diff options
Diffstat (limited to 'src/providers/ldap/ldap_child.c')
-rw-r--r-- | src/providers/ldap/ldap_child.c | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index a922b1817..e7febdf04 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -33,6 +33,7 @@ #include "util/sss_krb5.h" #include "util/child_common.h" #include "providers/dp_backend.h" +#include "providers/krb5/krb5_common.h" static krb5_context krb5_error_ctx; #define LDAP_CHILD_DEBUG(level, error) KRB5_DEBUG(level, krb5_error_ctx, error) @@ -248,7 +249,7 @@ static int lc_verify_keytab_ex(const char *principal, static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, const char *realm_str, const char *princ_str, - const char *keytab_name, + const char *inp_keytab_name, const krb5_deltat lifetime, uid_t uid, gid_t gid, @@ -277,6 +278,8 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, char *ccname_file_dummy; char *ccname_file; mode_t old_umask; + char *keytab_name; + char default_keytab_name[MAX_KEYTAB_NAME_LEN]; krberr = krb5_init_context(&context); if (krberr) { @@ -291,6 +294,32 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } + if (inp_keytab_name != NULL) { + krberr = copy_keytab_into_memory(tmp_ctx, context, inp_keytab_name, + &keytab_name); + } else { + krberr = krb5_kt_default_name(context, default_keytab_name, + sizeof(default_keytab_name)); + if (krberr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_kt_default_name failed.\n"); + goto done; + } + + krberr = copy_keytab_into_memory(tmp_ctx, context, default_keytab_name, + &keytab_name); + } + if (krberr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "copy_keytab_into_memory failed.\n"); + goto done; + } + + krberr = become_user(uid, gid); + if (krberr != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); + goto done; + } + + krberr = set_child_debugging(context); if (krberr != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Cannot set krb5_child debugging\n"); @@ -440,12 +469,6 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, } DEBUG(SSSDBG_TRACE_INTERNAL, "credentials initialized\n"); - krberr = become_user(uid, gid); - if (krberr != 0) { - DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n"); - goto done; - } - ccname_dummy = talloc_asprintf(tmp_ctx, "FILE:%s", ccname_file_dummy); ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname_file); if (ccname_dummy == NULL || ccname == NULL) { |