From 9696ce0c9ff737c873ddbf54fab91355d71e8698 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Wed, 29 Apr 2015 06:03:04 -0400 Subject: krb5: remove field run_as_user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit run_as_user is set set but never read. Reviewed-by: Lukáš Slebodník --- src/providers/krb5/krb5_auth.c | 14 -------------- src/providers/krb5/krb5_auth.h | 1 - 2 files changed, 15 deletions(-) (limited to 'src') diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 91989df4..148b08fd 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -186,7 +186,6 @@ errno_t krb5_setup(TALLOC_CTX *mem_ctx, struct pam_data *pd, return ENOMEM; } kr->is_offline = false; - kr->run_as_user = true; talloc_set_destructor((TALLOC_CTX *) kr, krb5_cleanup); kr->pd = pd; @@ -699,19 +698,6 @@ static void krb5_auth_resolve_done(struct tevent_req *subreq) kr->is_offline = be_is_offline(state->be_ctx); } - /* We need to keep the root privileges to read the keytab file if - * validation or FAST is enabled, otherwise we can drop them and run - * krb5_child with user privileges. - * If we are offline we want to create an empty ccache file. In this - * case we can drop the privileges, too. */ - if ((dp_opt_get_bool(kr->krb5_ctx->opts, KRB5_VALIDATE) || - kr->krb5_ctx->use_fast) && - (!kr->is_offline)) { - kr->run_as_user = false; - } else { - kr->run_as_user = true; - } - subreq = handle_child_send(state, state->ev, kr); if (subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "handle_child_send failed.\n"); diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h index 00cb658c..c9325291 100644 --- a/src/providers/krb5/krb5_auth.h +++ b/src/providers/krb5/krb5_auth.h @@ -53,7 +53,6 @@ struct krb5child_req { struct fo_server *kpasswd_srv; bool active_ccache; bool valid_tgt; - bool run_as_user; bool upn_from_different_realm; bool send_pac; }; -- cgit