw-r--r-- | src/tests/krb5_utils-tests.c | 5 | ||||
| -rw-r--r-- | src/util/sss_krb5.c | 12 | ||||
| -rw-r--r-- | src/util/sss_krb5.h | 8 |
9 files changed, 61 insertions, 8 deletions
diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 index ee9662614..b87ec5c8e 100644 --- a/src/external/krb5.m4 +++ b/src/external/krb5.m4 @@ -56,7 +56,9 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ krb5_kt_free_entry \ krb5_princ_realm \ krb5_get_time_offsets \ - krb5_principal_get_realm]) + krb5_principal_get_realm \ + krb5_cc_cache_match \ + krb5_cc_get_full_name]) CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index bfec956b6..c434c97ff 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -244,11 +244,13 @@ store_creds_in_ccache(krb5_context ctx, krb5_principal princ, goto done; } +#ifdef HAVE_KRB5_DIRCACHE kerr = krb5_cc_switch(ctx, cc); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_OP_FAILURE, kerr); goto done; } +#endif /* HAVE_KRB5_DIRCACHE */ kerr = krb5_cc_close(ctx, cc); if (kerr != 0) { @@ -366,6 +368,8 @@ done: return kerr; } +#ifdef HAVE_KRB5_DIRCACHE + static errno_t create_ccdir(const char *dirname, uid_t uid, gid_t gid) { @@ -491,6 +495,8 @@ done: return kerr; } +#endif /* HAVE_KRB5_DIRCACHE */ + static krb5_error_code create_ccache(uid_t uid, gid_t gid, krb5_context ctx, krb5_principal princ, char *ccname, krb5_creds *creds) @@ -501,8 +507,10 @@ create_ccache(uid_t uid, gid_t gid, krb5_context ctx, switch (cctype) { case SSS_KRB5_TYPE_FILE: return create_ccache_file(ctx, princ, ccname, creds); +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: return create_ccache_in_dir(uid, gid, ctx, princ, ccname, creds); +#endif /* HAVE_KRB5_DIRCACHE */ default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown cache type\n")); return EINVAL; diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index f4033d295..ee35b522e 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -204,12 +204,16 @@ errno_t check_and_export_options(struct dp_option *opts, return ret; } break; + +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type DIR\n")); krb5_ctx->cc_be = &dir_cc; break; +#endif + default: - DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Unknown ccname database\n")); return EINVAL; break; } diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 8cea7ccea..68a6aab33 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -583,9 +583,13 @@ get_cc_be_ops(enum sss_krb5_cc_type type) case SSS_KRB5_TYPE_FILE: be = &file_cc; break; + +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: be = &dir_cc; break; +#endif /* HAVE_KRB5_DIRCACHE */ + case SSS_KRB5_TYPE_UNKNOWN: be = NULL; break; @@ -649,9 +653,11 @@ cc_residual_is_used(uid_t uid, const char *ccname, } switch (type) { +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: ret = S_ISDIR(stat_buf.st_mode); break; +#endif /* HAVE_KRB5_DIRCACHE */ case SSS_KRB5_TYPE_FILE: ret = S_ISREG(stat_buf.st_mode); break; @@ -789,6 +795,7 @@ struct sss_krb5_cc_be file_cc = { .remove = cc_file_remove, }; +#ifdef HAVE_KRB5_DIRCACHE /*======== Operations on the DIR: back end ========*/ errno_t cc_dir_create(const char *location, pcre *illegal_re, @@ -1000,3 +1007,5 @@ struct sss_krb5_cc_be dir_cc = { .ccache_for_princ = cc_dir_cache_for_princ, .remove = cc_dir_remove }; + +#endif /* HAVE_KRB5_DIRCACHE */ diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index 5f677cae2..d8d96d258 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -27,6 +27,7 @@ #define __KRB5_UTILS_H__ #include <talloc.h> +#include "config.h" #include "providers/krb5/krb5_auth.h" #include "providers/data_provider.h" @@ -53,7 +54,6 @@ struct sss_krb5_cc_be { }; struct sss_krb5_cc_be file_cc; -struct sss_krb5_cc_be dir_cc; errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); @@ -61,9 +61,6 @@ errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, errno_t cc_file_create(const