From 35b4b217fa2b91bfc8d58c47024faf41c95fc807 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 19 Oct 2014 12:28:13 +0200 Subject: KRB5: Do not switch_creds() if already the specified user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The code didn't have to handle this case previously as sssd_be was always running as root and switching to the ccache as the user logging in. Also handle NULL creds on restore_creds() in case there was no switch. One less if-condition and fewer indentation levels. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose Reviewed-by: Lukáš Slebodník --- src/tests/cwrap/test_become_user.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/tests') diff --git a/src/tests/cwrap/test_become_user.c b/src/tests/cwrap/test_become_user.c index 06d3ad425..7ecea5aac 100644 --- a/src/tests/cwrap/test_become_user.c +++ b/src/tests/cwrap/test_become_user.c @@ -76,6 +76,7 @@ void test_switch_user(void **state) struct passwd *sssd; TALLOC_CTX *tmp_ctx; struct sss_creds *saved_creds; + struct sss_creds *saved_creds2 = NULL; check_leaks_push(global_talloc_context); tmp_ctx = talloc_new(global_talloc_context); @@ -102,6 +103,12 @@ void test_switch_user(void **state) assert_int_equal(saved_creds->uid, 0); assert_int_equal(saved_creds->gid, 0); + /* Attempt to restore creds again */ + ret = switch_creds(tmp_ctx, sssd->pw_uid, sssd->pw_gid, + 0, NULL, &saved_creds2); + assert_int_equal(ret, EOK); + assert_null(saved_creds2); + /* restore root */ ret = restore_creds(saved_creds); assert_int_equal(ret, EOK); -- cgit