summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorAlexander Bokovoy <ab@samba.org>2012-05-10 00:00:03 +0300
committerAlexander Bokovoy <ab@samba.org>2012-05-23 17:51:49 +0300
commit1feb31246d00cdadf7624925a324f7f591c26b82 (patch)
treefa8faeb440dc5da00ba62a97adf9ae49f5e10e19 /lib
parentad945bc68f6b1e73a47bc0a33b35fcbf182f8137 (diff)
downloadsamba-1feb31246d00cdadf7624925a324f7f591c26b82.tar.gz
samba-1feb31246d00cdadf7624925a324f7f591c26b82.tar.bz2
samba-1feb31246d00cdadf7624925a324f7f591c26b82.zip
lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT Kerberos
In case krb5_cc_get_lifetime is not available, iterate over existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL, and use its lifetime. This is how it is implemented in Heimdal and how it was suggested to be done by MIT Kerberos developers.
Diffstat (limited to 'lib')
-rw-r--r--lib/krb5_wrap/krb5_samba.c41
1 files changed, 22 insertions, 19 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 16c690108f..572d39ebf5 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2144,34 +2144,37 @@ krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context,
krb5_ccache id,
time_t *t)
{
- krb5_error_code rc;
- krb5_creds mcreds;
- krb5_creds creds;
+ krb5_cc_cursor cursor;
+ krb5_error_code kerr;
+ krb5_creds cred;
krb5_timestamp now;
- ZERO_STRUCT(mcreds);
-
- mcreds.ticket_flags = TKT_FLG_INITIAL;
+ *t = 0;
- rc = krb5_cc_retrieve_cred(context,
- id,
- KRB5_TC_MATCH_FLAGS,
- &mcreds,
- &creds);
- if (rc != 0) {
- return rc;
+ kerr = krb5_timeofday(context, &now);
+ if (kerr) {
+ return kerr;
}
- rc = krb5_timeofday(context, &now);
- if (rc != 0) {
- return rc;
+ kerr = krb5_cc_start_seq_get(context, id, &cursor);
+ if (kerr) {
+ return kerr;
}
- *t = (time_t) (creds.times.endtime - now);
+ while ((kerr = krb5_cc_next_cred(context, id, &cursor, &cred)) == 0) {
+ if (cred.ticket_flags & TKT_FLG_INITIAL) {
+ if (now < cred.times.endtime) {
+ *t = (time_t) (cred.times.endtime - now);
+ }
+ krb5_free_cred_contents(context, &cred);
+ break;
+ }
+ krb5_free_cred_contents(context, &cred);
+ }
- krb5_free_creds(context, &creds);
+ krb5_cc_end_seq_get(context, id, &cursor);
- return 0;
+ return kerr;
}
#endif /* HAVE_KRB5_CC_GET_LIFETIME */