diff options
author | Alexander Bokovoy <ab@samba.org> | 2012-05-10 00:00:03 +0300 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2012-05-23 17:51:49 +0300 |
commit | 1feb31246d00cdadf7624925a324f7f591c26b82 (patch) | |
tree | fa8faeb440dc5da00ba62a97adf9ae49f5e10e19 /lib | |
parent | ad945bc68f6b1e73a47bc0a33b35fcbf182f8137 (diff) | |
download | samba-1feb31246d00cdadf7624925a324f7f591c26b82.tar.gz samba-1feb31246d00cdadf7624925a324f7f591c26b82.tar.bz2 samba-1feb31246d00cdadf7624925a324f7f591c26b82.zip |
lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT Kerberos
In case krb5_cc_get_lifetime is not available, iterate over
existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL,
and use its lifetime. This is how it is implemented in Heimdal and
how it was suggested to be done by MIT Kerberos developers.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/krb5_wrap/krb5_samba.c | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 16c690108f..572d39ebf5 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -2144,34 +2144,37 @@ krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) { - krb5_error_code rc; - krb5_creds mcreds; - krb5_creds creds; + krb5_cc_cursor cursor; + krb5_error_code kerr; + krb5_creds cred; krb5_timestamp now; - ZERO_STRUCT(mcreds); - - mcreds.ticket_flags = TKT_FLG_INITIAL; + *t = 0; - rc = krb5_cc_retrieve_cred(context, - id, - KRB5_TC_MATCH_FLAGS, - &mcreds, - &creds); - if (rc != 0) { - return rc; + kerr = krb5_timeofday(context, &now); + if (kerr) { + return kerr; } - rc = krb5_timeofday(context, &now); - if (rc != 0) { - return rc; + kerr = krb5_cc_start_seq_get(context, id, &cursor); + if (kerr) { + return kerr; } - *t = (time_t) (creds.times.endtime - now); + while ((kerr = krb5_cc_next_cred(context, id, &cursor, &cred)) == 0) { + if (cred.ticket_flags & TKT_FLG_INITIAL) { + if (now < cred.times.endtime) { + *t = (time_t) (cred.times.endtime - now); + } + krb5_free_cred_contents(context, &cred); + break; + } + krb5_free_cred_contents(context, &cred); + } - krb5_free_creds(context, &creds); + krb5_cc_end_seq_get(context, id, &cursor); - return 0; + return kerr; } #endif /* HAVE_KRB5_CC_GET_LIFETIME */ |