From 6ca87e797982061576885f944e2ccfaba9573897 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Fri, 15 Jun 2012 13:59:44 -0400 Subject: KRB5: Auto-detect DIR cache support in configure We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems. --- src/external/krb5.m4 | 4 +++- src/providers/krb5/krb5_child.c | 8 ++++++++ src/providers/krb5/krb5_common.c | 6 +++++- src/providers/krb5/krb5_utils.c | 9 +++++++++ src/providers/krb5/krb5_utils.h | 15 +++++++++++---- src/tests/krb5_child-test.c | 2 ++ src/tests/krb5_utils-tests.c | 5 +++++ src/util/sss_krb5.c | 12 ++++++++++-- src/util/sss_krb5.h | 8 ++++++++ 9 files changed, 61 insertions(+), 8 deletions(-) diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 index ee9662614..b87ec5c8e 100644 --- a/src/external/krb5.m4 +++ b/src/external/krb5.m4 @@ -56,7 +56,9 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ krb5_kt_free_entry \ krb5_princ_realm \ krb5_get_time_offsets \ - krb5_principal_get_realm]) + krb5_principal_get_realm \ + krb5_cc_cache_match \ + krb5_cc_get_full_name]) CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index bfec956b6..c434c97ff 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -244,11 +244,13 @@ store_creds_in_ccache(krb5_context ctx, krb5_principal princ, goto done; } +#ifdef HAVE_KRB5_DIRCACHE kerr = krb5_cc_switch(ctx, cc); if (kerr != 0) { KRB5_CHILD_DEBUG(SSSDBG_OP_FAILURE, kerr); goto done; } +#endif /* HAVE_KRB5_DIRCACHE */ kerr = krb5_cc_close(ctx, cc); if (kerr != 0) { @@ -366,6 +368,8 @@ done: return kerr; } +#ifdef HAVE_KRB5_DIRCACHE + static errno_t create_ccdir(const char *dirname, uid_t uid, gid_t gid) { @@ -491,6 +495,8 @@ done: return kerr; } +#endif /* HAVE_KRB5_DIRCACHE */ + static krb5_error_code create_ccache(uid_t uid, gid_t gid, krb5_context ctx, krb5_principal princ, char *ccname, krb5_creds *creds) @@ -501,8 +507,10 @@ create_ccache(uid_t uid, gid_t gid, krb5_context ctx, switch (cctype) { case SSS_KRB5_TYPE_FILE: return create_ccache_file(ctx, princ, ccname, creds); +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: return create_ccache_in_dir(uid, gid, ctx, princ, ccname, creds); +#endif /* HAVE_KRB5_DIRCACHE */ default: DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown cache type\n")); return EINVAL; diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index f4033d295..ee35b522e 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -204,12 +204,16 @@ errno_t check_and_export_options(struct dp_option *opts, return ret; } break; + +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type DIR\n")); krb5_ctx->cc_be = &dir_cc; break; +#endif + default: - DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n")); + DEBUG(SSSDBG_OP_FAILURE, ("Unknown ccname database\n")); return EINVAL; break; } diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 8cea7ccea..68a6aab33 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -583,9 +583,13 @@ get_cc_be_ops(enum sss_krb5_cc_type type) case SSS_KRB5_TYPE_FILE: be = &file_cc; break; + +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: be = &dir_cc; break; +#endif /* HAVE_KRB5_DIRCACHE */ + case SSS_KRB5_TYPE_UNKNOWN: be = NULL; break; @@ -649,9 +653,11 @@ cc_residual_is_used(uid_t uid, const char *ccname, } switch (type) { +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: ret = S_ISDIR(stat_buf.st_mode); break; +#endif /* HAVE_KRB5_DIRCACHE */ case SSS_KRB5_TYPE_FILE: ret = S_ISREG(stat_buf.st_mode); break; @@ -789,6 +795,7 @@ struct sss_krb5_cc_be file_cc = { .remove = cc_file_remove, }; +#ifdef HAVE_KRB5_DIRCACHE /*======== Operations on the DIR: back end ========*/ errno_t cc_dir_create(const char *location, pcre *illegal_re, @@ -1000,3 +1007,5 @@ struct sss_krb5_cc_be dir_cc = { .ccache_for_princ = cc_dir_cache_for_princ, .remove = cc_dir_remove }; + +#endif /* HAVE_KRB5_DIRCACHE */ diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index 5f677cae2..d8d96d258 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -27,6 +27,7 @@ #define __KRB5_UTILS_H__ #include +#include "config.h" #include "providers/krb5/krb5_auth.h" #include "providers/data_provider.h" @@ -53,7 +54,6 @@ struct sss_krb5_cc_be { }; struct sss_krb5_cc_be