diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2013-08-23 14:23:33 -0400 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-27 17:06:36 +0200 |
| commit | a9b3ecf7dbeb79d8e79a80c007b2ae4c88ef18e8 (patch) | |
| tree | 070e4aa3a9b4c37cccf130f99a84cb41524365d8 | |
| parent | ff799119268b8845fe419adb6bb473f1e43050f8 (diff) | |
| download | sssd-a9b3ecf7dbeb79d8e79a80c007b2ae4c88ef18e8.tar.gz sssd-a9b3ecf7dbeb79d8e79a80c007b2ae4c88ef18e8.tar.xz sssd-a9b3ecf7dbeb79d8e79a80c007b2ae4c88ef18e8.zip | |
KRB5: Remove unnecessary call to become_user()
By the time that the create_ccache_in_dir() routine is called, we are
already guaranteed to have dropped privileges. This has either happened
because we dropped them before the exec() in the normal operation case
or because we dropped them explicitly after we completed the TGT
validation step if that or FAST is configured.
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index c7c63151e..02eea79ab 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -722,12 +722,6 @@ create_ccache_in_dir(uid_t uid, gid_t gid, return EIO; } - kerr = become_user(uid, gid); - if (kerr != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("become_user failed.\n")); - goto done; - } - if (dirname[0] == ':') { /* Cache name in the form of DIR::filepath represents a single * ccache in a collection that we are trying to reuse. |