From 2745b0156f12df7a7eb93d57716233243658e4d9 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sat, 18 Oct 2014 22:03:13 +0200 Subject: KRB5: Move all ccache operations to krb5_child.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The credential cache operations must be now performed by the krb5_child completely, because the sssd_be process might be running as the sssd user who doesn't have access to the ccaches. src/providers/krb5/krb5_ccache.c is still linked against libsss_krb5 until we fix Kerberos ticket renewal as non-root. Also includes a new error code that indicates that the back end should remove the old ccache attribute -- the child can't do that if it's running as the user. Related: https://fedorahosted.org/sssd/ticket/2370 Reviewed-by: Sumit Bose Reviewed-by: Lukáš Slebodník --- src/util/util_errors.c | 1 + src/util/util_errors.h | 1 + 2 files changed, 2 insertions(+) (limited to 'src/util') diff --git a/src/util/util_errors.c b/src/util/util_errors.c index d5da64622..c1ed0fb63 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -31,6 +31,7 @@ struct err_string error_to_str[] = { { "Invalid credential type" }, /* ERR_INVALID_CRED_TYPE */ { "No credentials available" }, /* ERR_NO_CREDS */ { "Credentials are expired" }, /* ERR_CREDS_EXPIRED */ + { "Credentials are expired, old ccache was removed" }, /* ERR_CREDS_EXPIRED_CCACHE */ { "Failure setting user credentials"}, /* ERR_CREDS_INVALID */ { "No cached credentials available" }, /* ERR_NO_CACHED_CREDS */ { "Cached credentials are expired" }, /* ERR_CACHED_CREDS_EXPIRED */ diff --git a/src/util/util_errors.h b/src/util/util_errors.h index 2bc576605..f71ede8d0 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -56,6 +56,7 @@ enum sssd_errors { ERR_CREDS_INVALID, ERR_NO_CACHED_CREDS, ERR_CACHED_CREDS_EXPIRED, + ERR_CREDS_EXPIRED_CCACHE, ERR_AUTH_DENIED, ERR_AUTH_FAILED, ERR_CHPASS_DENIED, -- cgit