diff options
author | Simo Sorce <idra@samba.org> | 2012-04-02 23:41:32 -0400 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2012-04-12 12:06:43 +0200 |
commit | 1f1e4275b5fafbad1b5719f5efba7ee66f6d3037 (patch) | |
tree | bb45931ea2e62c9c6cf3a1d2ed8094e782ae88a0 /source3/libsmb/clikrb5.c | |
parent | 46ab21900555ba2f6ef06417095d50f14a2be676 (diff) | |
download | samba-1f1e4275b5fafbad1b5719f5efba7ee66f6d3037.tar.gz samba-1f1e4275b5fafbad1b5719f5efba7ee66f6d3037.tar.bz2 samba-1f1e4275b5fafbad1b5719f5efba7ee66f6d3037.zip |
clikrb5: Move pure krb wrapper functions from libads to clikrb5.
Signed-off-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/libsmb/clikrb5.c')
-rw-r--r-- | source3/libsmb/clikrb5.c | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 9e03b30c35..792400b3ce 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -1439,6 +1439,148 @@ char *smb_krb5_principal_get_realm(krb5_context context, #endif } +/************************************************************************ + Routine to get the default realm from the kerberos credentials cache. + Caller must free if the return value is not NULL. +************************************************************************/ + +static char *smb_krb5_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx) +{ + char *realm = NULL; + krb5_context ctx = NULL; + krb5_ccache cc = NULL; + krb5_principal princ = NULL; + + initialize_krb5_error_table(); + if (krb5_init_context(&ctx)) { + return NULL; + } + + DEBUG(5,("kerberos_get_default_realm_from_ccache: " + "Trying to read krb5 cache: %s\n", + krb5_cc_default_name(ctx))); + if (krb5_cc_default(ctx, &cc)) { + DEBUG(0,("kerberos_get_default_realm_from_ccache: " + "failed to read default cache\n")); + goto out; + } + if (krb5_cc_get_principal(ctx, cc, &princ)) { + DEBUG(0,("kerberos_get_default_realm_from_ccache: " + "failed to get default principal\n")); + goto out; + } + +#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM) + realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ)); +#elif defined(HAVE_KRB5_PRINC_REALM) + { + krb5_data *realm_data = krb5_princ_realm(ctx, princ); + realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length); + } +#endif + + out: + + if (ctx) { + if (princ) { + krb5_free_principal(ctx, princ); + } + if (cc) { + krb5_cc_close(ctx, cc); + } + krb5_free_context(ctx); + } + + return realm; +} + +/************************************************************************ + Routine to get the realm from a given DNS name. +************************************************************************/ + +static char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx, + const char *hostname) +{ +#if defined(HAVE_KRB5_REALM_TYPE) + /* Heimdal. */ + krb5_realm *realm_list = NULL; +#else + /* MIT */ + char **realm_list = NULL; +#endif + char *realm = NULL; + krb5_error_code kerr; + krb5_context ctx = NULL; + + initialize_krb5_error_table(); + if (krb5_init_context(&ctx)) { + return NULL; + } + + kerr = krb5_get_host_realm(ctx, hostname, &realm_list); + if (kerr != 0) { + DEBUG(3,("kerberos_get_realm_from_hostname %s: " + "failed %s\n", + hostname ? hostname : "(NULL)", + error_message(kerr) )); + goto out; + } + + if (realm_list && realm_list[0]) { + realm = talloc_strdup(mem_ctx, realm_list[0]); + } + + out: + + if (ctx) { + if (realm_list) { + krb5_free_host_realm(ctx, realm_list); + realm_list = NULL; + } + krb5_free_context(ctx); + ctx = NULL; + } + return realm; +} + +char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx, + const char *service, + const char *remote_name) +{ + char *realm = NULL; + char *host = NULL; + char *principal; + host = strchr_m(remote_name, '.'); + if (host) { + /* DNS name. */ + realm = smb_krb5_get_realm_from_hostname(talloc_tos(), + remote_name); + } else { + /* NetBIOS name - use our realm. */ + realm = smb_krb5_get_default_realm_from_ccache(talloc_tos()); + } + + if (realm == NULL || *realm == '\0') { + realm = talloc_strdup(talloc_tos(), lp_realm()); + if (!realm) { + return NULL; + } + DEBUG(3,("kerberos_get_principal_from_service_hostname: " + "cannot get realm from, " + "desthost %s or default ccache. Using default " + "smb.conf realm %s\n", + remote_name, + realm)); + } + + principal = talloc_asprintf(mem_ctx, + "%s/%s@%s", + service, remote_name, + realm); + TALLOC_FREE(realm); + return principal; +} + #else /* HAVE_KRB5 */ /* this saves a few linking headaches */ int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx, |