diff options
| author | Lukas Slebodnik <lslebodn@redhat.com> | 2013-06-27 20:38:38 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-07-15 16:42:25 +0200 |
| commit | dbf4dd47aa7f314a6a6bb2c8f9bb4ddd09de9e8b (patch) | |
| tree | cb98500910abc427f03234b231edb69995108e7d | |
| parent | 1d4293f36695daab5909b9eaa670e8e23db548aa (diff) | |
| download | sssd-dbf4dd47aa7f314a6a6bb2c8f9bb4ddd09de9e8b.tar.gz sssd-dbf4dd47aa7f314a6a6bb2c8f9bb4ddd09de9e8b.tar.xz sssd-dbf4dd47aa7f314a6a6bb2c8f9bb4ddd09de9e8b.zip | |
Use conditional build for retrieving ccache.
Some krb5 functions needn't be available for retrieving ccache
with principal. Therefore ifdef is used to solve this situation with older
version of libkrb5. There were two functions with similar functionality
in krb5_child and krb5_utils. They were merged to one universal function, which
was moved to file src/util/sss_krb5.c
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 49 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_utils.c | 61 | ||||
| -rw-r--r-- | src/util/sss_krb5.c | 52 | ||||
| -rw-r--r-- | src/util/sss_krb5.h | 4 |
4 files changed, 78 insertions, 88 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 4d12b90a2..a7999b7ed 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1147,51 +1147,6 @@ done: } -static char * get_ccache_name_by_principal(TALLOC_CTX *mem_ctx, - krb5_context ctx, - krb5_principal principal, - const char *ccname) -{ - krb5_error_code kerr; - krb5_ccache tmp_cc = NULL; - char *tmp_ccname = NULL; - char *ret_ccname = NULL; - - kerr = krb5_cc_set_default_name(ctx, ccname); - if (kerr != 0) { - KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr); - return NULL; - } - - kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc); - if (kerr != 0) { - KRB5_CHILD_DEBUG(SSSDBG_TRACE_INTERNAL, kerr); - return NULL; - } - - kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname); - if (kerr !=0) { - KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr); - goto done; - } - - ret_ccname = talloc_strdup(mem_ctx, tmp_ccname); - if (ret_ccname == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n")); - } - -done: - if (tmp_cc != NULL) { - kerr = krb5_cc_close(ctx, tmp_cc); - if (kerr != 0) { - KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr); - } - } - krb5_free_string(ctx, tmp_ccname); - - return ret_ccname; -} - static krb5_error_code get_and_save_tgt(struct krb5_req *kr, const char *password) { @@ -1250,8 +1205,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, * directly with file ccache (DIR::/...), but cache collection * should be returned back to back end. */ - cc_name = get_ccache_name_by_principal(kr->pd, kr->ctx, principal, - kr->ccname); + cc_name = sss_get_ccache_name_for_principal(kr->pd, kr->ctx, principal, + kr->ccname); if (cc_name == NULL) { cc_name = kr->ccname; } diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 860c71b00..1b6d57c60 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -969,32 +969,6 @@ cc_dir_create(const char *location, pcre *illegal_re, return create_ccache_dir_head(dir_name, illegal_re, uid, gid, private_path); } -static krb5_error_code -get_ccache_for_princ(krb5_context context, const char *location, - const char *princ, krb5_ccache *_ccache) -{ - krb5_error_code krberr; - krb5_principal client_principal = NULL; - - krberr = krb5_cc_set_default_name(context, location); - if (krberr != 0) { - KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr); - DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_resolve failed.\n")); - return krberr; - } - - krberr = krb5_parse_name(context, princ, &client_principal); - if (krberr != 0) { - KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr); - DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n")); - return krberr; - } - - krberr = krb5_cc_cache_match(context, client_principal, _ccache); - krb5_free_principal(context, client_principal); - return krberr; -} - errno_t cc_dir_check_existing(const char *location, uid_t uid, const char *realm, const char *princ, @@ -1138,9 +1112,9 @@ cc_dir_cache_for_princ(TALLOC_CTX *mem_ctx, const char *location, { krb5_context context = NULL; krb5_error_code krberr; - krb5_ccache ccache = NULL; - char *name; + char *name = NULL; const char *ccname; + krb5_principal client_principal = NULL; ccname = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_DIR); if (!ccname) { @@ -1160,27 +1134,32 @@ cc_dir_cache_for_princ(TALLOC_CTX *mem_ctx, const char *location, return NULL; } - krberr = get_ccache_for_princ(context, location, princ, &ccache); - if (krberr) { - DEBUG(SSSDBG_TRACE_FUNC, ("No principal for %s in %s\n", - princ, location)); - krb5_free_context(context); - return NULL; + krberr = krb5_parse_name(context, princ, &client_principal); + if (krberr != 0) { + KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr); + DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n")); + goto done; } /* This function is called only as a way to validate that, * we have the right cache */ - krberr = krb5_cc_get_full_name(context, ccache, &name); - if (ccache) krb5_cc_close(context, ccache); - krb5_free_context(context); - if (krberr) { - KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr); + name = sss_get_ccache_name_for_principal(mem_ctx, context, + client_principal, location); + if (name == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get full name of ccache\n")); - return NULL; + goto done; } - return talloc_strdup(mem_ctx, location); + talloc_zfree(name); + /* everytime return location for dir_cache */ + name = talloc_strdup(mem_ctx, location); + +done: + krb5_free_principal(context, client_principal); + krb5_free_context(context); + + return name; } errno_t diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 7d42e97f4..204e0c2a0 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -1179,3 +1179,55 @@ done: return ENOTSUP; #endif } + +char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx, + krb5_context ctx, + krb5_principal principal, + const char *location) +{ +#ifdef HAVE_KRB5_DIRCACHE + krb5_error_code kerr; + krb5_ccache tmp_cc = NULL; + char *tmp_ccname = NULL; + char *ret_ccname = NULL; + + kerr = krb5_cc_set_default_name(ctx, location); + if (kerr != 0) { + KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); + return NULL; + } + + kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc); + if (kerr != 0) { + const char *err_msg = sss_krb5_get_error_message(ctx, kerr); + DEBUG(SSSDBG_TRACE_INTERNAL, + ("krb5_cc_cache_match failed: [%d][%s]\n", kerr, err_msg)); + sss_krb5_free_error_message(ctx, err_msg); + return NULL; + } + + kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname); + if (kerr != 0) { + KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); + goto done; + } + + ret_ccname = talloc_strdup(mem_ctx, tmp_ccname); + if (ret_ccname == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n")); + } + +done: + if (tmp_cc != NULL) { + kerr = krb5_cc_close(ctx, tmp_cc); + if (kerr != 0) { + KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); + } + } + krb5_free_string(ctx, tmp_ccname); + + return ret_ccname; +#else + return NULL; +#endif /* HAVE_KRB5_DIRCACHE */ +} diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 4d3b9f7ed..601a8acf9 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -192,4 +192,8 @@ krb5_error_code sss_extract_pac(krb5_context ctx, krb5_keytab keytab, krb5_authdata ***_pac_authdata); +char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx, + krb5_context ctx, + krb5_principal principal, + const char *location); #endif /* __SSS_KRB5_H__ */ |