char *filename, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); -errno_t cc_dir_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type); struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache); @@ -75,4 +72,14 @@ errno_t become_user(uid_t uid, gid_t gid); errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, struct tgt_times *tgtt); + +#ifdef HAVE_KRB5_DIRCACHE + +struct sss_krb5_cc_be dir_cc; + +errno_t cc_dir_create(const char *location, pcre *illegal_re, + uid_t uid, gid_t gid, bool private_path); + +#endif /* HAVE_KRB5_DIRCACHE */ + #endif /* __KRB5_UTILS_H__ */ diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c index fa9374c2d..636f73363 100644 --- a/src/tests/krb5_child-test.c +++ b/src/tests/krb5_child-test.c @@ -260,9 +260,11 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, case SSS_KRB5_TYPE_FILE: kr->krb5_ctx->cc_be = &file_cc; break; +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: kr->krb5_ctx->cc_be = &dir_cc; break; +#endif /* HAVE_KRB5_DIRCACHE */ default: if (tmpl[0] != '/') { DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n")); diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index bcd9acb19..581212997 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -357,6 +357,7 @@ START_TEST(test_illegal_patterns) } END_TEST +#ifdef HAVE_KRB5_DIRCACHE START_TEST(test_cc_dir_create) { char *residual; @@ -405,6 +406,8 @@ START_TEST(test_cc_dir_create) free(cwd); } END_TEST +#endif /* HAVE_KRB5_DIRCACHE */ + void setup_talloc_context(void) { @@ -694,7 +697,9 @@ Suite *krb5_utils_suite (void) tcase_add_checked_fixture (tc_create_dir, setup_create_dir, teardown_create_dir); tcase_add_test (tc_create_dir, test_illegal_patterns); +#ifdef HAVE_KRB5_DIRCACHE tcase_add_test (tc_create_dir, test_cc_dir_create); +#endif /* HAVE_KRB5_DIRCACHE */ if (getuid() == 0) { tcase_add_test (tc_create_dir, test_priv_ccache_dir); tcase_add_test (tc_create_dir, test_private_ccache_dir_in_user_dir); diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 8a6bfe2dc..6cbf8c61a 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -1121,10 +1121,14 @@ sss_krb5_get_type(const char *full_location) if (strncmp(full_location, SSS_KRB5_FILE, sizeof(SSS_KRB5_FILE)-1) == 0) { return SSS_KRB5_TYPE_FILE; - } else if (strncmp(full_location, SSS_KRB5_DIR, + } +#ifdef HAVE_KRB5_DIRCACHE + else if (strncmp(full_location, SSS_KRB5_DIR, sizeof(SSS_KRB5_DIR)-1) == 0) { return SSS_KRB5_TYPE_DIR; - } else if (full_location[0] == '/') { + } +#endif /* HAVE_KRB5_DIRCACHE */ + else if (full_location[0] == '/') { return SSS_KRB5_TYPE_FILE; } @@ -1147,9 +1151,11 @@ sss_krb5_residual_by_type(const char *full_location, offset = sizeof(SSS_KRB5_FILE)-1; } break; +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: offset = sizeof(SSS_KRB5_DIR)-1; break; +#endif /* HAVE_KRB5_DIRCACHE */ default: return NULL; } @@ -1169,9 +1175,11 @@ sss_krb5_cc_file_path(const char *full_location) switch(cc_type) { case SSS_KRB5_TYPE_FILE: return residual; +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: /* DIR::/run/user/tkt_foo */ if (residual[0] == ':') return residual+1; +#endif case SSS_KRB5_TYPE_UNKNOWN: break; } diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 34fdc4950..4f2e67a7f 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -41,6 +41,12 @@ #define KERBEROS_PWEXPIRE_WARNING_TIME (7 * 24 * 60 * 60) #define KEYTAB_CLEAN_NAME keytab_name ? keytab_name : "default" +#if 0 +#if defined HAVE_KRB5_CC_CACHE_MATCH && defined HAVE_KRB5_CC_GET_FULL_NAME +#define HAVE_KRB5_DIRCACHE 1 +#endif +#endif + const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, krb5_error_code); @@ -133,7 +139,9 @@ void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, enum sss_krb5_cc_type { SSS_KRB5_TYPE_FILE, +#ifdef HAVE_KRB5_DIRCACHE SSS_KRB5_TYPE_DIR, +#endif /* HAVE_KRB5_DIRCACHE */ SSS_KRB5_TYPE_UNKNOWN }; |