diff options
| author | Simo Sorce <simo@redhat.com> | 2013-08-31 22:44:06 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-09-19 23:01:22 -0400 |
| commit | f43d0bbb4bd51271b3c1b1c56c4eb680d6e00438 (patch) | |
| tree | e8d571ea65a1284e4b4bcd50378f5be66922fa19 /src/providers/krb5/krb5_utils.h | |
| parent | 85822e46c1d26204b022a8c6cdbbb0b478235754 (diff) | |
| download | sssd-ccname.tar.gz sssd-ccname.tar.xz sssd-ccname.zip | |
krb5: More correct approach to public dir expansionccname
Commit 29752834fbf3a19e4e117668abfce4e4c7c48ee4 (Add expandable sequences
to krb5_ccachedir) introduce a new behavior that tried to take in account
the fact that parent directories may need to be created as accessible to
anyone by setting them to 01777 permissions.
However the test that determines whether the path shuld be public or not
is flawed and bleeds into pure file templates with undeiserable consequences.
Theis patch corrects thi behavior by clearly returning a specific path if it
need to be made public and preserves any subdir in the template with user
private ownership.
Resolves:
https://fedorahosted.org/sssd/ticket/2071
Diffstat (limited to 'src/providers/krb5/krb5_utils.h')
| -rw-r--r-- | src/providers/krb5/krb5_utils.h | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h index 33cc6112..1a0fd080 100644 --- a/src/providers/krb5/krb5_utils.h +++ b/src/providers/krb5/krb5_utils.h @@ -42,12 +42,12 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb, const char *user, const char *upn); -errno_t create_ccache_dir(const char *dirname, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); +errno_t create_ccache_dir(const char *ccdirname, const char *pubdir, + pcre *illegal_re, uid_t uid, gid_t gid); -char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, - const char *template, bool file_mode, - bool case_sensitive, bool *private_path); +errno_t expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr, + const char *template, bool case_sensitive, + char **public_dir, char **ccname); errno_t become_user(uid_t uid, gid_t gid); struct sss_creds; @@ -57,8 +57,8 @@ errno_t switch_creds(TALLOC_CTX *mem_ctx, struct sss_creds **saved_creds); errno_t restore_creds(struct sss_creds *saved_creds); -errno_t sss_krb5_precreate_ccache(const char *ccname, pcre *illegal_re, - uid_t uid, gid_t gid, bool private_path); +errno_t sss_krb5_precreate_ccache(const char *ccname, const char *pubdir, + pcre *illegal_re, uid_t uid, gid_t gid); errno_t sss_krb5_cc_destroy(const char *ccname, uid_t uid, gid_t gid); errno_t sss_krb5_check_ccache_princ(uid_t uid, gid_t gid, const char *ccname, const char *principal); |