diff options
author | Sumit Bose <sbose@redhat.com> | 2009-12-07 15:07:26 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2009-12-08 12:30:02 -0500 |
commit | b2016c8921421849b67c156b701f0c4ca23b55d6 (patch) | |
tree | 1e66a96ba12b6646bfa287ef0e038fc9cd6e1ead | |
parent | a81bec0c6ed16f3acd9e5a61c3646921889f0658 (diff) | |
download | sssd-b2016c8921421849b67c156b701f0c4ca23b55d6.tar.gz sssd-b2016c8921421849b67c156b701f0c4ca23b55d6.tar.bz2 sssd-b2016c8921421849b67c156b701f0c4ca23b55d6.zip |
Add dummy credentials to an empty ccache file
Application like krb5-auth-dialog might get confused if there is a
credential cache file without any credentials in it. This patch adds an
expired credential where only the client and the server principal are
set. The client principal is the user's principal and the server
principal corresponds to a TGT principal of the realm the user belongs
to.
-rw-r--r-- | server/providers/krb5/krb5_child.c | 56 |
1 files changed, 54 insertions, 2 deletions
diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index c0e9fbf2..2f485743 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -98,6 +98,49 @@ static const char *__krb5_error_msg; sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ } while(0); +static krb5_error_code create_empty_cred(struct krb5_req *kr, krb5_creds **_cred) +{ + krb5_error_code kerr; + krb5_creds *cred = NULL; + krb5_data *krb5_realm; + + cred = calloc(sizeof(krb5_creds), 1); + if (cred == NULL) { + DEBUG(1, ("calloc failed.\n")); + return ENOMEM; + } + + kerr = krb5_copy_principal(kr->ctx, kr->princ, &cred->client); + if (kerr != 0) { + DEBUG(1, ("krb5_copy_principal failed.\n")); + goto done; + } + + krb5_realm = krb5_princ_realm(kr->ctx, kr->princ); + + kerr = krb5_build_principal_ext(kr->ctx, &cred->server, + krb5_realm->length, krb5_realm->data, + KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, + krb5_realm->length, krb5_realm->data, 0); + if (kerr != 0) { + DEBUG(1, ("krb5_build_principal_ext failed.\n")); + goto done; + } + +done: + if (kerr != 0) { + if (cred != NULL && cred->client != NULL) { + krb5_free_principal(kr->ctx, cred->client); + } + + free(cred); + } else { + *_cred = cred; + } + + return kerr; +} + static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds) { krb5_error_code kerr; @@ -107,6 +150,7 @@ static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds size_t ccname_len; char *dummy; char *tmp_ccname; + krb5_creds *l_cred; if (strncmp(kr->ccname, "FILE:", 5) == 0) { cc_file_name = kr->ccname + 5; @@ -149,12 +193,20 @@ static krb5_error_code create_ccache_file(struct krb5_req *kr, krb5_creds *creds fd = -1; } - if (creds != NULL) { - kerr = krb5_cc_store_cred(kr->ctx, tmp_cc, creds); + if (creds == NULL) { + kerr = create_empty_cred(kr, &l_cred); if (kerr != 0) { KRB5_DEBUG(1, kerr); goto done; } + } else { + l_cred = creds; + } + + kerr = krb5_cc_store_cred(kr->ctx, tmp_cc, l_cred); + if (kerr != 0) { + KRB5_DEBUG(1, kerr); + goto done; } kerr = krb5_cc_close(kr->ctx, tmp_cc); |