summaryrefslogtreecommitdiffstats
path: root/0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch
diff options
context:
space:
mode:
Diffstat (limited to '0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch')
-rw-r--r--0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch230
1 files changed, 0 insertions, 230 deletions
diff --git a/0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch b/0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch
deleted file mode 100644
index ac7baa1..0000000
--- a/0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch
+++ /dev/null
@@ -1,230 +0,0 @@
-From 74e775ac6d937c9d22be4fc1d429e5e62705fb7d Mon Sep 17 00:00:00 2001
-From: Nalin Dahyabhai <nalin@redhat.com>
-Date: Thu, 24 Jul 2014 15:39:53 -0400
-Subject: [PATCH 1/7] In ksu, merge krb5_ccache_copy() and _restricted()
-
-Other than whether or not they limit the creds it stores to the new
-ccache based on the principal name of the client for whom the creds were
-issued, there's no meaningful difference between what these two
-functions do. Merge them.
----
- src/clients/ksu/ccache.c | 106 ++++++-----------------------------------------
- src/clients/ksu/ksu.h | 6 +--
- src/clients/ksu/main.c | 27 ++++--------
- 3 files changed, 22 insertions(+), 117 deletions(-)
-
-diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c
-index 9916c75..118fc53 100644
---- a/src/clients/ksu/ccache.c
-+++ b/src/clients/ksu/ccache.c
-@@ -47,12 +47,14 @@ void show_credential();
- */
-
- krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag,
-- primary_principal, cc_out, stored, target_uid)
-+ primary_principal, restrict_creds, cc_out,
-+ stored, target_uid)
- /* IN */
- krb5_context context;
- krb5_ccache cc_def;
- char *cc_other_tag;
- krb5_principal primary_principal;
-+ krb5_boolean restrict_creds;
- uid_t target_uid;
- /* OUT */
- krb5_ccache *cc_out;
-@@ -83,9 +85,6 @@ krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag,
- }
- }
-
-- *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr,
-- primary_principal);
--
- if (!lstat( cc_other_name, &st_temp))
- return EINVAL;
-
-@@ -98,8 +97,16 @@ krb5_error_code krb5_ccache_copy (context, cc_def, cc_other_tag,
- return retval;
- }
-
-- retval = krb5_store_all_creds(context, * cc_other, cc_def_creds_arr,
-- cc_other_creds_arr);
-+ if (restrict_creds) {
-+ retval = krb5_store_some_creds(context, *cc_other, cc_def_creds_arr,
-+ cc_other_creds_arr, primary_principal,
-+ stored);
-+ } else {
-+ *stored = krb5_find_princ_in_cred_list(context, cc_def_creds_arr,
-+ primary_principal);
-+ retval = krb5_store_all_creds(context, *cc_other, cc_def_creds_arr,
-+ cc_other_creds_arr);
-+ }
-
- if (cc_def_creds_arr){
- while (cc_def_creds_arr[i]){
-@@ -623,93 +630,6 @@ krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst,
- *stored = temp_stored;
- return 0;
- }
--/******************************************************************
--krb5_cache_copy_restricted
--
--gets rid of any expired tickets in the secondary cache,
--copies the default cache into the secondary cache,
--only credentials that are for prst are copied.
--
--the algorithm may look a bit funny,
--but I had to do it this way, since cc_remove function did not come
--with k5 beta 3 release.
