diff options
Diffstat (limited to 'source3/libads')
-rw-r--r-- | source3/libads/kerberos.c | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 29e5661d3c..02e14f468d 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -487,6 +487,58 @@ char* kerberos_secrets_fetch_des_salt( void ) return salt; } +/************************************************************************ + Routine to get the default realm from the kerberos credentials cache. + Caller must free if the return value is not NULL. +************************************************************************/ + +char *kerberos_get_default_realm_from_ccache( void ) +{ + char *realm = NULL; + krb5_context ctx = NULL; + krb5_ccache cc = NULL; + krb5_principal princ = NULL; + + initialize_krb5_error_table(); + if (krb5_init_context(&ctx)) { + return NULL; + } + + DEBUG(5,("kerberos_get_default_realm_from_ccache: " + "Trying to read krb5 cache: %s\n", + krb5_cc_default_name(ctx))); + if (krb5_cc_default(ctx, &cc)) { + DEBUG(0,("kerberos_get_default_realm_from_ccache: " + "failed to read default cache\n")); + goto out; + } + if (krb5_cc_get_principal(ctx, cc, &princ)) { + DEBUG(0,("kerberos_get_default_realm_from_ccache: " + "failed to get default principal\n")); + goto done; + } + +#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM) + realm = SMB_STRDUP(krb5_principal_get_realm(ctx, princ)); +#elif defined(HAVE_KRB5_PRINC_REALM) + realm = SMB_STRDUP(krb5_princ_realm(ctx, princ)->data); +#endif + + out: + + if (princ) { + krb5_free_principal(ctx, princ); + } + if (cc) { + krb5_cc_close(ctx, cc); + } + if (ctx) { + krb5_free_context(ctx); + } +done: + return realm; +} + /************************************************************************ Routine to get the salting principal for this service. This is |