rpms / krb5

Clone
Source Code
GIT

Blame SOURCES/0004-Try-to-use-the-default_ccache_name-d-as-the-target.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   7d335d374b3c91c4d55cd940ba5d3f750458b610
  2.   SOURCES
  3.   0004-Try-to-use-the-default_ccache_name-d-as-the-target.patch
Blob History Raw
7d335d 
From d0a3250bd384b5dd524f102f97c9c1edc1fe00fb Mon Sep 17 00:00:00 2001
5af5b2 
From: Nalin Dahyabhai <nalin@dahyabhai.net>
5af5b2 
Date: Wed, 30 Oct 2013 21:47:14 -0400
5af5b2 
Subject: [PATCH 4/6] Try to use the default_ccache_name'd as the target
5af5b2
5af5b2 
Try to use the location named by the default_ccache_name setting as the
5af5b2 
target cache.  If it's a collection, just create or update a subsidiary
5af5b2 
cache.  If it's not, then fall back to creating a new cache to try to
5af5b2 
avoid destroying the contents of one that might already be there.  We
5af5b2 
can't really detect this in advance for KEYRING: caches, though.
5af5b2 
---
5af5b2 
 src/clients/ksu/ksu.h  |  2 +-
5af5b2 
 src/clients/ksu/main.c | 91 ++++++++++++++++++++++++++++++++++++--------------
5af5b2 
 2 files changed, 67 insertions(+), 26 deletions(-)
5af5b2
5af5b2 
diff --git a/src/clients/ksu/ksu.h b/src/clients/ksu/ksu.h
5af5b2 
index a889fb9..a195f52 100644
5af5b2 
--- a/src/clients/ksu/ksu.h
5af5b2 
+++ b/src/clients/ksu/ksu.h
5af5b2 
@@ -44,7 +44,7 @@
5af5b2 
 #define KRB5_DEFAULT_OPTIONS 0
5af5b2 
 #define KRB5_DEFAULT_TKT_LIFE 60*60*12 /* 12 hours */
5af5b2
5af5b2 
-#define KRB5_SECONDARY_CACHE "FILE:/tmp/krb5cc_"
5af5b2 
+#define KRB5_DEFAULT_SECONDARY_CACHE "FILE:/tmp/krb5cc_%{uid}"
5af5b2 
 #define KRB5_TEMPORARY_CACHE "MEMORY:_ksu"
5af5b2
5af5b2 
 #define KRB5_LOGIN_NAME ".k5login"
5af5b2 
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
5af5b2 
index 7497a2b..58df6a1 100644
5af5b2 
--- a/src/clients/ksu/main.c
5af5b2 
+++ b/src/clients/ksu/main.c
5af5b2 
@@ -90,7 +90,10 @@ main (argc, argv)
5af5b2 
     krb5_ccache cc_tmp = NULL, cc_target = NULL;
5af5b2 
     krb5_context ksu_context;
5af5b2 
     char * cc_target_tag = NULL;
5af5b2 
+    char * cc_target_tag_conf;
5af5b2 
+    krb5_boolean cc_target_switchable;
5af5b2 
     char * target_user = NULL;
5af5b2 
+    char * target_user_uid_str;
5af5b2 
     char * source_user;
5af5b2
5af5b2 
     krb5_ccache cc_source = NULL;
5af5b2 
@@ -116,7 +119,6 @@ main (argc, argv)
5af5b2 
     krb5_boolean stored = FALSE;
5af5b2 
     krb5_principal  kdc_server;
5af5b2 
     krb5_boolean zero_password;
5af5b2 
-    char * dir_of_cc_target;
5af5b2
5af5b2 
     options.opt = KRB5_DEFAULT_OPTIONS;
5af5b2 
     options.lifetime = KRB5_DEFAULT_TKT_LIFE;
5af5b2 
@@ -420,31 +422,70 @@ main (argc, argv)
5af5b2 
     }
5af5b2
5af5b2 
     if (cc_target_tag == NULL) {
5af5b2 
-
5af5b2 
         cc_target_tag = (char *)xcalloc(KRB5_SEC_BUFFSIZE ,sizeof(char));
5af5b2 
-        /* make sure that the new ticket file does not already exist
5af5b2 
-           This is run as source_uid because it is reasonable to
5af5b2 
-           require the source user to have write to where the target
5af5b2 
-           cache will be created.*/
5af5b2 
-
5af5b2 
-        do {
5af5b2 
-            snprintf(cc_target_tag, KRB5_SEC_BUFFSIZE, "%s%ld.%d",
5af5b2 
-                     KRB5_SECONDARY_CACHE,
5af5b2 
-                     (long) target_uid, gen_sym());
5af5b2 
-            cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1;
5af5b2 
-
5af5b2 
-        } while (krb5_ccache_name_is_initialized(ksu_context,
5af5b2 
-                                                 cc_target_tag));
5af5b2 
-    }
5af5b2 
-
5af5b2 
-
5af5b2 
-    dir_of_cc_target = get_dir_of_file(cc_target_tag_tmp);
5af5b2 
-
5af5b2 
-    if (access(dir_of_cc_target, R_OK | W_OK )){
5af5b2 
-        fprintf(stderr,
5af5b2 
-                _("%s does not have correct permissions for %s\n"),
5af5b2 
-                source_user, cc_target_tag);
