diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2016-01-29 13:30:49 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-02-19 17:15:50 +0100 |
commit | 38f251e531b1c68e70eaa98dfecaf78da5f36ccc (patch) | |
tree | 235bd16641db382dc159b900b724ade69124bb5f /src/providers/krb5/krb5_child.c | |
parent | 4f3a996561445ba82c854bb2b674f975f596e884 (diff) | |
download | sssd-38f251e531b1c68e70eaa98dfecaf78da5f36ccc.tar.gz sssd-38f251e531b1c68e70eaa98dfecaf78da5f36ccc.tar.xz sssd-38f251e531b1c68e70eaa98dfecaf78da5f36ccc.zip |
krb5_child: Warn if user cannot read krb5.conf
Attached patch should siplify troubleshoting of
issues with permission of krb5.conf. It's not clear from
krb5_child.log even with full debug level.
[sss_get_ccache_name_for_principal] (0x4000):
Location: [FILE:/tmp/krb5cc_12069_XXXXXX]
[sss_get_ccache_name_for_principal] (0x2000):
krb5_cc_cache_match failed: [-1765328243]
[Can't find client principal user@EXAMPLE.COM in cache collection]
[create_ccache] (0x0020): 735: [13][Permission denied]
Resolves:
https://fedorahosted.org/sssd/ticket/2931
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'src/providers/krb5/krb5_child.c')
-rw-r--r-- | src/providers/krb5/krb5_child.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 12eb9e209..fff6a0a0c 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -2576,6 +2576,29 @@ static krb5_error_code privileged_krb5_setup(struct krb5_req *kr, return 0; } +static void try_open_krb5_conf(void) +{ + int fd; + int ret; + + fd = open("/etc/krb5.conf", O_RDONLY); + if (fd != -1) { + close(fd); + } else { + ret = errno; + if (ret == EACCES || ret == EPERM) { + DEBUG(SSSDBG_CRIT_FAILURE, + "User with uid:%"SPRIuid" gid:%"SPRIgid" cannot read " + "/etc/krb5.conf. It might cause problems\n", + geteuid(), getegid()); + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "Cannot open /etc/krb5.conf [%d]: %s\n", + ret, strerror(ret)); + } + } +} + int main(int argc, const char *argv[]) { struct krb5_req *kr = NULL; @@ -2677,6 +2700,7 @@ int main(int argc, const char *argv[]) DEBUG(SSSDBG_TRACE_INTERNAL, "Running as [%"SPRIuid"][%"SPRIgid"].\n", geteuid(), getegid()); + try_open_krb5_conf(); ret = k5c_setup(kr, offline); if (ret != EOK) { |