summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-08-30 11:31:23 -0400
committerSimo Sorce <simo@redhat.com>2013-09-09 15:11:45 -0400
commitbfd32c9e8f302d7722838a68572c6801f5640657 (patch)
tree53fa628e46580536f728d3d9b5458e853a4dbb5e
parent1536e39c191a013bc50bb6fd4b8eaef11cf0d436 (diff)
downloadsssd-bfd32c9e8f302d7722838a68572c6801f5640657.tar.gz
sssd-bfd32c9e8f302d7722838a68572c6801f5640657.tar.xz
sssd-bfd32c9e8f302d7722838a68572c6801f5640657.zip
krb5: Move determination of user being active
The way a user is checked for being active does not depend on the ccache type so move that check out of the ccache specific functions. Resolves: https://fedorahosted.org/sssd/ticket/2061
-rw-r--r--src/providers/krb5/krb5_auth.c10
-rw-r--r--src/providers/krb5/krb5_utils.c47
-rw-r--r--src/providers/krb5/krb5_utils.h3
3 files changed, 17 insertions, 43 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 976fdec09..178f18a3c 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -76,7 +76,7 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
cc_template = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
ret = old_cc_ops->check_existing(old_ccache, kr->uid, realm, kr->upn,
- cc_template, active, valid);
+ cc_template, valid);
if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_FUNC,
("Saved ccache %s doesn't exist.\n", old_ccache));
@@ -84,11 +84,17 @@ check_old_ccache(const char *old_ccache, struct krb5child_req *kr,
}
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
- ("Cannot check if saved ccache %s is active and valid\n",
+ ("Cannot check if saved ccache %s is valid\n",
old_ccache));
return ret;
}
+ ret = check_if_uid_is_active(kr->uid, active);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("check_if_uid_is_active failed.\n"));
+ return ret;
+ }
+
return EOK;
}
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index ce3cab60d..7f2ca2d5b 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -1066,14 +1066,11 @@ cc_file_create(const char *location, pcre *illegal_re,
}
static errno_t
-cc_residual_is_used(uid_t uid, const char *ccname,
- enum sss_krb5_cc_type type, bool *result)
+cc_residual_exists(uid_t uid, const char *ccname,
+ enum sss_krb5_cc_type type)
{
int ret;
struct stat stat_buf;
- bool active;
-
- *result = false;
if (ccname == NULL || *ccname == '\0') {
return EINVAL;
@@ -1086,7 +1083,6 @@ cc_residual_is_used(uid_t uid, const char *ccname,
if (ret == ENOENT) {
DEBUG(SSSDBG_FUNC_DATA, ("Cache file [%s] does not exist, "
"it will be recreated\n", ccname));
- *result = false;
return ENOENT;
}
@@ -1123,20 +1119,6 @@ cc_residual_is_used(uid_t uid, const char *ccname,
return EINVAL;
}
- ret = check_if_uid_is_active(uid, &active);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("check_if_uid_is_active failed.\n"));
- return ret;
- }
-
- if (!active) {
- DEBUG(SSSDBG_TRACE_FUNC, ("User [%d] is not active\n", uid));
- } else {
- DEBUG(SSSDBG_TRACE_LIBS,
- ("User [%d] is still active, reusing ccache [%s].\n",
- uid, ccname));
- *result = true;
- }
return EOK;
}
@@ -1157,10 +1139,9 @@ cc_check_template(const char *cc_template)
errno_t
cc_file_check_existing(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *_active, bool *_valid)
+ const char *cc_template, bool *_valid)
{
errno_t ret;
- bool active;
bool valid;
const char *filename;
@@ -1175,14 +1156,13 @@ cc_file_check_existing(const char *location, uid_t uid,
return EINVAL;
}
- ret = cc_residual_is_used(uid, filename, SSS_KRB5_TYPE_FILE, &active);
+ ret = cc_residual_exists(uid, filename, SSS_KRB5_TYPE_FILE);
if (ret != EOK) {
if (ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE,
("Could not check if ccache is active.\n"));
}
cc_check_template(cc_template);
- active = false;
return ret;
}
@@ -1191,7 +1171,6 @@ cc_file_check_existing(const char *location, uid_t uid,
return ret;
}
- *_active = active;
*_valid = valid;
return EOK;
}
@@ -1222,10 +1201,8 @@ cc_dir_create(const char *location, pcre *illegal_re,
errno_t
cc_dir_check_existing(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *_active, bool *_valid)
+ const char *cc_template, bool *_valid)
{
- bool active;
- bool active_primary = false;
bool valid;
enum sss_krb5_cc_type type;
const char *filename;
@@ -1279,7 +1256,7 @@ cc_dir_check_existing(const char *location, uid_t uid,
dir = tmp;
}
- ret = cc_residual_is_used(uid, dir, SSS_KRB5_TYPE_DIR, &active);
+ ret = cc_residual_exists(uid, dir, SSS_KRB5_TYPE_DIR);
if (ret != EOK) {
if (ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE,
@@ -1298,8 +1275,7 @@ cc_dir_check_existing(const char *location, uid_t uid,
ret = ENOMEM;
goto done;
}
- ret = cc_residual_is_used(uid, primary_file, SSS_KRB5_TYPE_FILE,
- &active_primary);
+ ret = cc_residual_exists(uid, primary_file, SSS_KRB5_TYPE_FILE);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE,
("Could not check if file 'primary' [%s] in dir ccache"
@@ -1312,7 +1288,6 @@ cc_dir_check_existing(const char *location, uid_t uid,
goto done;
}
- *_active = active;
*_valid = valid;
ret = EOK;
@@ -1351,11 +1326,9 @@ cc_keyring_create(const char *location, pcre *illegal_re,
errno_t
cc_keyring_check_existing(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *_active,
- bool *_valid)
+ const char *cc_template, bool *_valid)
{
errno_t ret;
- bool active;
bool valid;
const char *residual;
@@ -1366,16 +1339,12 @@ cc_keyring_check_existing(const char *location, uid_t uid,
return EINVAL;
}
- /* The keyring cache is always active */
- active = true;
-
/* Check if any user is actively using this cache */
ret = check_cc_validity(location, realm, princ, &valid);
if (ret != EOK) {
return ret;
}
- *_active = active;
*_valid = valid;
return EOK;
}
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index a73098d40..ca3320581 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -47,8 +47,7 @@ typedef errno_t (*cc_be_create_fn)(const char *location, pcre *illegal_re,
uid_t uid, gid_t gid, bool private_path);
typedef errno_t (*cc_be_check_existing)(const char *location, uid_t uid,
const char *realm, const char *princ,
- const char *cc_template, bool *active,
- bool *valid);
+ const char *cc_template, bool *valid);
/* A ccache back end */
struct sss_krb5_cc_be {