Add support for storing credential caches in the DIR: back end

https://fedorahosted.org/sssd/ticket/974

2 files changed, 95 insertions, 17 deletions

diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
index 2ca65531..015bd39a 100644
--- a/src/tests/krb5_child-test.c
+++ b/src/tests/krb5_child-test.c
@@ -40,6 +40,7 @@
 
 extern struct dp_option default_krb5_opts[];
 extern struct sss_krb5_cc_be file_cc;
+extern struct sss_krb5_cc_be dir_cc;
 
 static krb5_context krb5_error_ctx;
 #define KRB5_DEBUG(level, krb5_error) do { \
@@ -119,8 +120,6 @@ create_dummy_krb5_ctx(TALLOC_CTX *mem_ctx, const char *realm)
     krb5_ctx = talloc_zero(mem_ctx, struct krb5_ctx);
     if (!krb5_ctx) return NULL;
 
-    krb5_ctx->cc_be = &file_cc;
-
     krb5_ctx->illegal_path_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
                                         &errval, &errstr, &errpos, NULL);
     if (krb5_ctx->illegal_path_re == NULL) {
@@ -202,10 +201,12 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
                  const char *ccname, const char *ccname_template,
                  int timeout)
 {
+    enum sss_krb5_cc_type cc_be;
     struct krb5child_req *kr;
     struct passwd *pwd;
     bool private;
     errno_t ret;
+    const char *tmpl;
 
     /* The top level child request */
     kr = talloc_zero(mem_ctx, struct krb5child_req);
@@ -237,6 +238,9 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
         ret = dp_opt_set_string(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL,
                                 ccname_template);
         if (ret != EOK) goto fail;
+        tmpl = ccname_template;
+    } else {
+        tmpl = dp_opt_get_cstring(kr->krb5_ctx->opts, KRB5_CCNAME_TMPL);
     }
 
     if (timeout) {
@@ -252,18 +256,42 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
 
         DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n",
               kr->ccname, kr->uid, kr->gid));
-
-        ret = kr->krb5_ctx->cc_be->create(kr->ccname,
-                                          kr->krb5_ctx->illegal_path_re,
-                                          kr->uid, kr->gid, private);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE, ("create_ccache_dir failed.\n"));
-        }
     } else {
         kr->ccname = talloc_strdup(kr, ccname);
     }
     if (!kr->ccname) goto fail;
 
+    cc_be = sss_krb5_get_type(kr->ccname);
+    switch (cc_be) {
+    case SSS_KRB5_TYPE_FILE:
+        kr->krb5_ctx->cc_be = &file_cc;
+        break;
+    case SSS_KRB5_TYPE_DIR:
+        kr->krb5_ctx->cc_be = &dir_cc;
+        break;
+    default:
+        if (tmpl[0] != '/') {
+            DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n"));
+            ret = EINVAL;
+            goto fail;
+        }
+        DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was "
+              "missing an explicit type, but looks like an absolute "
+              "path specifier. Assuming FILE:\n"));
+        kr->krb5_ctx->cc_be = &file_cc;
+        break;
+    }
+    DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n",
+            kr->ccname, kr->uid, kr->gid));
+
+    ret = kr->krb5_ctx->cc_be->create(kr->ccname,
+                                      kr->krb5_ctx->illegal_path_re,
+                                      kr->uid, kr->gid, private);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("create_ccache_dir failed.\n"));
+        goto fail;
+    }
+
     return kr;
 
 fail:
diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c
index 4a572488..bcd9acb1 100644
--- a/src/tests/krb5_utils-tests.c
+++ b/src/tests/krb5_utils-tests.c
@@ -329,34 +329,83 @@ START_TEST(test_illegal_patterns)
 
     filename = talloc_asprintf(tmp_ctx, "abc/./ccfile");
     fail_unless(filename != NULL, "talloc_asprintf failed.");
-    ret = cc_file_create(filename, illegal_re, uid, gid, true);
-    fail_unless(ret == EINVAL, "cc_file_create allowed relative path [%s].",
+    ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+    fail_unless(ret == EINVAL, "create_ccache_dir allowed relative path [%s].",
                                filename);
 
