Re: [SSSD] [PATCH] ccache: recreate ccache if it was deleted

Wed, 30 Jan 2013 03:13:15 -0800 

On 01/29/2013 03:55 PM, Pavel Březina wrote:

ccache: recreate ccache if it was deleted

https://fedorahosted.org/sssd/ticket/1512


Self nack.

The previous version would recreate the ccache everytime, because
kr->old_ccname is in TYPE:RESIDUAL format. I switched to
krb5_cc_resolve().

New patch is attached.

From 49ffade69b0f0e80b71afa8b397d01b98d6df727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Wed, 30 Jan 2013 11:05:16 +0100
Subject: [PATCH] krb: recreate ccache if it was deleted

https://fedorahosted.org/sssd/ticket/1512
---
 src/providers/krb5/krb5_auth.c | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 0b56f3a5a377518d648faeb6fa261608ae9a1c40..9fe23d9e28a0aa5f05df31faa774a94598a246a6 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -316,12 +316,42 @@ static errno_t krb5_auth_prepare_ccache_file(struct krb5child_req *kr,
 {
     const char *ccname_template;
     bool private_path = false;
+    krb5_error_code kerr = 0;
+    krb5_context kctx = NULL;
+    krb5_ccache tmp_cc = NULL;
+    bool old_ccache_exist = false;
     errno_t ret;
 
     if (!kr->is_offline) {
         kr->is_offline = be_is_offline(be_ctx);
     }
 
+    if (kr->old_ccname != NULL) {
+        /* if the old ccache does not exist anymore, we have to recreate it */
+        kerr = krb5_init_context(&kctx);
+        if (kerr != 0) {
+            DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_init_context() failed.\n"));
+            return EIO;
+        }
+
+        kerr = krb5_cc_resolve(kctx, kr->old_ccname, &tmp_cc);
+        if (kerr != KRB5_FCC_NOFILE) {
+            old_ccache_exist = true;
+        } else {
+            DEBUG(SSSDBG_TRACE_FUNC, ("Saved ccache %s is missing, "
+                                      "recreating ccache\n", kr->old_ccname));
+            old_ccache_exist = false;
+        }
+
+        /* we don't know how to handle other errors here,
+         * we will fail in krb5_child */
+
+        if (tmp_cc != NULL) {
+            krb5_cc_destroy(kctx, tmp_cc);
+        }
+        krb5_free_context(kctx);
+    }
+
     /* The ccache file should be (re)created if one of the following conditions
      * is true:
      * - it doesn't exist (kr->ccname == NULL)
@@ -335,7 +365,8 @@ static errno_t krb5_auth_prepare_ccache_file(struct krb5child_req *kr,
      */
     if (kr->ccname == NULL ||
         (kr->is_offline && !kr->active_ccache && !kr->valid_tgt) ||
-        (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)) {
+        (!kr->is_offline && !kr->active_ccache && kr->pd->cmd != SSS_CMD_RENEW)
+        || !old_ccache_exist) {
             DEBUG(9, ("Recreating  ccache file.\n"));
             ccname_template = dp_opt_get_cstring(kr->krb5_ctx->opts,
                                                  KRB5_CCNAME_TMPL);
-- 
1.7.11.7


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to