krb5_child returns TGT lifetime

author: Sumit Bose <sbose@redhat.com> 2010-11-09 13:11:52 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-12-03 10:41:28 -0500
commit: 1709edfb690bb4ffa4b96c64d08853f47390eda3 (patch)
tree: bf07e7bbe85e6ff86639153b7783d4ed750760ac
parent: d2d23847f879712d6e191134018a8bff70a5e2ab (diff)
download: sssd-1709edfb690bb4ffa4b96c64d08853f47390eda3.tar.gz
sssd-1709edfb690bb4ffa4b96c64d08853f47390eda3.tar.xz
sssd-1709edfb690bb4ffa4b96c64d08853f47390eda3.zip
4 files changed, 63 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 9dc7a2c9e..974e76844 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -39,6 +39,9 @@
 #include "providers/krb5/krb5_auth.h"
 #include "providers/krb5/krb5_utils.h"
 
+#define TIME_T_MAX LONG_MAX
+#define int64_to_time_t(val) ((time_t)((val) < TIME_T_MAX ? val : TIME_T_MAX))
+
 static errno_t safe_remove_old_ccache_file(const char *old_ccache_file,
                                            const char *new_ccache_file)
 {
@@ -688,6 +691,10 @@ static void krb5_child_done(struct tevent_req *subreq)
     int32_t msg_status;
     int32_t msg_type;
     int32_t msg_len;
+    int64_t time_data;
+    struct tgt_times tgtt;
+
+    memset(&tgtt, 0, sizeof(tgtt));
 
     ret = handle_child_recv(subreq, pd, &buf, &len);
     talloc_zfree(subreq);
@@ -751,6 +758,20 @@ static void krb5_child_done(struct tevent_req *subreq)
             }
         }
 
+        if (msg_type == SSS_KRB5_INFO_TGT_LIFETIME &&
+            msg_len == 4*sizeof(int64_t)) {
+            SAFEALIGN_COPY_INT64(&time_data, buf+p, NULL);
+            tgtt.authtime = int64_to_time_t(time_data);
+            SAFEALIGN_COPY_INT64(&time_data, buf+p+sizeof(int64_t), NULL);
+            tgtt.starttime = int64_to_time_t(time_data);
+            SAFEALIGN_COPY_INT64(&time_data, buf+p+2*sizeof(int64_t), NULL);
+            tgtt.endtime = int64_to_time_t(time_data);
+            SAFEALIGN_COPY_INT64(&time_data, buf+p+3*sizeof(int64_t), NULL);
+            tgtt.renew_till = int64_to_time_t(time_data);
+            DEBUG(7, ("TGT times are [%d][%d][%d][%d].\n", tgtt.authtime,
+                      tgtt.starttime, tgtt.endtime, tgtt.renew_till));
+        }
+
         ret = pam_add_response(pd, msg_type, msg_len, &buf[p]);
         if (ret != EOK) {
             /* This is not a fatal error */
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index f29869bc2..c12478f18 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -456,6 +456,25 @@ static errno_t sendresponse(int fd, krb5_error_code kerr, int pam_status,
     return EOK;
 }
 
+static errno_t add_ticket_times_to_response(struct krb5_req *kr)
+{
+    int ret;
+    int64_t t[4];
+
+    t[0] = (int64_t) kr->creds->times.authtime;
+    t[1] = (int64_t) kr->creds->times.starttime;
+    t[2] = (int64_t) kr->creds->times.endtime;
+    t[3] = (int64_t) kr->creds->times.renew_till;
+
+    ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME,
+                           4*sizeof(int64_t), (uint8_t *) t);
+    if (ret != EOK) {
+        DEBUG(1, ("pack_response_packet failed.\n"));
+    }
+
+    return ret;
+}
+
 static krb5_error_code validate_tgt(struct krb5_req *kr)
 {
     krb5_error_code kerr;
@@ -595,6 +614,11 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
         goto done;
     }
 
+    ret = add_ticket_times_to_response(kr);
+    if (ret != EOK) {
+        DEBUG(1, ("add_ticket_times_to_response failed.\n"));
+    }
+
     kerr = 0;
 
 done:
@@ -941,6 +965,11 @@ static errno_t renew_tgt_child(int fd, struct krb5_req *kr)
         goto done;
     }
 
+    ret = add_ticket_times_to_response(kr);
+    if (ret != EOK) {
+        DEBUG(1, ("add_ticket_times_to_response failed.\n"));
+    }
+
     status = PAM_SUCCESS;
 
 done:
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 01d2dbfc0..68e4426ac 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -62,6 +62,13 @@ enum krb5_opts {
 
 typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
 
+struct tgt_times {
+    time_t authtime;
+    time_t starttime;
+    time_t endtime;
+    time_t renew_till;
+};
+
 struct krb5_service {
     char *name;
     char *address;
diff --git a/src/util/util.h b/src/util/util.h
index e48069495..12d3ff0a5 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -185,6 +185,12 @@ safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter)
     safealign_memcpy(dest, &CV_MACRO_val, sizeof(type), pctr); \
 } while(0)
 
+#define SAFEALIGN_COPY_INT64(dest, src, pctr) \
+    safealign_memcpy(dest, src, sizeof(int64_t), pctr)
+
+#define SAFEALIGN_SET_INT64(dest, value, pctr) \
+    SAFEALIGN_SET_VALUE(dest, value, int64_t, pctr)
+
 #define SAFEALIGN_COPY_UINT32(dest, src, pctr) \
     safealign_memcpy(dest, src, sizeof(uint32_t), pctr)
author	Sumit Bose <sbose@redhat.com>	2010-11-09 13:11:52 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-12-03 10:41:28 -0500
commit	1709edfb690bb4ffa4b96c64d08853f47390eda3 (patch)
tree	bf07e7bbe85e6ff86639153b7783d4ed750760ac
parent	d2d23847f879712d6e191134018a8bff70a5e2ab (diff)
download	sssd-1709edfb690bb4ffa4b96c64d08853f47390eda3.tar.gz sssd-1709edfb690bb4ffa4b96c64d08853f47390eda3.tar.xz sssd-1709edfb690bb4ffa4b96c64d08853f47390eda3.zip