202 lines
6.4 KiB
Diff
202 lines
6.4 KiB
Diff
|
From c121e65ed592bf3611053ee38032fd33c8d1b285 Mon Sep 17 00:00:00 2001
|
||
|
From: Simo Sorce <simo@redhat.com>
|
||
|
Date: Fri, 30 Aug 2013 12:27:49 -0400
|
||
|
Subject: [PATCH 07/14] krb5: Make check_for_valid_tgt() static
|
||
|
|
||
|
check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there.
|
||
|
|
||
|
Resolves:
|
||
|
https://fedorahosted.org/sssd/ticket/2061
|
||
|
---
|
||
|
src/providers/krb5/krb5_utils.c | 74 +++++++++++++++++++++++++++++++++++++++++
|
||
|
src/util/sss_krb5.c | 72 ---------------------------------------
|
||
|
src/util/sss_krb5.h | 4 ---
|
||
|
3 files changed, 74 insertions(+), 76 deletions(-)
|
||
|
|
||
|
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
|
||
|
index b174462ee4e8f3992e6d9c06f91118098c598149..463a5eb409d076825f25d45c034d58f4a89780eb 100644
|
||
|
--- a/src/providers/krb5/krb5_utils.c
|
||
|
+++ b/src/providers/krb5/krb5_utils.c
|
||
|
@@ -761,6 +761,80 @@ done:
|
||
|
return ret;
|
||
|
}
|
||
|
|
||
|
+static krb5_error_code check_for_valid_tgt(krb5_context context,
|
||
|
+ krb5_ccache ccache,
|
||
|
+ const char *realm,
|
||
|
+ const char *client_princ_str,
|
||
|
+ bool *result)
|
||
|
+{
|
||
|
+ krb5_error_code krberr;
|
||
|
+ TALLOC_CTX *tmp_ctx = NULL;
|
||
|
+ krb5_creds mcred;
|
||
|
+ krb5_creds cred;
|
||
|
+ char *server_name = NULL;
|
||
|
+ krb5_principal client_principal = NULL;
|
||
|
+ krb5_principal server_principal = NULL;
|
||
|
+
|
||
|
+ *result = false;
|
||
|
+
|
||
|
+ tmp_ctx = talloc_new(NULL);
|
||
|
+ if (tmp_ctx == NULL) {
|
||
|
+ DEBUG(1, ("talloc_new failed.\n"));
|
||
|
+ return ENOMEM;
|
||
|
+ }
|
||
|
+
|
||
|
+ server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm);
|
||
|
+ if (server_name == NULL) {
|
||
|
+ DEBUG(1, ("talloc_asprintf failed.\n"));
|
||
|
+ krberr = ENOMEM;
|
||
|
+ goto done;
|
||
|
+ }
|
||
|
+
|
||
|
+ krberr = krb5_parse_name(context, server_name, &server_principal);
|
||
|
+ if (krberr != 0) {
|
||
|
+ DEBUG(1, ("krb5_parse_name failed.\n"));
|
||
|
+ goto done;
|
||
|
+ }
|
||
|
+
|
||
|
+ krberr = krb5_parse_name(context, client_princ_str, &client_principal);
|
||
|
+ if (krberr != 0) {
|
||
|
+ DEBUG(1, ("krb5_parse_name failed.\n"));
|
||
|
+ goto done;
|
||
|
+ }
|
||
|
+
|
||
|
+ memset(&mcred, 0, sizeof(mcred));
|
||
|
+ memset(&cred, 0, sizeof(mcred));
|
||
|
+ mcred.client = client_principal;
|
||
|
+ mcred.server = server_principal;
|
||
|
+
|
||
|
+ krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
|
||
|
+ if (krberr != 0) {
|
||
|
+ DEBUG(1, ("krb5_cc_retrieve_cred failed.\n"));
|
||
|
+ krberr = 0;
|
||
|
+ goto done;
|
||
|
+ }
|
||
|
+
|
||
|
+ DEBUG(7, ("TGT end time [%d].\n", cred.times.endtime));
|
||
|
+
|
||
|
+ if (cred.times.endtime > time(NULL)) {
|
||
|
+ DEBUG(3, ("TGT is valid.\n"));
|
||
|
+ *result = true;
|
||
|
+ }
|
||
|
+ krb5_free_cred_contents(context, &cred);
|
||
|
+
|
||
|
+ krberr = 0;
|
||
|
+
|
||
|
+done:
|
||
|
+ if (client_principal != NULL) {
|
||
|
+ krb5_free_principal(context, client_principal);
|
||
|
+ }
|
||
|
+ if (server_principal != NULL) {
|
||
|
+ krb5_free_principal(context, server_principal);
|
||
|
+ }
|
||
|
+ talloc_free(tmp_ctx);
|
||
|
+ return krberr;
|
||
|
+}
|
||
|
+
|
||
|
static errno_t
|
||
|
check_cc_validity(const char *location,
|
||
|
const char *realm,
|
||
|
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