     filename = talloc_asprintf(tmp_ctx, "%s/abc/./ccfile", dirname);
     fail_unless(filename != NULL, "talloc_asprintf failed.");
-    ret = cc_file_create(filename, illegal_re, uid, gid, true);
-    fail_unless(ret == EINVAL, "cc_file_create allowed "
+    ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+    fail_unless(ret == EINVAL, "create_ccache_dir allowed "
                                "illegal pattern '/./' in filename [%s].",
                                filename);
 
     filename = talloc_asprintf(tmp_ctx, "%s/abc/../ccfile", dirname);
     fail_unless(filename != NULL, "talloc_asprintf failed.");
-    ret = cc_file_create(filename, illegal_re, uid, gid, true);
-    fail_unless(ret == EINVAL, "cc_file_create allowed "
+    ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+    fail_unless(ret == EINVAL, "create_ccache_dir allowed "
                                "illegal pattern '/../' in filename [%s].",
                                filename);
 
     filename = talloc_asprintf(tmp_ctx, "%s/abc//ccfile", dirname);
     fail_unless(filename != NULL, "talloc_asprintf failed.");
-    ret = cc_file_create(filename, illegal_re, uid, gid, true);
-    fail_unless(ret == EINVAL, "cc_file_create allowed "
+    ret = create_ccache_dir(filename, illegal_re, uid, gid, true);
+    fail_unless(ret == EINVAL, "create_ccache_dir allowed "
                                "illegal pattern '//' in filename [%s].",
                                filename);
 
 }
 END_TEST
 
+START_TEST(test_cc_dir_create)
+{
+    char *residual;
+    char *dirname;
+    char *cwd;
+    uid_t uid = getuid();
+    gid_t gid = getgid();
+    pcre *illegal_re;
+    errno_t ret;
+    const char *errstr;
+    int errval;
+    int errpos;
+
+    illegal_re = pcre_compile2(ILLEGAL_PATH_PATTERN, 0,
+                               &errval, &errstr, &errpos, NULL);
+    fail_unless(illegal_re != NULL, "Invalid Regular Expression pattern at "
+                                    " position %d. (Error: %d [%s])\n",
+                                    errpos, errval, errstr);
+
+    cwd = getcwd(NULL, 0);
+    fail_unless(cwd != NULL, "getcwd failed.");
+
+    dirname = talloc_asprintf(tmp_ctx, "%s/%s/user_dir",
+                              cwd, TESTS_PATH);
+    fail_unless(dirname != NULL, "talloc_asprintf failed.");
+    residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir");
+    fail_unless(residual != NULL, "talloc_asprintf failed.");
+
+    ret = cc_dir_create(residual, illegal_re, uid, gid, true);
+    fail_unless(ret == EOK, "cc_dir_create failed\n");
+    ret = rmdir(dirname);
+    fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret));
+    talloc_free(residual);
+
+    dirname = talloc_asprintf(tmp_ctx, "%s/%s/user_dir2",
+                              cwd, TESTS_PATH);
+    fail_unless(dirname != NULL, "talloc_asprintf failed.");
+    residual = talloc_asprintf(tmp_ctx, "DIR:%s/%s", dirname, "ccdir/");
+    fail_unless(residual != NULL, "talloc_asprintf failed.");
+
+    ret = cc_dir_create(residual, illegal_re, uid, gid, true);
+    fail_unless(ret == EOK, "cc_dir_create failed\n");
+    ret = rmdir(dirname);
+    fail_unless(ret == 0, "Cannot remove %s: %s\n", dirname, strerror(ret));
+    talloc_free(residual);
+    free(cwd);
+}
+END_TEST
+
 void setup_talloc_context(void)
 {
     int ret;
@@ -645,6 +694,7 @@ Suite *krb5_utils_suite (void)
     tcase_add_checked_fixture (tc_create_dir, setup_create_dir,
                                teardown_create_dir);
     tcase_add_test (tc_create_dir, test_illegal_patterns);
+    tcase_add_test (tc_create_dir, test_cc_dir_create);
     if (getuid() == 0) {
         tcase_add_test (tc_create_dir, test_priv_ccache_dir);
         tcase_add_test (tc_create_dir, test_private_ccache_dir_in_user_dir);