rpms/sssd
5
0
Fork 0
Code Issues Pull Requests Releases Activity
8d72fcd900
sssd/0010-krb5-Remove-unused-ccache-backend-infrastructure.patch
Jakub Hrozek 8d72fcd900 Backport simplification of ccache management from 1.11.1 
- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
2013-09-23 14:45:29 +02:00

338 lines
12 KiB
Diff
Raw Blame History

From d20a5a74666413cadbf64c02eb656a5a3b4bb1de Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 30 Aug 2013 20:11:42 -0400
Subject: [PATCH 10/14] krb5: Remove unused ccache backend infrastructure
Remove struct sss_krb5_cc_be and the remaining functions that reference
it as they are all unused now.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
---
src/providers/krb5/krb5_auth.c | 26 -----------------
src/providers/krb5/krb5_auth.h | 1 -
src/providers/krb5/krb5_common.c | 54 ++++++++++--------------------------
src/providers/krb5/krb5_common.h | 2 --
src/providers/krb5/krb5_utils.c | 60 ----------------------------------------
src/providers/krb5/krb5_utils.h | 17 ------------
src/tests/krb5_child-test.c | 23 ---------------
7 files changed, 15 insertions(+), 168 deletions(-)
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index d2c53f98c04cda01c2a8e0efe038f5cd5fa82839..1585f709655853827f2778010452a58657add5d0 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -324,15 +324,6 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
return ENOMEM;
}
- if (kr->cc_be == NULL) {
- kr->cc_be = get_cc_be_ops_ccache(kr->ccname);
- }
- if (kr->cc_be == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("Cannot get operations on new ccache %s\n", kr->ccname));
- return EINVAL;
- }
-
ret = sss_krb5_precreate_ccache(kr->ccname,
kr->krb5_ctx->illegal_path_re,
kr->uid, kr->gid, private_path);
@@ -340,19 +331,6 @@ static errno_t krb5_auth_prepare_ccache_name(struct krb5child_req *kr,
DEBUG(SSSDBG_OP_FAILURE, ("ccache creation failed.\n"));
return ret;
}
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE,
- ("Saved ccache %s if of different type than ccache in "
- "configuration file, reusing the old ccache\n",
- kr->old_ccname));
-
- kr->cc_be = get_cc_be_ops_ccache(kr->old_ccname);
- if (kr->cc_be == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("Cannot get operations on saved ccache %s\n",
- kr->old_ccname));
- return EINVAL;
- }
}
return EOK;
@@ -614,10 +592,6 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx,
goto done;
}
- /* The type of the ccache might change during the request if we
- * end up reusing an old ccache */
- kr->cc_be = krb5_ctx->cc_be;
-
ccache_file = ldb_msg_find_attr_as_string(res->msgs[0],
SYSDB_CCACHE_FILE,
NULL);
diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h
index d31925dae6187b3c839e32502fd349e4d64deb32..022dc9b7645f18d01a8a334371e178aa470d92a1 100644
--- a/src/providers/krb5/krb5_auth.h
+++ b/src/providers/krb5/krb5_auth.h
@@ -41,7 +41,6 @@ struct krb5child_req {
struct pam_data *pd;
struct krb5_ctx *krb5_ctx;
- struct sss_krb5_cc_be *cc_be;
const char *ccname;
const char *old_ccname;
const char *homedir;
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index de7ae0a8fe345c38f9458fb9642a5c1b83c906f5..dedb734fc397d3df3eb7717b19c56051fb2243bb 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -167,7 +167,6 @@ errno_t check_and_export_options(struct dp_option *opts,
const char *dummy;
char *use_fast_str;
char *fast_principal;
- enum sss_krb5_cc_type cc_be;
char *ccname;
tmp_ctx = talloc_new(NULL);
@@ -291,53 +290,30 @@ errno_t check_and_export_options(struct dp_option *opts,
}
}
- cc_be = sss_krb5_get_type(ccname);
- switch (cc_be) {
- case SSS_KRB5_TYPE_FILE:
+ if ((ccname[0] == '/') || (strncmp(ccname, "FILE:", 5) == 0)) {
DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type FILE\n"));
/* warn if the file type (which is usally created in a sticky bit
* laden directory) does not have randomizing chracters */
sss_check_cc_template(ccname);
- krb5_ctx->cc_be = &file_cc;
- if (ccname[0] != '/') {
- /* FILE:/path/to/cc */
- break;
- }
-
- DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was "
+ if (ccname[0] == '/') {
+ /* /path/to/cc prepend FILE: */
+ DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was "
"missing an explicit type, but is an absolute "
"path specifier. Assuming FILE:\n"));
- ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname);
- if (!ccname) {
- ret = ENOMEM;
- goto done;
+ ccname = talloc_asprintf(tmp_ctx, "FILE:%s", ccname);
+ if (!ccname) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n"));
+ goto done;
+ }
}
-
- ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, ccname);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n"));
- goto done;
- }
- break;
-
-#ifdef HAVE_KRB5_CC_COLLECTION
- case SSS_KRB5_TYPE_DIR:
- DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type DIR\n"));
- krb5_ctx->cc_be = &dir_cc;
- break;
-
- case SSS_KRB5_TYPE_KEYRING:
- DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type KEYRING\n"));
