diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index e34943b829c..987738211e9 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -36,6 +36,7 @@ #include "util/crypto/sss_crypto.h" #include "util/find_uid.h" #include "util/auth_utils.h" +#include "util/sss_ptr_hash.h" #include "db/sysdb.h" #include "util/sss_utf8.h" #include "util/child_common.h" @@ -427,6 +428,59 @@ static bool is_otp_enabled(struct ldb_message *user_msg) return false; } +/* Closes the write end of waiting krb5_child */ +static errno_t soft_terminate_krb5_child(TALLOC_CTX *mem_ctx, + struct pam_data *pd, + struct krb5_ctx *krb5_ctx) +{ + char *io_key; + struct child_io_fds *io; + TALLOC_CTX *tmp_ctx; + int ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + if (pd->child_pid == 0) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Expected waiting krb5_child.\n"); + ret = EINVAL; + goto done; + } + + io_key = talloc_asprintf(tmp_ctx, "%d", pd->child_pid); + if (io_key == NULL) { + ret = ENOMEM; + goto done; + } + + io = sss_ptr_hash_lookup(krb5_ctx->io_table, io_key, + struct child_io_fds); + if (io == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "PTR hash lookup failed.\n"); + ret = ENOMEM; + goto done; + } + + if (io->write_to_child_fd != -1) { + ret = close(io->write_to_child_fd); + io->write_to_child_fd = -1; + if (ret != EOK) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + "close failed [%d][%s].\n", ret, strerror(ret)); + } + } + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} + /* krb5_auth request */ struct krb5_auth_state { diff --git a/src/providers/krb5/krb5_auth.h b/src/providers/krb5/krb5_auth.h index 783292bc038..bbdbf61fc8b 100644 --- a/src/providers/krb5/krb5_auth.h +++ b/src/providers/krb5/krb5_auth.h @@ -135,9 +135,6 @@ errno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx, errno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile, struct tgt_times *tgtt, struct pam_data *pd, const char *upn); -errno_t soft_terminate_krb5_child(TALLOC_CTX *mem_ctx, - struct pam_data *pd, - struct krb5_ctx *krb5_ctx); /* krb5_access.c */ struct tevent_req *krb5_access_send(TALLOC_CTX *mem_ctx, diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index cab84b37d45..17befd40c30 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -1021,55 +1021,3 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, return EOK; } -/* Closes the write end of waiting krb5_child */ -errno_t soft_terminate_krb5_child(TALLOC_CTX *mem_ctx, - struct pam_data *pd, - struct krb5_ctx *krb5_ctx) -{ - char *io_key; - struct child_io_fds *io; - TALLOC_CTX *tmp_ctx; - int ret; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - if (pd->child_pid == 0) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Expected waiting krb5_child.\n"); - ret = EINVAL; - goto done; - } - - io_key = talloc_asprintf(tmp_ctx, "%d", pd->child_pid); - if (io_key == NULL) { - ret = ENOMEM; - goto done; - } - - io = sss_ptr_hash_lookup(krb5_ctx->io_table, io_key, - struct child_io_fds); - if (io == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - "PTR hash lookup failed.\n"); - ret = ENOMEM; - goto done; - } - - if (io->write_to_child_fd != -1) { - ret = close(io->write_to_child_fd); - io->write_to_child_fd = -1; - if (ret != EOK) { - ret = errno; - DEBUG(SSSDBG_CRIT_FAILURE, - "close failed [%d][%s].\n", ret, strerror(ret)); - } - } - - ret = EOK; -done: - talloc_free(tmp_ctx); - return ret; -}