From 4d77466dafdb4def6681534e47c06aa07ccf6e17 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 27 Apr 2012 16:52:26 +0200 Subject: krb5samba: Add a smb_krb5_cc_get_lifetime() function. Signed-off-by: Simo Sorce --- lib/krb5_wrap/krb5_samba.c | 47 +++++++++++++++++++++++++++++++++ lib/krb5_wrap/krb5_samba.h | 12 +++++++++ source3/configure.in | 2 ++ source4/heimdal_build/wscript_configure | 1 + wscript_configure_krb5 | 3 ++- 5 files changed, 64 insertions(+), 1 deletion(-) diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 4bfc2531c6..ddebdd8ebd 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -2128,6 +2128,53 @@ krb5_error_code smb_krb5_make_principal(krb5_context context, } #endif +#if !defined(HAVE_KRB5_CC_GET_LIFETIME) && defined(HAVE_KRB5_CC_RETRIEVE_CRED) +/** + * @brief Get the lifetime of the initial ticket in the cache. + * + * @param[in] context The kerberos context. + * + * @param[in] id The credential cache to get the ticket lifetime. + * + * @param[out] t A pointer to a time value to store the lifetime. + * + * @return 0 on success, a krb5_error_code on error. + */ +krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context, + krb5_ccache id, + time_t *t) +{ + krb5_error_code rc; + krb5_creds mcreds; + krb5_creds creds; + krb5_timestamp now; + + ZERO_STRUCT(mcreds); + + mcreds.ticket_flags = TKT_FLG_INITIAL; + + rc = krb5_cc_retrieve_cred(context, + id, + KRB5_TC_MATCH_FLAGS, + &mcreds, + &creds); + if (rc != 0) { + return rc; + } + + rc = krb5_timeofday(context, &now); + if (rc != 0) { + return rc; + } + + *t = (time_t) (creds.times.endtime - now); + + krb5_free_creds(context, &creds); + + return 0; +} +#endif /* HAVE_KRB5_CC_GET_LIFETIME */ + /* * smb_krb5_principal_get_realm * diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 2c492642a6..f036e052b3 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -240,6 +240,18 @@ krb5_error_code smb_krb5_make_principal(krb5_context context, #else #error krb5_make_principal not available #endif + +#if defined(HAVE_KRB5_CC_GET_LIFETIME) +#define smb_krb5_cc_get_lifetime krb5_cc_get_lifetime +#elif defined(HAVE_KRB5_CC_RETRIEVE_CRED) +krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context, + krb5_ccache id, + time_t *t); +#else +#error krb5_cc_get_lifetime not available +#endif + + char *smb_krb5_principal_get_realm(krb5_context context, krb5_principal principal); diff --git a/source3/configure.in b/source3/configure.in index cec0ece343..edd1d1dfb3 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -3616,6 +3616,8 @@ if test x"$with_ads_support" != x"no"; then AC_CHECK_FUNC_EXT(krb5_free_host_realm, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_get_init_creds_keytab, $KRB5_LIBS) AC_CHECK_FUNC_EXT(krb5_build_principal_alloc_va, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_cc_get_lifetime, $KRB5_LIBS) + AC_CHECK_FUNC_EXT(krb5_cc_retrieve_cred, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_krb5_import_cred, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gss_get_name_attribute, $KRB5_LIBS) AC_CHECK_FUNC_EXT(gsskrb5_extract_authz_data_from_sec_context, $KRB5_LIBS) diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index d993eec4ed..8357f3aa42 100755 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -96,6 +96,7 @@ conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1) conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1) conf.define('HAVE_KRB5_ADDRESSES', 1) conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1) +conf.define('HAVE_KRB5_CC_GET_LIFETIME', 1) conf.define('HAVE_KRB5_CRYPTO', 1) conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1) conf.define('HAVE_KRB5_CRYPTO_INIT', 1) diff --git a/wscript_configure_krb5 b/wscript_configure_krb5 index 4a483ef702..37f883e38e 100644 --- a/wscript_configure_krb5 +++ b/wscript_configure_krb5 @@ -59,7 +59,8 @@ conf.CHECK_FUNCS(''' krb5_get_creds_opt_alloc krb5_get_creds_opt_set_impersonate krb5_get_creds krb5_get_credentials_for_user krb5_get_host_realm krb5_free_host_realm krb5_get_init_creds_keyblock krb5_get_init_creds_keytab - krb5_make_principal krb5_build_principal_alloc_va''', + krb5_make_principal krb5_build_principal_alloc_va + krb5_cc_get_lifetime krb5_cc_retrieve_cred''', lib='krb5 k5crypto') conf.CHECK_DECLS('''krb5_get_credentials_for_user krb5_auth_con_set_req_cksumtype''', -- cgit