From 6c576935f642beb2f4300f19561b6ef9454c2db4 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 28 Nov 2014 18:02:20 +0100
Subject: Remove unneeded become_user() calls

---
 src/providers/krb5/krb5_child.c | 24 ++----------------------
 1 file changed, 2 insertions(+), 22 deletions(-)

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 7aa224b57..2bdaa34cf 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1005,17 +1005,6 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
         DEBUG(SSSDBG_CONF_SETTINGS, "TGT validation is disabled.\n");
     }
 
-    if (kr->validate || kr->fast_ccname != NULL) {
-        /* We drop root privileges which were needed to read the keytab file
-         * for the validation of the credentials or for FAST here to run the
-         * ccache I/O operations with user privileges. */
-        kerr = become_user(kr->uid, kr->gid);
-        if (kerr != 0) {
-            DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
-            return kerr;
-        }
-    }
-
     /* If kr->ccname is cache collection (DIR:/...), we want to work
      * directly with file ccache (DIR::/...), but cache collection
      * should be returned back to back end.
@@ -1436,17 +1425,6 @@ static errno_t renew_tgt_child(struct krb5_req *kr)
         DEBUG(SSSDBG_CONF_SETTINGS, "TGT validation is disabled.\n");
     }
 
-    if (kr->validate || kr->fast_ccname != NULL) {
-        /* We drop root privileges which were needed to read the keytab file
-         * for the validation of the credentials or for FAST here to run the
-         * ccache I/O operations with user privileges. */
-        kerr = become_user(kr->uid, kr->gid);
-        if (kerr != 0) {
-            DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
-            goto done;
-        }
-    }
-
     kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ);
     if (kerr != 0) {
         KRB5_CHILD_DEBUG(SSSDBG_CRIT_FAILURE, kerr);
@@ -1808,6 +1786,8 @@ static krb5_error_code check_fast_ccache(TALLOC_CTX *mem_ctx,
                 DEBUG(SSSDBG_CRIT_FAILURE, "become_user failed.\n");
                 return kerr;
             }
+            DEBUG(SSSDBG_TRACE_INTERNAL,
+                  "Running as [%"SPRIuid"][%"SPRIgid"].\n", geteuid(), getegid());
 
             kerr = get_and_save_tgt_with_keytab(ctx, client_princ, keytab, ccname);
             if (kerr != 0) {
-- 
cgit