diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-18 20:52:43 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-18 20:33:28 +0100 |
| commit | 45aeb924ec3ac448bb8d174a5cc061ed98b147c7 (patch) | |
| tree | 3d160f153780744319df584e9024bb8023d3cf44 /src/providers/krb5/krb5_child.c | |
| parent | 476b78b3f66abc7a0f805154ea1a29f54628224a (diff) | |
| download | sssd-45aeb924ec3ac448bb8d174a5cc061ed98b147c7.tar.gz sssd-45aeb924ec3ac448bb8d174a5cc061ed98b147c7.tar.xz sssd-45aeb924ec3ac448bb8d174a5cc061ed98b147c7.zip | |
KRB5: Move ccache-related functions to krb5_ccache.c
Add a new module krb5_ccache.c that contains all ccache-related
operations. The only user of this module shall be krb5_child.c as the
other modules will run unprivileged and accessing the ccache requires
either privileges of root or the ccache owner.
Related:
https://fedorahosted.org/sssd/ticket/2370
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/providers/krb5/krb5_child.c')
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index b0bf76fb3..7fa5f0c34 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1885,6 +1885,7 @@ static int k5c_setup(struct krb5_req *kr, uint32_t offline) /* If krb5_child was started as setuid, but we don't need to * perform either validation or FAST, just drop privileges to * the user who is logging in. The same applies to the offline case + * the user who is logging in. The same applies to the offline case. */ kerr = become_user(kr->uid, kr->gid); if (kerr != 0) { |