summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_child.c49
-rw-r--r--src/providers/krb5/krb5_utils.c61
-rw-r--r--src/util/sss_krb5.c52
-rw-r--r--src/util/sss_krb5.h4
4 files changed, 78 insertions, 88 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index 4d12b90a..a7999b7e 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -1147,51 +1147,6 @@ done:
}
-static char * get_ccache_name_by_principal(TALLOC_CTX *mem_ctx,
- krb5_context ctx,
- krb5_principal principal,
- const char *ccname)
-{
- krb5_error_code kerr;
- krb5_ccache tmp_cc = NULL;
- char *tmp_ccname = NULL;
- char *ret_ccname = NULL;
-
- kerr = krb5_cc_set_default_name(ctx, ccname);
- if (kerr != 0) {
- KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr);
- return NULL;
- }
-
- kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc);
- if (kerr != 0) {
- KRB5_CHILD_DEBUG(SSSDBG_TRACE_INTERNAL, kerr);
- return NULL;
- }
-
- kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname);
- if (kerr !=0) {
- KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr);
- goto done;
- }
-
- ret_ccname = talloc_strdup(mem_ctx, tmp_ccname);
- if (ret_ccname == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n"));
- }
-
-done:
- if (tmp_cc != NULL) {
- kerr = krb5_cc_close(ctx, tmp_cc);
- if (kerr != 0) {
- KRB5_CHILD_DEBUG(SSSDBG_MINOR_FAILURE, kerr);
- }
- }
- krb5_free_string(ctx, tmp_ccname);
-
- return ret_ccname;
-}
-
static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
const char *password)
{
@@ -1250,8 +1205,8 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr,
* directly with file ccache (DIR::/...), but cache collection
* should be returned back to back end.
*/
- cc_name = get_ccache_name_by_principal(kr->pd, kr->ctx, principal,
- kr->ccname);
+ cc_name = sss_get_ccache_name_for_principal(kr->pd, kr->ctx, principal,
+ kr->ccname);
if (cc_name == NULL) {
cc_name = kr->ccname;
}
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
index 860c71b0..1b6d57c6 100644
--- a/src/providers/krb5/krb5_utils.c
+++ b/src/providers/krb5/krb5_utils.c
@@ -969,32 +969,6 @@ cc_dir_create(const char *location, pcre *illegal_re,
return create_ccache_dir_head(dir_name, illegal_re, uid, gid, private_path);
}
-static krb5_error_code
-get_ccache_for_princ(krb5_context context, const char *location,
- const char *princ, krb5_ccache *_ccache)
-{
- krb5_error_code krberr;
- krb5_principal client_principal = NULL;
-
- krberr = krb5_cc_set_default_name(context, location);
- if (krberr != 0) {
- KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
- DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_cc_resolve failed.\n"));
- return krberr;
- }
-
- krberr = krb5_parse_name(context, princ, &client_principal);
- if (krberr != 0) {
- KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
- DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n"));
- return krberr;
- }
-
- krberr = krb5_cc_cache_match(context, client_principal, _ccache);
- krb5_free_principal(context, client_principal);
- return krberr;
-}
-
errno_t
cc_dir_check_existing(const char *location, uid_t uid,
const char *realm, const char *princ,
@@ -1138,9 +1112,9 @@ cc_dir_cache_for_princ(TALLOC_CTX *mem_ctx, const char *location,
{
krb5_context context = NULL;
krb5_error_code krberr;
- krb5_ccache ccache = NULL;
- char *name;
+ char *name = NULL;
const char *ccname;
+ krb5_principal client_principal = NULL;
ccname = sss_krb5_residual_check_type(location, SSS_KRB5_TYPE_DIR);
if (!ccname) {
@@ -1160,27 +1134,32 @@ cc_dir_cache_for_princ(TALLOC_CTX *mem_ctx, const char *location,
return NULL;
}
- krberr = get_ccache_for_princ(context, location, princ, &ccache);
- if (krberr) {
- DEBUG(SSSDBG_TRACE_FUNC, ("No principal for %s in %s\n",
- princ, location));
- krb5_free_context(context);
- return NULL;
+ krberr = krb5_parse_name(context, princ, &client_principal);
+ if (krberr != 0) {
+ KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
+ DEBUG(SSSDBG_CRIT_FAILURE, ("krb5_parse_name failed.\n"));
+ goto done;
}
/* This function is called only as a way to validate that,
* we have the right cache
*/
- krberr = krb5_cc_get_full_name(context, ccache, &name);
- if (ccache) krb5_cc_close(context, ccache);
- krb5_free_context(context);
- if (krberr) {
- KRB5_DEBUG(SSSDBG_OP_FAILURE, context, krberr);
+ name = sss_get_ccache_name_for_principal(mem_ctx, context,
+ client_principal, location);
+ if (name == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get full name of ccache\n"));
- return NULL;
+ goto done;
}
- return talloc_strdup(mem_ctx, location);
+ talloc_zfree(name);
+ /* everytime return location for dir_cache */
+ name = talloc_strdup(mem_ctx, location);
+
+done:
+ krb5_free_principal(context, client_principal);
+ krb5_free_context(context);
+
+ return name;
}
errno_t
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 7d42e97f..204e0c2a 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -1179,3 +1179,55 @@ done:
return ENOTSUP;
#endif
}
+
+char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
+ krb5_context ctx,
+ krb5_principal principal,
+ const char *location)
+{
+#ifdef HAVE_KRB5_DIRCACHE
+ krb5_error_code kerr;
+ krb5_ccache tmp_cc = NULL;
+ char *tmp_ccname = NULL;
+ char *ret_ccname = NULL;
+
+ kerr = krb5_cc_set_default_name(ctx, location);
+ if (kerr != 0) {
+ KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+ return NULL;
+ }
+
+ kerr = krb5_cc_cache_match(ctx, principal, &tmp_cc);
+ if (kerr != 0) {
+ const char *err_msg = sss_krb5_get_error_message(ctx, kerr);
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ ("krb5_cc_cache_match failed: [%d][%s]\n", kerr, err_msg));
+ sss_krb5_free_error_message(ctx, err_msg);
+ return NULL;
+ }
+
+ kerr = krb5_cc_get_full_name(ctx, tmp_cc, &tmp_ccname);
+ if (kerr != 0) {
+ KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+ goto done;
+ }
+
+ ret_ccname = talloc_strdup(mem_ctx, tmp_ccname);
+ if (ret_ccname == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed (ENOMEM).\n"));
+ }
+
+done:
+ if (tmp_cc != NULL) {
+ kerr = krb5_cc_close(ctx, tmp_cc);
+ if (kerr != 0) {
+ KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
+ }
+ }
+ krb5_free_string(ctx, tmp_ccname);
+
+ return ret_ccname;
+#else
+ return NULL;
+#endif /* HAVE_KRB5_DIRCACHE */
+}
diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
index 4d3b9f7e..601a8acf 100644
--- a/src/util/sss_krb5.h
+++ b/src/util/sss_krb5.h
@@ -192,4 +192,8 @@ krb5_error_code sss_extract_pac(krb5_context ctx,
krb5_keytab keytab,
krb5_authdata ***_pac_authdata);
+char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
+ krb5_context ctx,
+ krb5_principal principal,
+ const char *location);
#endif /* __SSS_KRB5_H__ */