- krb5_ctx->cc_be = &keyring_cc;
- break;
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
- default:
- DEBUG(SSSDBG_OP_FAILURE, ("Unknown ccname database\n"));
- ret = EINVAL;
- goto done;
}
ret = EOK;
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index e56bd496e04a7a5c8776a34648aabe0f2d73a3b9..eac0d6b1f0c0fec4a107a7b830d8b0c927f4fe42 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -89,7 +89,6 @@ struct krb5_service {
struct fo_service;
struct deferred_auth_ctx;
struct renew_tgt_ctx;
-struct sss_krb5_cc_be;
enum krb5_config_type {
K5C_GENERIC,
@@ -127,7 +126,6 @@ struct krb5_ctx {
struct krb5_service *kpasswd_service;
int child_debug_fd;
- struct sss_krb5_cc_be *cc_be;
pcre *illegal_path_re;
struct deferred_auth_ctx *deferred_auth_ctx;
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 83e61e14ecc116b9556231c5d8a0f55b63260c77..d0ccd2d7e03bcabe07113b5abb43d9119b35321c 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -1039,66 +1039,6 @@ done:
}
-/*======== ccache back end utilities ========*/
-struct sss_krb5_cc_be *
-get_cc_be_ops(enum sss_krb5_cc_type type)
-{
- struct sss_krb5_cc_be *be = NULL;
-
- switch (type) {
- case SSS_KRB5_TYPE_FILE:
- be = &file_cc;
- break;
-
-#ifdef HAVE_KRB5_CC_COLLECTION
- case SSS_KRB5_TYPE_DIR:
- be = &dir_cc;
- break;
-
- case SSS_KRB5_TYPE_KEYRING:
- be = &keyring_cc;
- break;
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
- case SSS_KRB5_TYPE_UNKNOWN:
- be = NULL;
- break;
- }
-
- return be;
-}
-
-struct sss_krb5_cc_be *
-get_cc_be_ops_ccache(const char *ccache)
-{
- enum sss_krb5_cc_type type;
-
- type = sss_krb5_get_type(ccache);
- return get_cc_be_ops(type);
-}
-
-/*======== Operations on the FILE: back end ========*/
-
-struct sss_krb5_cc_be file_cc = {
- .type = SSS_KRB5_TYPE_FILE,
-};
-
-#ifdef HAVE_KRB5_CC_COLLECTION
-/*======== Operations on the DIR: back end ========*/
-
-struct sss_krb5_cc_be dir_cc = {
- .type = SSS_KRB5_TYPE_DIR,
-};
-
-
-/*======== Operations on the KEYRING: back end ========*/
-
-struct sss_krb5_cc_be keyring_cc = {
- .type = SSS_KRB5_TYPE_KEYRING,
-};
-
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
errno_t get_domain_or_subdomain(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx,
char *domain_name,
struct sss_domain_info **dom)
diff --git a/src/providers/krb5/krb5_utils.h b/src/providers/krb5/krb5_utils.h
index 5f720335aab1ac6e493843ac197c5af881a9b998..e41309e765b58f7cd2567f1d13fea30d093fd344 100644
--- a/src/providers/krb5/krb5_utils.h
+++ b/src/providers/krb5/krb5_utils.h
@@ -42,19 +42,9 @@ errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb,
const char *user,
const char *upn);
-/* A ccache back end */
-struct sss_krb5_cc_be {
- enum sss_krb5_cc_type type;
-};
-
-extern struct sss_krb5_cc_be file_cc;
-
errno_t create_ccache_dir(const char *dirname, pcre *illegal_re,
uid_t uid, gid_t gid, bool private_path);
-struct sss_krb5_cc_be *get_cc_be_ops(enum sss_krb5_cc_type type);
-struct sss_krb5_cc_be *get_cc_be_ops_ccache(const char *ccache);
-
char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
const char *template, bool file_mode,
bool case_sensitive, bool *private_path);
@@ -78,13 +68,6 @@ errno_t sss_krb5_cc_verify_ccache(const char *ccname, uid_t uid, gid_t gid,
errno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
struct tgt_times *tgtt);
-#ifdef HAVE_KRB5_CC_COLLECTION
-
-extern struct sss_krb5_cc_be dir_cc;
-extern struct sss_krb5_cc_be keyring_cc;
-
-#endif /* HAVE_KRB5_CC_COLLECTION */
-
errno_t get_domain_or_subdomain(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx,
char *domain_name,
diff --git a/src/tests/krb5_child-test.c b/src/tests/krb5_child-test.c
index 5ea30014f9c8f748e85506627b7f40d72b913b1b..c32ccc318e9826d598bb29a766ed1839fd9bf066 100644
--- a/src/tests/krb5_child-test.c
+++ b/src/tests/krb5_child-test.c
@@ -196,7 +196,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
const char *ccname, const char *ccname_template,
int timeout)
{
- enum sss_krb5_cc_type cc_be;
struct krb5child_req *kr;
struct passwd *pwd;
bool private = false;
@@ -262,28 +261,6 @@ create_dummy_req(TALLOC_CTX *mem_ctx, const char *user,
}
if (!kr->ccname) goto fail;
- cc_be = sss_krb5_get_type(kr->ccname);
- switch (cc_be) {
- case SSS_KRB5_TYPE_FILE:
- kr->krb5_ctx->cc_be = &file_cc;
- break;
-#ifdef HAVE_KRB5_CC_COLLECTION
- case SSS_KRB5_TYPE_DIR:
- kr->krb5_ctx->cc_be = &dir_cc;
- break;
-#endif /* HAVE_KRB5_CC_COLLECTION */
- default:
- if (tmpl[0] != '/') {
- DEBUG(SSSDBG_OP_FAILURE, ("Unkown ccname database\n"));
- ret = EINVAL;
- goto fail;
- }
- DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was "
- "missing an explicit type, but looks like an absolute "
- "path specifier. Assuming FILE:\n"));
- kr->krb5_ctx->cc_be = &file_cc;
- break;
- }
DEBUG(SSSDBG_FUNC_DATA, ("ccname [%s] uid [%llu] gid [%llu]\n",
kr->ccname, kr->uid, kr->gid));
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink