summaryrefslogtreecommitdiffstats
path: root/src/util/sss_krb5.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/sss_krb5.c')
-rw-r--r--src/util/sss_krb5.c57
1 files changed, 57 insertions, 0 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index e5c2121da..2e128db3c 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -20,6 +20,7 @@
#include <stdio.h>
#include <errno.h>
#include <talloc.h>
+#include <profile.h>
#include "config.h"
@@ -1069,3 +1070,59 @@ krb5_error_code sss_krb5_kt_have_content(krb5_context context,
return 0;
#endif
}
+
+#define KDC_PROXY_INDICATOR "https://"
+#define KDC_PROXY_INDICATOR_LEN (sizeof(KDC_PROXY_INDICATOR) - 1)
+
+bool sss_krb5_realm_has_proxy(const char *realm)
+{
+ krb5_context context = NULL;
+ krb5_error_code kerr;
+ struct _profile_t *profile = NULL;
+ const char *profile_path[4] = {"realms", NULL, "kdc", NULL};
+ char **list = NULL;
+ bool res = false;
+ size_t c;
+
+ if (realm == NULL) {
+ return false;
+ }
+
+ kerr = krb5_init_context(&context);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_OP_FAILURE, "krb5_init_context failed.\n");
+ return false;
+ }
+
+ kerr = krb5_get_profile(context, &profile);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_OP_FAILURE, "krb5_get_profile failed.\n");
+ goto done;
+ }
+
+ profile_path[1] = realm;
+
+ kerr = profile_get_values(profile, profile_path, &list);
+ if (kerr != 0) {
+ DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n");
+ goto done;
+ }
+
+ for (c = 0; list[c] != NULL; c++) {
+ if (strncasecmp(KDC_PROXY_INDICATOR, list[c],
+ KDC_PROXY_INDICATOR_LEN) == 0) {
+ DEBUG(SSSDBG_TRACE_ALL,
+ "Found KDC Proxy indicator [%s] in [%s].\n",
+ KDC_PROXY_INDICATOR, list[c]);
+ res = true;
+ break;
+ }
+ }
+
+done:
+ profile_free_list(list);
+ profile_release(profile);
+ krb5_free_context(context);
+
+ return res;
+}
generated by cgit (git 2.34.1) at 2024-05-02 23:26:12 +0000