diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-07-30 16:52:42 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-05 14:09:42 +0200 |
| commit | 7bb9ba8688ec1ca930d693eea05e936bc38f6d1b (patch) | |
| tree | 06f866863c997d95c5ed66208fc281919520ba8a /src/util | |
| parent | 089db891b8a7a94b5666e8cffb1d7b359d6aeb6e (diff) | |
| download | sssd-7bb9ba8688ec1ca930d693eea05e936bc38f6d1b.tar.gz sssd-7bb9ba8688ec1ca930d693eea05e936bc38f6d1b.tar.xz sssd-7bb9ba8688ec1ca930d693eea05e936bc38f6d1b.zip | |
krb5 utils: add sss_krb5_realm_has_proxy()
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/sss_krb5.c | 57 | ||||
| -rw-r--r-- | src/util/sss_krb5.h | 2 |
2 files changed, 59 insertions, 0 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index e5c2121da..2e128db3c 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -20,6 +20,7 @@ #include <stdio.h> #include <errno.h> #include <talloc.h> +#include <profile.h> #include "config.h" @@ -1069,3 +1070,59 @@ krb5_error_code sss_krb5_kt_have_content(krb5_context context, return 0; #endif } + +#define KDC_PROXY_INDICATOR "https://" +#define KDC_PROXY_INDICATOR_LEN (sizeof(KDC_PROXY_INDICATOR) - 1) + +bool sss_krb5_realm_has_proxy(const char *realm) +{ + krb5_context context = NULL; + krb5_error_code kerr; + struct _profile_t *profile = NULL; + const char *profile_path[4] = {"realms", NULL, "kdc", NULL}; + char **list = NULL; + bool res = false; + size_t c; + + if (realm == NULL) { + return false; + } + + kerr = krb5_init_context(&context); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_init_context failed.\n"); + return false; + } + + kerr = krb5_get_profile(context, &profile); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_get_profile failed.\n"); + goto done; + } + + profile_path[1] = realm; + + kerr = profile_get_values(profile, profile_path, &list); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n"); + goto done; + } + + for (c = 0; list[c] != NULL; c++) { + if (strncasecmp(KDC_PROXY_INDICATOR, list[c], + KDC_PROXY_INDICATOR_LEN) == 0) { + DEBUG(SSSDBG_TRACE_ALL, + "Found KDC Proxy indicator [%s] in [%s].\n", + KDC_PROXY_INDICATOR, list[c]); + res = true; + break; + } + } + +done: + profile_free_list(list); + profile_release(profile); + krb5_free_context(context); + + return res; +} diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 462dbbe0b..fdaeb4931 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -189,4 +189,6 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx, krb5_error_code sss_krb5_kt_have_content(krb5_context context, krb5_keytab keytab); + +bool sss_krb5_realm_has_proxy(const char *realm); #endif /* __SSS_KRB5_H__ */ |