file_cc; -struct sss_krb5_cc_be dir_cc; errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); @@ -61,9 +61,6 @@ errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, errno_t cc_file_create(const char *filename, pcre *illegal_re, uid_t uid, gid_t gid, bool private_path); -errno_t cc_dir_create(const char *location, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); - struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type); struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache); @@ -75,4 +72,14 @@ errno_t become_user(uid_t uid, gid_t gid); errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, struct tgt_times *tgtt); + +#ifdef HAVE_KRB5_DIRCACHE + +struct sss_krb5_cc_be dir_cc; + +errno_t cc_dir_create(const char *location, pcre *illegal_re, + uid_t uid, gid_t gid, bool private_path); + +#endif /* HAVE_KRB5_DIRCACHE */ + #endif /* __KRB5_UTILS_H__ */ diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c index fa9374c2d..636f73363 100644 --- a/src/tests/krb5_child-test.c +++ b/src/tests/krb5_child-test.c @@ -260,9 +260,11 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user, case SSS_KRB5_TYPE_FILE: kr->krb5_ctx->cc_be = &file_cc; break; +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: kr->krb5_ctx->cc_be = &dir_cc; break; +#endif /* HAVE_KRB5_DIRCACHE */ default: if (tmpl[0] != '/') { DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n")); diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index bcd9acb19..581212997 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -357,6 +357,7 @@ START_TEST(test_illegal_patterns) } END_TEST +#ifdef HAVE_KRB5_DIRCACHE START_TEST(test_cc_dir_create) { char *residual; @@ -405,6 +406,8 @@ START_TEST(test_cc_dir_create) free(cwd); } END_TEST +#endif /* HAVE_KRB5_DIRCACHE */ + void setup_talloc_context(void) { @@ -694,7 +697,9 @@ Suite *krb5_utils_suite (void) tcase_add_checked_fixture (tc_create_dir, setup_create_dir, teardown_create_dir); tcase_add_test (tc_create_dir, test_illegal_patterns); +#ifdef HAVE_KRB5_DIRCACHE tcase_add_test (tc_create_dir, test_cc_dir_create); +#endif /* HAVE_KRB5_DIRCACHE */ if (getuid() == 0) { tcase_add_test (tc_create_dir, test_priv_ccache_dir); tcase_add_test (tc_create_dir, test_private_ccache_dir_in_user_dir); diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 8a6bfe2dc..6cbf8c61a 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -1121,10 +1121,14 @@ sss_krb5_get_type(const char *full_location) if (strncmp(full_location, SSS_KRB5_FILE, sizeof(SSS_KRB5_FILE)-1) == 0) { return SSS_KRB5_TYPE_FILE; - } else if (strncmp(full_location, SSS_KRB5_DIR, + } +#ifdef HAVE_KRB5_DIRCACHE + else if (strncmp(full_location, SSS_KRB5_DIR, sizeof(SSS_KRB5_DIR)-1) == 0) { return SSS_KRB5_TYPE_DIR; - } else if (full_location[0] == '/') { + } +#endif /* HAVE_KRB5_DIRCACHE */ + else if (full_location[0] == '/') { return SSS_KRB5_TYPE_FILE; } @@ -1147,9 +1151,11 @@ sss_krb5_residual_by_type(const char *full_location, offset = sizeof(SSS_KRB5_FILE)-1; } break; +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: offset = sizeof(SSS_KRB5_DIR)-1; break; +#endif /* HAVE_KRB5_DIRCACHE */ default: return NULL; } @@ -1169,9 +1175,11 @@ sss_krb5_cc_file_path(const char *full_location) switch(cc_type) { case SSS_KRB5_TYPE_FILE: return residual; +#ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: /* DIR::/run/user/tkt_foo */ if (residual[0] == ':') return residual+1; +#endif case SSS_KRB5_TYPE_UNKNOWN: break; } diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 34fdc4950..4f2e67a7f 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -41,6 +41,12 @@ #define KERBEROS_PWEXPIRE_WARNING_TIME (7 * 24 * 60 * 60) #define KEYTAB_CLEAN_NAME keytab_name ? keytab_name : "default" +#if 0 +#if defined HAVE_KRB5_CC_CACHE_MATCH && defined HAVE_KRB5_CC_GET_FULL_NAME +#define HAVE_KRB5_DIRCACHE 1 +#endif +#endif + const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, krb5_error_code); @@ -133,7 +139,9 @@ void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, enum sss_krb5_cc_type { SSS_KRB5_TYPE_FILE, +#ifdef HAVE_KRB5_DIRCACHE SSS_KRB5_TYPE_DIR, +#endif /* HAVE_KRB5_DIRCACHE */ SSS_KRB5_TYPE_UNKNOWN }; -- cgit