krb5samba: Add a smb_krb5_cc_get_lifetime() function.

Signed-off-by: Simo Sorce <idra@samba.org>

5 files changed, 64 insertions, 1 deletions

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 4bfc2531c6..ddebdd8ebd 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2128,6 +2128,53 @@ krb5_error_code smb_krb5_make_principal(krb5_context context,
 }
 #endif
 
+#if !defined(HAVE_KRB5_CC_GET_LIFETIME) && defined(HAVE_KRB5_CC_RETRIEVE_CRED)
+/**
+ * @brief Get the lifetime of the initial ticket in the cache.
+ *
+ * @param[in]  context  The kerberos context.
+ *
+ * @param[in]  id       The credential cache to get the ticket lifetime.
+ *
+ * @param[out] t        A pointer to a time value to store the lifetime.
+ *
+ * @return              0 on success, a krb5_error_code on error.
+ */
+krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context,
+					 krb5_ccache id,
+					 time_t *t)
+{
+	krb5_error_code rc;
+	krb5_creds mcreds;
+	krb5_creds creds;
+	krb5_timestamp now;
+
+	ZERO_STRUCT(mcreds);
+
+	mcreds.ticket_flags = TKT_FLG_INITIAL;
+
+	rc = krb5_cc_retrieve_cred(context,
+				   id,
+				   KRB5_TC_MATCH_FLAGS,
+				   &mcreds,
+				   &creds);
+	if (rc != 0) {
+		return rc;
+	}
+
+	rc = krb5_timeofday(context, &now);
+	if (rc != 0) {
+		return rc;
+	}
+
+	*t = (time_t) (creds.times.endtime - now);
+
+	krb5_free_creds(context, &creds);
+
+	return 0;
+}
+#endif /* HAVE_KRB5_CC_GET_LIFETIME */
+
 /*
  * smb_krb5_principal_get_realm
  *
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 2c492642a6..f036e052b3 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -240,6 +240,18 @@ krb5_error_code smb_krb5_make_principal(krb5_context context,
 #else
 #error krb5_make_principal not available
 #endif
+
+#if defined(HAVE_KRB5_CC_GET_LIFETIME)
+#define smb_krb5_cc_get_lifetime krb5_cc_get_lifetime
+#elif defined(HAVE_KRB5_CC_RETRIEVE_CRED)
+krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context,
+					 krb5_ccache id,
+					 time_t *t);
+#else
+#error krb5_cc_get_lifetime not available
+#endif
+
+
 char *smb_krb5_principal_get_realm(krb5_context context,
 				   krb5_principal principal);
 
diff --git a/source3/configure.in b/source3/configure.in
index cec0ece343..edd1d1dfb3 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3616,6 +3616,8 @@ if test x"$with_ads_support" != x"no"; then
   AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_get_init_creds_keytab, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_build_principal_alloc_va, $KRB5_LIBS)
+  AC_CHECK_FUNC_EXT(krb5_cc_get_lifetime, $KRB5_LIBS)
+  AC_CHECK_FUNC_EXT(krb5_cc_retrieve_cred, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS)
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index d993eec4ed..8357f3aa42 100755
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -96,6 +96,7 @@ conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
 conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
 conf.define('HAVE_KRB5_ADDRESSES', 1)
 conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
+conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1)
 conf.define('HAVE_KRB5_CRYPTO', 1)
 conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
 conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
diff --git a/wscript_configure_krb5 b/wscript_configure_krb5
index 4a483ef702..37f883e38e 100644
--- a/wscript_configure_krb5
+++ b/wscript_configure_krb5
@@ -59,7 +59,8 @@ conf.CHECK_FUNCS('''
        krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds
        krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm
        krb5_get_init_creds_keyblock krb5_get_init_creds_keytab
-       krb5_make_principal krb5_build_principal_alloc_va''',
+       krb5_make_principal krb5_build_principal_alloc_va
+       krb5_cc_get_lifetime krb5_cc_retrieve_cred''',
      lib='krb5 k5crypto')
 conf.CHECK_DECLS('''krb5_get_credentials_for_user
                     krb5_auth_con_set_req_cksumtype''',