summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-05-17 13:49:30 +0200
committerStephen Gallagher <sgallagh@redhat.com>2012-06-14 15:52:29 -0400
commitf674270b1068e4ad51c80dcd528ae996a4fe99ef (patch)
tree09eb3ec1800de9016e72aaee786af173047f7173 /src
parentf232789430a080384188d5da89b19d874cf17513 (diff)
downloadsssd-f674270b1068e4ad51c80dcd528ae996a4fe99ef.tar.gz
sssd-f674270b1068e4ad51c80dcd528ae996a4fe99ef.tar.bz2
sssd-f674270b1068e4ad51c80dcd528ae996a4fe99ef.zip
Residual util functions
Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc.
Diffstat (limited to 'src')
-rw-r--r--src/util/sss_krb5.c86
-rw-r--r--src/util/sss_krb5.h16
2 files changed, 102 insertions, 0 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 81a1623e..5bc1140d 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -1124,3 +1124,89 @@ sss_krb5_read_etypes_for_keytab(TALLOC_CTX *mem_ctx,
talloc_free(tmp_ctx);
return ret;
}
+
+#define SSS_KRB5_FILE "FILE:"
+#define SSS_KRB5_DIR "DIR:"
+
+enum sss_krb5_cc_type
+sss_krb5_get_type(const char *full_location)
+{
+ if (!full_location) {
+ return SSS_KRB5_TYPE_UNKNOWN;
+ }
+
+ if (strncmp(full_location, SSS_KRB5_FILE,
+ sizeof(SSS_KRB5_FILE)-1) == 0) {
+ return SSS_KRB5_TYPE_FILE;
+ } else if (strncmp(full_location, SSS_KRB5_DIR,
+ sizeof(SSS_KRB5_DIR)-1) == 0) {
+ return SSS_KRB5_TYPE_DIR;
+ } else if (full_location[0] == '/') {
+ return SSS_KRB5_TYPE_FILE;
+ }
+
+ return SSS_KRB5_TYPE_UNKNOWN;
+}
+
+const char *
+sss_krb5_residual_by_type(const char *full_location,
+ enum sss_krb5_cc_type type)
+{
+ size_t offset;
+
+ if (full_location == NULL) return NULL;
+
+ switch (type) {
+ case SSS_KRB5_TYPE_FILE:
+ if (full_location[0] == '/') {
+ offset = 0;
+ } else {
+ offset = sizeof(SSS_KRB5_FILE)-1;
+ }
+ break;
+ case SSS_KRB5_TYPE_DIR:
+ offset = sizeof(SSS_KRB5_DIR)-1;
+ break;
+ default:
+ return NULL;
+ }
+
+ return full_location + offset;
+}
+
+const char *
+sss_krb5_cc_file_path(const char *full_location)
+{
+ enum sss_krb5_cc_type cc_type;
+ const char *residual;
+
+ cc_type = sss_krb5_get_type(full_location);
+ residual = sss_krb5_residual_by_type(full_location, cc_type);
+
+ switch(cc_type) {
+ case SSS_KRB5_TYPE_FILE:
+ return residual;
+ case SSS_KRB5_TYPE_DIR:
+ /* DIR::/run/user/tkt_foo */
+ if (residual[0] == ':') return residual+1;
+ case SSS_KRB5_TYPE_UNKNOWN:
+ break;
+ }
+
+ return NULL;
+}
+
+const char *
+sss_krb5_residual_check_type(const char *full_location,
+ enum sss_krb5_cc_type expected_type)
+{
+ enum sss_krb5_cc_type type;
+
+ type = sss_krb5_get_type(full_location);
+ if (type != expected_type) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Unexpected ccache type\n"));
+ return NULL;
+ }
+
+ return sss_krb5_residual_by_type(full_location, type);
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 12412585..bba2a7ed 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -122,6 +122,22 @@ sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal
void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts,
int canonicalize);
+enum sss_krb5_cc_type {
+ SSS_KRB5_TYPE_FILE,
+ SSS_KRB5_TYPE_DIR,
+ SSS_KRB5_TYPE_UNKNOWN
+};
+
+enum sss_krb5_cc_type
+sss_krb5_get_type(const char *full_location);
+const char *
+sss_krb5_residual_by_type(const char *full_location, enum sss_krb5_cc_type type);
+const char *
+sss_krb5_cc_file_path(const char *full_location);
+const char *
+sss_krb5_residual_check_type(const char *full_location,
+ enum sss_krb5_cc_type expected_type);
+
/* === Compatibility routines for the Heimdal Kerberos implementation === */
void sss_krb5_princ_realm(krb5_context context, krb5_const_principal princ,