diff options
| author | Günther Deschner <gd@samba.org> | 2009-11-12 00:52:38 +0100 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2010-01-13 14:01:00 +0100 |
| commit | 55bd846f208c536cf8bbe7e0da27558147e60364 (patch) | |
| tree | 82e21cde3d810880f4863d1f5bd5b6430d04978b /source | |
| parent | 31fd5b4df941ab43067f8251c05a93153e866365 (diff) | |
| download | samba-55bd846f208c536cf8bbe7e0da27558147e60364.tar.gz samba-55bd846f208c536cf8bbe7e0da27558147e60364.tar.xz samba-55bd846f208c536cf8bbe7e0da27558147e60364.zip | |
cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT.
Guenther
(cherry picked from commit b29eed492f1c056adb0b53510be10e738276ca11)
(cherry picked from commit cca1f7a80317e09208a9e56ff2744b113e0dfbc5)
Diffstat (limited to 'source')
| -rw-r--r-- | source/client/cifs.upcall.c | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/source/client/cifs.upcall.c b/source/client/cifs.upcall.c index 71e60c6d246..6d4ff755112 100644 --- a/source/client/cifs.upcall.c +++ b/source/client/cifs.upcall.c @@ -44,18 +44,6 @@ typedef enum _sectype { MS_KRB5 } sectype_t; -static inline int -k5_data_equal(krb5_data d1, krb5_data d2, unsigned int length) -{ - if (!length) - length = d1.length; - - return (d1.length == length && - d1.length == d2.length && - memcmp(d1.data, d2.data, length) == 0); - -} - /* does the ccache have a valid TGT? */ static time_t get_tgt_time(const char *ccname) { @@ -64,9 +52,8 @@ get_tgt_time(const char *ccname) { krb5_cc_cursor cur; krb5_creds creds; krb5_principal principal; - krb5_data tgt = { .data = "krbtgt", - .length = 6 }; time_t credtime = 0; + char *realm = NULL; if (krb5_init_context(&context)) { syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); @@ -93,16 +80,27 @@ get_tgt_time(const char *ccname) { goto err_ccstart; } + if ((realm = smb_krb5_principal_get_realm(context, principal)) == NULL) { + syslog(LOG_DEBUG, "%s: unable to get realm", __func__); + goto err_ccstart; + } + while (!credtime && !krb5_cc_next_cred(context, ccache, &cur, &creds)) { - if (k5_data_equal(creds.server->realm, principal->realm, 0) && - k5_data_equal(creds.server->data[0], tgt, tgt.length) && - k5_data_equal(creds.server->data[1], principal->realm, 0) && + char *name; + if (smb_krb5_unparse_name(context, creds.server, &name)) { + syslog(LOG_DEBUG, "%s: unable to unparse name", __func__); + goto err_endseq; + } + if (krb5_realm_compare(context, creds.server, principal) && + strnequal(name, KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE) && + strnequal(name+KRB5_TGS_NAME_SIZE+1, realm, strlen(realm)) && creds.times.endtime > time(NULL)) credtime = creds.times.endtime; krb5_free_cred_contents(context, &creds); + SAFE_FREE(name); } +err_endseq: krb5_cc_end_seq_get(context, ccache, &cur); - err_ccstart: krb5_free_principal(context, principal); err_princ: |