--************************************************************************/
--
--krb5_error_code krb5_ccache_copy_restricted (context, cc_def, cc_other_tag,
-- prst, cc_out, stored, target_uid)
-- krb5_context context;
-- krb5_ccache cc_def;
-- char *cc_other_tag;
-- krb5_principal prst;
-- uid_t target_uid;
-- /* OUT */
-- krb5_ccache *cc_out;
-- krb5_boolean *stored;
--{
--
-- int i=0;
-- krb5_ccache * cc_other;
-- const char * cc_def_name;
-- const char * cc_other_name;
-- krb5_error_code retval=0;
-- krb5_creds ** cc_def_creds_arr = NULL;
-- krb5_creds ** cc_other_creds_arr = NULL;
-- struct stat st_temp;
--
-- cc_other = (krb5_ccache *) xcalloc(1, sizeof (krb5_ccache));
--
-- if ((retval = krb5_cc_resolve(context, cc_other_tag, cc_other))){
-- com_err(prog_name, retval, _("resolving ccache %s"), cc_other_tag);
-- return retval;
-- }
--
-- cc_def_name = krb5_cc_get_name(context, cc_def);
-- cc_other_name = krb5_cc_get_name(context, *cc_other);
--
-- if ( ! stat(cc_def_name, &st_temp)){
-- if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
-- return retval;
-- }
--
-- }
--
-- if (!lstat( cc_other_name, &st_temp)) {
-- return EINVAL;
-- }
--
-- if (krb5_seteuid(0)||krb5_seteuid(target_uid)) {
-- return errno;
-- }
--
--
-- if ((retval = krb5_cc_initialize(context, *cc_other, prst))){
-- return retval;
-- }
--
-- retval = krb5_store_some_creds(context, * cc_other,
-- cc_def_creds_arr, cc_other_creds_arr, prst, stored);
--
--
--
-- if (cc_def_creds_arr){
-- while (cc_def_creds_arr[i]){
-- krb5_free_creds(context, cc_def_creds_arr[i]);
-- i++;
-- }
-- }
--
-- i=0;
--
-- if(cc_other_creds_arr){
-- while (cc_other_creds_arr[i]){
-- krb5_free_creds(context, cc_other_creds_arr[i]);
-- i++;
-- }
-- }
--
-- *cc_out = *cc_other;
-- return retval;
--}
-
- krb5_error_code krb5_ccache_filter (context, cc, prst)
- krb5_context context;
-diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h
-index f2c0811..9e0c613 100644
---- a/src/clients/ksu/ksu.h
-+++ b/src/clients/ksu/ksu.h
-@@ -107,7 +107,7 @@ extern krb5_error_code get_best_principal
- /* ccache.c */
- extern krb5_error_code krb5_ccache_copy
- (krb5_context, krb5_ccache, char *, krb5_principal,
-- krb5_ccache *, krb5_boolean *, uid_t);
-+ krb5_boolean, krb5_ccache *, krb5_boolean *, uid_t);
-
- extern krb5_error_code krb5_store_all_creds
- (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **);
-@@ -141,10 +141,6 @@ extern krb5_error_code krb5_store_some_creds
- (krb5_context, krb5_ccache, krb5_creds **, krb5_creds **,
- krb5_principal, krb5_boolean *);
-
--extern krb5_error_code krb5_ccache_copy_restricted
--(krb5_context, krb5_ccache, char *, krb5_principal,
-- krb5_ccache *, krb5_boolean *, uid_t);
--
- extern krb5_error_code krb5_ccache_refresh
- (krb5_context, krb5_ccache);
-
-diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
-index 233eb52..62f3bc0 100644
---- a/src/clients/ksu/main.c
-+++ b/src/clients/ksu/main.c
-@@ -117,6 +117,7 @@ main (argc, argv)
- krb5_principal kdc_server;
- krb5_boolean zero_password;
- char * dir_of_cc_target;
-+ krb5_boolean restrict_creds;
-
- options.opt = KRB5_DEFAULT_OPTIONS;
- options.lifetime = KRB5_DEFAULT_TKT_LIFE;
-@@ -464,25 +465,13 @@ main (argc, argv)
- then only the credentials for that particular user
- should be copied */
-
-- if ((source_uid == 0) && (target_uid != 0)) {
--
-- if ((retval = krb5_ccache_copy_restricted(ksu_context, cc_source,
-- cc_target_tag, client,
-- &cc_target, &stored,
-- target_uid))){
-- com_err(prog_name, retval, _("while copying cache %s to %s"),
-- krb5_cc_get_name(ksu_context, cc_source), cc_target_tag);
-- exit(1);
-- }
--
-- } else {
-- if ((retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag,
-- client,&cc_target, &stored, target_uid))) {
-- com_err(prog_name, retval, _("while copying cache %s to %s"),
-- krb5_cc_get_name(ksu_context, cc_source), cc_target_tag);
-- exit(1);
-- }
--
-+ restrict_creds = (source_uid == 0) && (target_uid != 0);
-+ retval = krb5_ccache_copy(ksu_context, cc_source, cc_target_tag, client,
-+ restrict_creds, &cc_target, &stored, target_uid);
-+ if (retval) {
-+ com_err(prog_name, retval, _("while copying cache %s to %s"),
-+ krb5_cc_get_name(ksu_context, cc_source), cc_target_tag);
-+ exit(1);
- }
-
- /* Become root for authentication*/
---
-2.0.4
-
generated by cgit (git 2.34.1) at 2024-05-19 14:58:34 +0000