5af5b2 
-        exit(1);
5af5b2 
+        if (cc_target_tag == NULL) {
5af5b2 
+            com_err(prog_name, retval , _("while allocating memory for the "
5af5b2 
+                                          "target ccache name"));
5af5b2 
+            exit(1);
5af5b2 
+        }
5af5b2 
+        /* Read the configured value. */
5af5b2 
+        if (profile_get_string(ksu_context->profile, KRB5_CONF_LIBDEFAULTS,
5af5b2 
+                               KRB5_CONF_DEFAULT_CCACHE_NAME, NULL,
5af5b2 
+                               KRB5_DEFAULT_SECONDARY_CACHE,
5af5b2 
+                               &cc_target_tag_conf)) {
5af5b2 
+            com_err(prog_name, retval , _("while allocating memory for the "
5af5b2 
+                                          "target ccache name"));
5af5b2 
+            exit(1);
5af5b2 
+        }
5af5b2 
+        /* Prepend "FILE:" if a cctype wasn't specified in the config. */
5af5b2 
+        if (strchr(cc_target_tag_conf, ':')) {
5af5b2 
+            cc_target_tag_tmp = strdup(cc_target_tag_conf);
5af5b2 
+        } else {
5af5b2 
+            if (asprintf(&cc_target_tag_tmp, "FILE:%s",
5af5b2 
+                         cc_target_tag_conf) < 0)
5af5b2 
+                cc_target_tag_tmp = NULL;
5af5b2 
+        }
5af5b2 
+        profile_release_string(cc_target_tag_conf);
5af5b2 
+        if (cc_target_tag_tmp == NULL) {
5af5b2 
+            com_err(prog_name, retval , _("while allocating memory for the "
5af5b2 
+                                          "target ccache name"));
5af5b2 
+            exit(1);
5af5b2 
+        }
5af5b2 
+        /* Resolve parameters in the configured value for the target user. */
5af5b2 
+        if (asprintf(&target_user_uid_str, "%lu",
5af5b2 
+                     (unsigned long)target_uid) < 0) {
5af5b2 
+            com_err(prog_name, retval , _("while allocating memory for the "
5af5b2 
+                                          "target ccache name"));
5af5b2 
+            exit(1);
5af5b2 
+        }
5af5b2 
+        if (k5_expand_path_tokens_extra(ksu_context,
5af5b2 
+                                        cc_target_tag_tmp, &cc_target_tag_conf,
5af5b2 
+                                        "euid", target_user_uid_str,
5af5b2 
+                                        "uid", target_user_uid_str,
5af5b2 
+                                        "USERID", target_user_uid_str,
5af5b2 
+                                        "username", target_user,
5af5b2 
+                                        NULL) != 0) {
5af5b2 
+            com_err(prog_name, retval , _("while allocating memory for the "
5af5b2 
+                                          "target ccache name"));
5af5b2 
+            exit(1);
5af5b2 
+        }
5af5b2 
+        cc_target_tag_tmp[strcspn(cc_target_tag_tmp, ":")] = '\0';
5af5b2 
+        cc_target_switchable = krb5_cc_support_switch(ksu_context,
5af5b2 
+                                                      cc_target_tag_tmp);
5af5b2 
+        free(cc_target_tag_tmp);
5af5b2 
+        /* Try to avoid destroying a target ccache. */
5af5b2 
+        if (cc_target_switchable) {
5af5b2 
+            snprintf(cc_target_tag, KRB5_SEC_BUFFSIZE, "%s",
5af5b2 
+                     cc_target_tag_conf);
5af5b2 
+        } else {
5af5b2 
+            do {
5af5b2 
+                snprintf(cc_target_tag, KRB5_SEC_BUFFSIZE, "%s.%d",
5af5b2 
+                         cc_target_tag_conf, gen_sym());
5af5b2 
+            } while (krb5_ccache_name_is_initialized(ksu_context,
5af5b2 
+                                                     cc_target_tag));
5af5b2 
+        }
5af5b2 
+        cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1;
5af5b2 
+        krb5_free_string(ksu_context, cc_target_tag_conf);
5af5b2 
     }
5af5b2
5af5b2 
     if (auth_debug){
5af5b2 
--
5af5b2 
1.8.4.2
5af5b2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation