summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2009-12-07 15:07:26 +0100
committerStephen Gallagher <sgallagh@redhat.com>2009-12-08 12:30:02 -0500
commitb2016c8921421849b67c156b701f0c4ca23b55d6 (patch)
tree1e66a96ba12b6646bfa287ef0e038fc9cd6e1ead
parenta81bec0c6ed16f3acd9e5a61c3646921889f0658 (diff)
downloadsssd-b2016c8921421849b67c156b701f0c4ca23b55d6.tar.gz
sssd-b2016c8921421849b67c156b701f0c4ca23b55d6.tar.bz2
sssd-b2016c8921421849b67c156b701f0c4ca23b55d6.zip
Add dummy credentials to an empty ccache file
Application like krb5-auth-dialog might get confused if there is a credential cache file without any credentials in it. This patch adds an expired credential where only the client and the server principal are set. The client principal is the user's principal and the server principal corresponds to a TGT principal of the realm the user belongs to.
-rw-r--r--server/providers/krb5/krb5_child.c56
1 files changed, 54 insertions, 2 deletions
diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c
index c0e9fbf2..2f485743 100644
--- a/server/providers/krb5/krb5_child.c
+++ b/server/providers/krb5/krb5_child.c
@@ -98,6 +98,49 @@ static const char *__krb5_error_msg;
sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
} while(0);
+static krb5_error_code create_empty_cred(struct krb5_req *kr, krb5_creds **_cred)
+{
+ krb5_error_code kerr;
+ krb5_creds *cred = NULL;
+ krb5_data *krb5_realm;
+
+ cred = calloc(sizeof(krb5_creds), 1);
+ if (cred == NULL) {
+ DEBUG(1, ("calloc failed.\n"));
+ return ENOMEM;
+ }
+
+ kerr = krb5_copy_principal(kr->ctx, kr->princ, &cred->client);
+ if (kerr != 0) {
+ DEBUG(1, ("krb5_copy_principal failed.\n"));
+ goto done;
+ }
+
+ krb5_realm = krb5_princ_realm(kr->ctx, kr->princ);
+
+ kerr = krb5_build_principal_ext(kr->ctx, &cred->server,
+ krb5_realm->length, krb5_realm->data,
+ KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+ krb5_realm->length, krb5_realm->data, 0);
+ if (kerr != 0) {
+ DEBUG(1, ("krb5_build_principal_ext failed.\n"));
+ goto done;
+ }
+
+done:
+ if (kerr != 0) {
+ if (cred != NULL && cred->client != NULL) {
+ krb5_free_principal(kr->ctx, cred->client);
+ }
+
+ free(cred);
+ } else {
+ *_cred = cred;
+ }
+
+ return kerr;
+}
+
static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds)
{
krb5_error_code kerr;
@@ -107,6 +150,7 @@ static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds
size_t ccname_len;
char *dummy;
char *tmp_ccname;
+ krb5_creds *l_cred;
if (strncmp(kr->ccname, "FILE:", 5) == 0) {
cc_file_name = kr->ccname + 5;
@@ -149,12 +193,20 @@ static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds
fd = -1;
}
- if (creds != NULL) {
- kerr = krb5_cc_store_cred(kr->ctx, tmp_cc, creds);
+ if (creds == NULL) {
+ kerr = create_empty_cred(kr, &l_cred);
if (kerr != 0) {
KRB5_DEBUG(1, kerr);
goto done;
}
+ } else {
+ l_cred = creds;
+ }
+
+ kerr = krb5_cc_store_cred(kr->ctx, tmp_cc, l_cred);
+ if (kerr != 0) {
+ KRB5_DEBUG(1, kerr);
+ goto done;
}
kerr = krb5_cc_close(kr->ctx, tmp_cc);