diff options
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 21 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child.c | 29 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.h | 7 |
3 files changed, 57 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 9dc7a2c9..974e7684 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -39,6 +39,9 @@ #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_utils.h" +#define TIME_T_MAX LONG_MAX +#define int64_to_time_t(val) ((time_t)((val) < TIME_T_MAX ? val : TIME_T_MAX)) + static errno_t safe_remove_old_ccache_file(const char *old_ccache_file, const char *new_ccache_file) { @@ -688,6 +691,10 @@ static void krb5_child_done(struct tevent_req *subreq) int32_t msg_status; int32_t msg_type; int32_t msg_len; + int64_t time_data; + struct tgt_times tgtt; + + memset(&tgtt, 0, sizeof(tgtt)); ret = handle_child_recv(subreq, pd, &buf, &len); talloc_zfree(subreq); @@ -751,6 +758,20 @@ static void krb5_child_done(struct tevent_req *subreq) } } + if (msg_type == SSS_KRB5_INFO_TGT_LIFETIME && + msg_len == 4*sizeof(int64_t)) { + SAFEALIGN_COPY_INT64(&time_data, buf+p, NULL); + tgtt.authtime = int64_to_time_t(time_data); + SAFEALIGN_COPY_INT64(&time_data, buf+p+sizeof(int64_t), NULL); + tgtt.starttime = int64_to_time_t(time_data); + SAFEALIGN_COPY_INT64(&time_data, buf+p+2*sizeof(int64_t), NULL); + tgtt.endtime = int64_to_time_t(time_data); + SAFEALIGN_COPY_INT64(&time_data, buf+p+3*sizeof(int64_t), NULL); + tgtt.renew_till = int64_to_time_t(time_data); + DEBUG(7, ("TGT times are [%d][%d][%d][%d].\n", tgtt.authtime, + tgtt.starttime, tgtt.endtime, tgtt.renew_till)); + } + ret = pam_add_response(pd, msg_type, msg_len, &buf[p]); if (ret != EOK) { /* This is not a fatal error */ diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index f29869bc..c12478f1 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -456,6 +456,25 @@ static errno_t sendresponse(int fd, krb5_error_code kerr, int pam_status, return EOK; } +static errno_t add_ticket_times_to_response(struct krb5_req *kr) +{ + int ret; + int64_t t[4]; + + t[0] = (int64_t) kr->creds->times.authtime; + t[1] = (int64_t) kr->creds->times.starttime; + t[2] = (int64_t) kr->creds->times.endtime; + t[3] = (int64_t) kr->creds->times.renew_till; + + ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME, + 4*sizeof(int64_t), (uint8_t *) t); + if (ret != EOK) { + DEBUG(1, ("pack_response_packet failed.\n")); + } + + return ret; +} + static krb5_error_code validate_tgt(struct krb5_req *kr) { krb5_error_code kerr; @@ -595,6 +614,11 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, goto done; } + ret = add_ticket_times_to_response(kr); + if (ret != EOK) { + DEBUG(1, ("add_ticket_times_to_response failed.\n")); + } + kerr = 0; done: @@ -941,6 +965,11 @@ static errno_t renew_tgt_child(int fd, struct krb5_req *kr) goto done; } + ret = add_ticket_times_to_response(kr); + if (ret != EOK) { + DEBUG(1, ("add_ticket_times_to_response failed.\n")); + } + status = PAM_SUCCESS; done: diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 01d2dbfc..68e4426a 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -62,6 +62,13 @@ enum krb5_opts { typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type; +struct tgt_times { + time_t authtime; + time_t starttime; + time_t endtime; + time_t renew_till; +}; + struct krb5_service { char *name; char *address; |