From 2313a32ea75f9433e36fc03c6fb83c4eff8379d8 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 7 Dec 2009 15:07:26 +0100
Subject: Add dummy credentials to an empty ccache file

Application like krb5-auth-dialog might get confused if there is a
credential cache file without any credentials in it. This patch adds an
expired credential where only the client and the server principal are
set. The client principal is the user's principal and the server
principal corresponds to a TGT principal of the realm the user belongs
to.
---
 server/providers/krb5/krb5_child.c | 56 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 54 insertions(+), 2 deletions(-)

diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c
index c0e9fbf2d..2f4857432 100644
--- a/server/providers/krb5/krb5_child.c
+++ b/server/providers/krb5/krb5_child.c
@@ -98,6 +98,49 @@ static const char *__krb5_error_msg;
     sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
 } while(0);
 
+static krb5_error_code create_empty_cred(struct krb5_req *kr, krb5_creds **_cred)
+{
+    krb5_error_code kerr;
+    krb5_creds *cred = NULL;
+    krb5_data *krb5_realm;
+
+    cred = calloc(sizeof(krb5_creds), 1);
+    if (cred == NULL) {
+        DEBUG(1, ("calloc failed.\n"));
+        return ENOMEM;
+    }
+
+    kerr = krb5_copy_principal(kr->ctx, kr->princ, &cred->client);
+    if (kerr != 0) {
+        DEBUG(1, ("krb5_copy_principal failed.\n"));
+        goto done;
+    }
+
+    krb5_realm = krb5_princ_realm(kr->ctx, kr->princ);
+
+    kerr = krb5_build_principal_ext(kr->ctx, &cred->server,
+                                    krb5_realm->length, krb5_realm->data,
+                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+                                    krb5_realm->length, krb5_realm->data, 0);
+    if (kerr != 0) {
+        DEBUG(1, ("krb5_build_principal_ext failed.\n"));
+        goto done;
+    }
+
+done:
+    if (kerr != 0) {
+        if (cred != NULL && cred->client != NULL) {
+            krb5_free_principal(kr->ctx, cred->client);
+        }
+
+        free(cred);
+    } else {
+        *_cred = cred;
+    }
+
+    return kerr;
+}
+
 static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds)
 {
     krb5_error_code kerr;
@@ -107,6 +150,7 @@ static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds
     size_t ccname_len;
     char *dummy;
     char *tmp_ccname;
+    krb5_creds *l_cred;
 
     if (strncmp(kr->ccname, "FILE:", 5) == 0) {
         cc_file_name = kr->ccname + 5;
@@ -149,12 +193,20 @@ static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds
         fd = -1;
     }
 
-    if (creds != NULL) {
-        kerr = krb5_cc_store_cred(kr->ctx, tmp_cc, creds);
+    if (creds == NULL) {
+        kerr = create_empty_cred(kr, &l_cred);
         if (kerr != 0) {
             KRB5_DEBUG(1, kerr);
             goto done;
         }
+    } else {
+        l_cred = creds;
+    }
+
+    kerr = krb5_cc_store_cred(kr->ctx, tmp_cc, l_cred);
+    if (kerr != 0) {
+        KRB5_DEBUG(1, kerr);
+        goto done;
     }
 
     kerr = krb5_cc_close(kr->ctx, tmp_cc);
-- 
cgit