diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-07-30 16:52:42 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-05 14:09:42 +0200 |
| commit | 7bb9ba8688ec1ca930d693eea05e936bc38f6d1b (patch) | |
| tree | 06f866863c997d95c5ed66208fc281919520ba8a | |
| parent | 089db891b8a7a94b5666e8cffb1d7b359d6aeb6e (diff) | |
| download | sssd-7bb9ba8688ec1ca930d693eea05e936bc38f6d1b.tar.gz sssd-7bb9ba8688ec1ca930d693eea05e936bc38f6d1b.tar.xz sssd-7bb9ba8688ec1ca930d693eea05e936bc38f6d1b.zip | |
krb5 utils: add sss_krb5_realm_has_proxy()
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | Makefile.am | 1 | ||||
| -rw-r--r-- | src/tests/krb5_proxy_check_test_data.conf | 8 | ||||
| -rw-r--r-- | src/tests/krb5_utils-tests.c | 17 | ||||
| -rw-r--r-- | src/util/sss_krb5.c | 57 | ||||
| -rw-r--r-- | src/util/sss_krb5.h | 2 |
5 files changed, 85 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am index 5345d90d2..8b64317d6 100644 --- a/Makefile.am +++ b/Makefile.am @@ -366,6 +366,7 @@ dist_noinst_SCRIPTS = \ src/tests/pysss_murmur-test.py2.sh \ src/tests/pysss_murmur-test.py3.sh \ src/tests/python-test.py \ + src/tests/krb5_proxy_check_test_data.conf \ $(NULL) dist_noinst_DATA = \ diff --git a/src/tests/krb5_proxy_check_test_data.conf b/src/tests/krb5_proxy_check_test_data.conf new file mode 100644 index 000000000..eb74dbfa4 --- /dev/null +++ b/src/tests/krb5_proxy_check_test_data.conf @@ -0,0 +1,8 @@ +[realms] + REALM = { + kdc = hello + } + + REALM_PROXY = { + kdc = https://hello + } diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index 650ed4859..9a25b09cd 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -684,6 +684,22 @@ START_TEST(test_parse_krb5_map_user) } END_TEST +START_TEST(test_sss_krb5_realm_has_proxy) +{ + krb5_error_code kerr; + long perr; + + fail_unless(sss_krb5_realm_has_proxy(NULL) == false); + + setenv("KRB5_CONFIG", "/dev/null", 1); + fail_unless(sss_krb5_realm_has_proxy("REALM") == false); + + setenv("KRB5_CONFIG", ABS_SRC_DIR"/src/tests/krb5_proxy_check_test_data.conf", 1); + fail_unless(sss_krb5_realm_has_proxy("REALM") == false); + fail_unless(sss_krb5_realm_has_proxy("REALM_PROXY") == true); +} +END_TEST + Suite *krb5_utils_suite (void) { Suite *s = suite_create ("krb5_utils"); @@ -723,6 +739,7 @@ Suite *krb5_utils_suite (void) TCase *tc_krb5_helpers = tcase_create("Helper functions"); tcase_add_test(tc_krb5_helpers, test_compare_principal_realm); tcase_add_test(tc_krb5_helpers, test_parse_krb5_map_user); + tcase_add_test(tc_krb5_helpers, test_sss_krb5_realm_has_proxy); suite_add_tcase(s, tc_krb5_helpers); return s; diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index e5c2121da..2e128db3c 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -20,6 +20,7 @@ #include <stdio.h> #include <errno.h> #include <talloc.h> +#include <profile.h> #include "config.h" @@ -1069,3 +1070,59 @@ krb5_error_code sss_krb5_kt_have_content(krb5_context context, return 0; #endif } + +#define KDC_PROXY_INDICATOR "https://" +#define KDC_PROXY_INDICATOR_LEN (sizeof(KDC_PROXY_INDICATOR) - 1) + +bool sss_krb5_realm_has_proxy(const char *realm) +{ + krb5_context context = NULL; + krb5_error_code kerr; + struct _profile_t *profile = NULL; + const char *profile_path[4] = {"realms", NULL, "kdc", NULL}; + char **list = NULL; + bool res = false; + size_t c; + + if (realm == NULL) { + return false; + } + + kerr = krb5_init_context(&context); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_init_context failed.\n"); + return false; + } + + kerr = krb5_get_profile(context, &profile); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_get_profile failed.\n"); + goto done; + } + + profile_path[1] = realm; + + kerr = profile_get_values(profile, profile_path, &list); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n"); + goto done; + } + + for (c = 0; list[c] != NULL; c++) { + if (strncasecmp(KDC_PROXY_INDICATOR, list[c], + KDC_PROXY_INDICATOR_LEN) == 0) { + DEBUG(SSSDBG_TRACE_ALL, + "Found KDC Proxy indicator [%s] in [%s].\n", + KDC_PROXY_INDICATOR, list[c]); + res = true; + break; + } + } + +done: + profile_free_list(list); + profile_release(profile); + krb5_free_context(context); + + return res; +} diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 462dbbe0b..fdaeb4931 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -189,4 +189,6 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx, krb5_error_code sss_krb5_kt_have_content(krb5_context context, krb5_keytab keytab); + +bool sss_krb5_realm_has_proxy(const char *realm); #endif /* __SSS_KRB5_H__ */ |