diff options
| author | Simo Sorce <simo@redhat.com> | 2013-08-30 12:27:49 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-09-09 15:11:45 -0400 |
| commit | c121e65ed592bf3611053ee38032fd33c8d1b285 (patch) | |
| tree | b17ab2dffe90794180e829db25399e3242c5f181 /src/providers/krb5 | |
| parent | 5dc3b01fd9b2fa244e7c2820ce04602c9f059370 (diff) | |
| download | sssd-c121e65ed592bf3611053ee38032fd33c8d1b285.tar.gz sssd-c121e65ed592bf3611053ee38032fd33c8d1b285.tar.bz2 sssd-c121e65ed592bf3611053ee38032fd33c8d1b285.zip | |
krb5: Make check_for_valid_tgt() static
check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
Diffstat (limited to 'src/providers/krb5')
| -rw-r--r-- | src/providers/krb5/krb5_utils.c | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index b174462e..463a5eb4 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -761,6 +761,80 @@ done: return ret; } +static krb5_error_code check_for_valid_tgt(krb5_context context, + krb5_ccache ccache, + const char *realm, + const char *client_princ_str, + bool *result) +{ + krb5_error_code krberr; + TALLOC_CTX *tmp_ctx = NULL; + krb5_creds mcred; + krb5_creds cred; + char *server_name = NULL; + krb5_principal client_principal = NULL; + krb5_principal server_principal = NULL; + + *result = false; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(1, ("talloc_new failed.\n")); + return ENOMEM; + } + + server_name = talloc_asprintf(tmp_ctx, "krbtgt/%s@%s", realm, realm); + if (server_name == NULL) { + DEBUG(1, ("talloc_asprintf failed.\n")); + krberr = ENOMEM; + goto done; + } + + krberr = krb5_parse_name(context, server_name, &server_principal); + if (krberr != 0) { + DEBUG(1, ("krb5_parse_name failed.\n")); + goto done; + } + + krberr = krb5_parse_name(context, client_princ_str, &client_principal); + if (krberr != 0) { + DEBUG(1, ("krb5_parse_name failed.\n")); + goto done; + } + + memset(&mcred, 0, sizeof(mcred)); + memset(&cred, 0, sizeof(mcred)); + mcred.client = client_principal; + mcred.server = server_principal; + + krberr = krb5_cc_retrieve_cred(context, ccache, 0, &mcred, &cred); + if (krberr != 0) { + DEBUG(1, ("krb5_cc_retrieve_cred failed.\n")); + krberr = 0; + goto done; + } + + DEBUG(7, ("TGT end time [%d].\n", cred.times.endtime)); + + if (cred.times.endtime > time(NULL)) { + DEBUG(3, ("TGT is valid.\n")); + *result = true; + } + krb5_free_cred_contents(context, &cred); + + krberr = 0; + +done: + if (client_principal != NULL) { + krb5_free_principal(context, client_principal); + } + if (server_principal != NULL) { + krb5_free_principal(context, server_principal); + } + talloc_free(tmp_ctx); + return krberr; +} + static errno_t check_cc_validity(const char *location, const char *realm, |