From 1feb31246d00cdadf7624925a324f7f591c26b82 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Thu, 10 May 2012 00:00:03 +0300 Subject: lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT Kerberos In case krb5_cc_get_lifetime is not available, iterate over existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL, and use its lifetime. This is how it is implemented in Heimdal and how it was suggested to be done by MIT Kerberos developers. --- lib/krb5_wrap/krb5_samba.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) (limited to 'lib/krb5_wrap') diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 16c690108f..572d39ebf5 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -2144,34 +2144,37 @@ krb5_error_code smb_krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) { - krb5_error_code rc; - krb5_creds mcreds; - krb5_creds creds; + krb5_cc_cursor cursor; + krb5_error_code kerr; + krb5_creds cred; krb5_timestamp now; - ZERO_STRUCT(mcreds); - - mcreds.ticket_flags = TKT_FLG_INITIAL; + *t = 0; - rc = krb5_cc_retrieve_cred(context, - id, - KRB5_TC_MATCH_FLAGS, - &mcreds, - &creds); - if (rc != 0) { - return rc; + kerr = krb5_timeofday(context, &now); + if (kerr) { + return kerr; } - rc = krb5_timeofday(context, &now); - if (rc != 0) { - return rc; + kerr = krb5_cc_start_seq_get(context, id, &cursor); + if (kerr) { + return kerr; } - *t = (time_t) (creds.times.endtime - now); + while ((kerr = krb5_cc_next_cred(context, id, &cursor, &cred)) == 0) { + if (cred.ticket_flags & TKT_FLG_INITIAL) { + if (now < cred.times.endtime) { + *t = (time_t) (cred.times.endtime - now); + } + krb5_free_cred_contents(context, &cred); + break; + } + krb5_free_cred_contents(context, &cred); + } - krb5_free_creds(context, &creds); + krb5_cc_end_seq_get(context, id, &cursor); - return 0; + return kerr; } #endif /* HAVE_KRB5_CC_GET_LIFETIME */ -- cgit