75 lines
2.4 KiB
Diff
75 lines
2.4 KiB
Diff
|
From 40ccad84a0558eb21ebd351ea837c5042fa38966 Mon Sep 17 00:00:00 2001
|
||
|
From: Lukas Slebodnik <lslebodn@redhat.com>
|
||
|
Date: Fri, 29 Jan 2016 13:30:49 +0100
|
||
|
Subject: [PATCH 67/86] krb5_child: Warn if user cannot read krb5.conf
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
Attached patch should siplify troubleshoting of
|
||
|
issues with permission of krb5.conf. It's not clear from
|
||
|
krb5_child.log even with full debug level.
|
||
|
|
||
|
[sss_get_ccache_name_for_principal] (0x4000):
|
||
|
Location: [FILE:/tmp/krb5cc_12069_XXXXXX]
|
||
|
[sss_get_ccache_name_for_principal] (0x2000):
|
||
|
krb5_cc_cache_match failed: [-1765328243]
|
||
|
[Can't find client principal user@EXAMPLE.COM in cache collection]
|
||
|
[create_ccache] (0x0020): 735: [13][Permission denied]
|
||
|
|
||
|
Resolves:
|
||
|
https://fedorahosted.org/sssd/ticket/2931
|
||
|
|
||
|
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
||
|
(cherry picked from commit 38f251e531b1c68e70eaa98dfecaf78da5f36ccc)
|
||
|
(cherry picked from commit 760d655881e87f52db033a4a56b05fbe91dce146)
|
||
|
---
|
||
|
src/providers/krb5/krb5_child.c | 24 ++++++++++++++++++++++++
|
||
|
1 file changed, 24 insertions(+)
|
||
|
|
||
|
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
|
||
|
index 619e76372f962279ddffadadc607d9bbb20fbffb..6fd88815a5224809c7c448198495ae009f47097e 100644
|
||
|
--- a/src/providers/krb5/krb5_child.c
|
||
|
+++ b/src/providers/krb5/krb5_child.c
|
||
|
@@ -2572,6 +2572,29 @@ static krb5_error_code privileged_krb5_setup(struct krb5_req *kr,
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
+static void try_open_krb5_conf(void)
|
||
|
+{
|
||
|
+ int fd;
|
||
|
+ int ret;
|
||
|
+
|
||
|
+ fd = open("/etc/krb5.conf", O_RDONLY);
|
||
|
+ if (fd != -1) {
|
||
|
+ close(fd);
|
||
|
+ } else {
|
||
|
+ ret = errno;
|
||
|
+ if (ret == EACCES || ret == EPERM) {
|
||
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
||
|
+ "User with uid:%"SPRIuid" gid:%"SPRIgid" cannot read "
|
||
|
+ "/etc/krb5.conf. It might cause problems\n",
|
||
|
+ geteuid(), getegid());
|
||
|
+ } else {
|
||
|
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
||
|
+ "Cannot open /etc/krb5.conf [%d]: %s\n",
|
||
|
+ ret, strerror(ret));
|
||
|
+ }
|
||
|
+ }
|
||
|
+}
|
||
|
+
|
||
|
int main(int argc, const char *argv[])
|
||
|
{
|
||
|
struct krb5_req *kr = NULL;
|
||
|
@@ -2673,6 +2696,7 @@ int main(int argc, const char *argv[])
|
||
|
|
||
|
DEBUG(SSSDBG_TRACE_INTERNAL,
|
||
|
"Running as [%"SPRIuid"][%"SPRIgid"].\n", geteuid(), getegid());
|
||
|
+ try_open_krb5_conf();
|
||
|
|
||
|
ret = k5c_setup(kr, offline);
|
||
|
if (ret != EOK) {
|
||
|
--
|
||
|
2.5.0
|
||
|
|