On Thu, Nov 19, 2009 at 02:31:36PM +0100, Sumit Bose wrote:
Hi,
this patch improves the handling of ccache files. It addresses two
issues already discussed on the list.
When randomized ccache file are used (or the client process id is used
in the name of the ccache file) each authentication of the user created
a new ccache file. This patch saves the name of the ccache in sysdb and
reuses the saved file name if the user has running processes on the
system. So a single user only has one active ccache file.
If the authentication happens when the system is offline the kerberos
related environment variables were not sent to the client. If a later
authentication happens online the old session still cannot see the
ccache file with the valid credentials. This patch send the environment
variables bach to the client even when offline.
bye,
Sumit
Stephen found a compilation issue. The attached version should fix it.
bye,
Sumit
From d3e45ae1df2bea9b63e5c94900bc3b82affe01f9 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Mon, 9 Nov 2009 21:54:06 +0100
Subject: [PATCH] Improve handling of ccache files
- save current ccache file to sysdb
- use the saved ccache file if the user has running processes
- create an empty ccache if offline
- return enviroment variables if offline
---
server/Makefile.am | 30 ++-
server/db/sysdb.h |1 +
server/providers/krb5/krb5_auth.c | 546 +---
server/providers/krb5/krb5_auth.h |3 +-
server/providers/krb5/krb5_child.c | 250 ++---
server/tests/find_uid-tests.c | 124
server/util/find_uid.c | 297
server/util/find_uid.h | 36 +++
8 files changed, 1081 insertions(+), 206 deletions(-)
create mode 100644 server/tests/find_uid-tests.c
create mode 100644 server/util/find_uid.c
create mode 100644 server/util/find_uid.h
diff --git a/server/Makefile.am b/server/Makefile.am
index 196486a..b792836 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -68,10 +68,11 @@ if HAVE_CHECK
resolv-tests \
krb5-utils-tests \
check_and_open-tests \
- ipa_timerules-tests \
+ipa_timerules-tests \
files-tests \
refcount-tests \
-fail_over-tests
+fail_over-tests \
+find_uid-tests
endif
check_PROGRAMS = \
@@ -132,7 +133,7 @@ INI_CFG_LIBS = \
DHASH_CFLAGS = \
-I$(srcdir)/../common/dhash
DHASH_LIBS = \
--L$(builddir)/../common/dhash/.libs/ \
+-L$(builddir)/../common/dhash/ \
-ldhash
AM_CPPFLAGS = -Wall \
@@ -266,6 +267,7 @@ dist_noinst_HEADERS = \
util/sss_ldap.h \
util/sss_krb5.h \
util/refcount.h \
+util/find_uid.h \
config.h \
monitor/monitor.h \
monitor/monitor_interfaces.h \
@@ -518,6 +520,20 @@ ipa_timerules_tests_LDADD = \
$(TALLOC_LIBS) \
$(CHECK_LIBS)
+find_uid_tests_SOURCES = \
+tests/find_uid-tests.c \
+util/find_uid.c \
+$(SSSD_DEBUG_OBJ)
+find_uid_tests_CFLAGS = \
+$(AM_CFLAGS) \
+$(TALLOC_CFLAGS) \
+$(DHASH_CFLAGS) \
+$(CHECK_CFLAGS)
+find_uid_tests_LDADD = \
+$(TALLOC_LIBS) \
+$(DHASH_LIBS) \
+$(CHECK_LIBS)
+
endif
stress_tests_SOURCES = \
@@ -564,6 +580,7 @@ libsss_proxy_la_LDFLAGS = \
-module
libsss_krb5_la_SOURCES = \
+util/find_uid.c \
providers/krb5/krb5_utils.c \
providers/krb5/krb5_become_user.c \
providers/krb5/krb5_auth.c \
@@ -571,7 +588,9 @@ libsss_krb5_la_SOURCES = \
providers/krb5/krb5_init.c
libsss_krb5_la_CFLAGS = \
$(AM_CFLAGS) \
-$(KRB5_CFLAGS)
+$(DHASH_CFLAGS)
+libsss_krb5_la_LIBADD = \
+$(DHASH_LIBS)
libsss_krb5_la_LDFLAGS = \
-version-info 1:0:0 \
-module
@@ -593,6 +612,7 @@ libsss_ipa_la_SOURCES = \
providers/ldap/sdap.c \
util/sss_ldap.c \
util/sss_krb5.c \
+util/find_uid.c \
providers/krb5/krb5_utils.c \
providers/krb5/krb5_become_user.c \
providers/krb5/krb5_common.c \
@@ -600,9 +620,11 @@ libsss_ipa_la_SOURCES = \
libsss_ipa_la_CFLAGS = \
$(AM_CFLAGS) \
$(LDAP_CFLAGS) \
+$(DHASH_CFLAGS) \
$(KRB5_CFLAGS)
libsss_ipa_la_LIBADD = \
$(OPENLDAP_LIBS) \
+$(DHASH_LIBS) \
$(KRB5_LIBS)
libsss_ipa_la_LDFLAGS = \
-version-info 1:0:0 \
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
index a329985..f94b43f 100644
--- a/server/db/sysdb.h
+++ b/server/db/sysdb.h
@@ -72,6 +72,7 @@
#define SYSDB_UUID uniqueID
#define SYSDB_UPN userPrincipalName
+#define SYSDB_CCACHE_FILE ccacheFile
#define SYSDB_ORIG_DN originalDN
#define SYSDB_ORIG_MODSTAMP originalModifyTimestamp
diff --git a/server/providers/krb5/krb5_auth.c
b/server/providers/krb5/krb5_auth.c
index d3e05e1..8068bce 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -29,10 +29,12 @@
#include sys/wait.h
#include fcntl.h
#include pwd.h
+#include sys/stat.h