|
||
|
index b25ed24919555666422e6a87ded8688ca76c345f..440edab8a4624b33b7d358e64ead93949fc3de88 100644
|
||
|
--- a/src/util/sss_krb5.c
|
||
|
+++ b/src/util/sss_krb5.c
|
||
|
@@ -546,78 +546,6 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
|
||
|
}
|
||
|
|
||
|
|
||
|
-krb5_error_code check_for_valid_tgt(krb5_context context,
|
||
|
- krb5_ccache ccache, const char *realm,
|
||
|
- const char *client_princ_str, bool *result)
|
||
|
-{
|
||
|
- krb5_error_code krberr;
|
||
|
- TALLOC_CTX *tmp_ctx = NULL;
|
||
|
- krb5_creds mcred;
|
||
|
- krb5_creds cred;
|
||
|
- char *server_name = NULL;
|
||
|
- krb5_principal client_principal = NULL;
|
||
|
- krb5_principal server_principal = NULL;
|
||
|
-
|
||
|
- *result = false;
|
||
|
-
|
||
|
- tmp_ctx = talloc_new(NULL);
|
||
|
- if (tmp_ctx == NULL) {
|
||
|
- DEBUG(1, ("talloc_new failed.\n"));
|
||
|
- return ENOMEM;
|
||
|
- }
|
||
|
-
|
||
|
- server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm);
|
||
|
- if (server_name == NULL) {
|
||
|
- DEBUG(1, ("talloc_asprintf failed.\n"));
|
||
|
- krberr = ENOMEM;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- krberr = krb5_parse_name(context, server_name, &server_principal);
|
||
|
- if (krberr != 0) {
|
||
|
- DEBUG(1, ("krb5_parse_name failed.\n"));
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- krberr = krb5_parse_name(context, client_princ_str, &client_principal);
|
||
|
- if (krberr != 0) {
|
||
|
- DEBUG(1, ("krb5_parse_name failed.\n"));
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- memset(&mcred, 0, sizeof(mcred));
|
||
|
- memset(&cred, 0, sizeof(mcred));
|
||
|
- mcred.client = client_principal;
|
||
|
- mcred.server = server_principal;
|
||
|
-
|
||
|
- krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred);
|
||
|
- if (krberr != 0) {
|
||
|
- DEBUG(1, ("krb5_cc_retrieve_cred failed.\n"));
|
||
|
- krberr = 0;
|
||
|
- goto done;
|
||
|
- }
|
||
|
-
|
||
|
- DEBUG(7, ("TGT end time [%d].\n", cred.times.endtime));
|
||
|
-
|
||
|
- if (cred.times.endtime > time(NULL)) {
|
||
|
- DEBUG(3, ("TGT is valid.\n"));
|
||
|
- *result = true;
|
||
|
- }
|
||
|
- krb5_free_cred_contents(context, &cred);
|
||
|
-
|
||
|
- krberr = 0;
|
||
|
-
|
||
|
-done:
|
||
|
- if (client_principal != NULL) {
|
||
|
- krb5_free_principal(context, client_principal);
|
||
|
- }
|
||
|
- if (server_principal != NULL) {
|
||
|
- krb5_free_principal(context, server_principal);
|
||
|
- }
|
||
|
- talloc_free(tmp_ctx);
|
||
|
- return krberr;
|
||
|
-}
|
||
|
-
|
||
|
krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback(
|
||
|
krb5_context context,
|
||
|
krb5_get_init_creds_opt *opt,
|
||
|
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
|
||
|
index b1074f813a6b12d132b8c3d0290ad914b003e70f..aaf2a64882254ba173fb57c5dab47d246082392c 100644
|
||
|
--- a/src/util/sss_krb5.h
|
||
|
+++ b/src/util/sss_krb5.h
|
||
|
@@ -70,10 +70,6 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
|
||
|
|
||
|
void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name);
|
||
|
|
||
|
-krb5_error_code check_for_valid_tgt(krb5_context context,
|
||
|
- krb5_ccache ccache, const char *realm,
|
||
|
- const char *client_princ_str, bool *result);
|
||
|
-
|
||
|
int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name,
|
||
|
krb5_context context, krb5_keytab keytab);
|
||
|
|
||
|
--
|
||
|
1.8.3.1
|
||
|
|