summaryrefslogtreecommitdiff
path: root/server/providers
diff options
context:
space:
mode:
Diffstat (limited to 'server/providers')
-rw-r--r--server/providers/krb5/krb5_auth.h1
-rw-r--r--server/providers/krb5/krb5_child.c40
-rw-r--r--server/providers/krb5/krb5_common.h6
-rw-r--r--server/providers/ldap/sdap_async.c16
4 files changed, 17 insertions, 46 deletions
diff --git a/server/providers/krb5/krb5_auth.h b/server/providers/krb5/krb5_auth.h
index 95647e31..84eafec8 100644
--- a/server/providers/krb5/krb5_auth.h
+++ b/server/providers/krb5/krb5_auth.h
@@ -26,6 +26,7 @@
#ifndef __KRB5_AUTH_H__
#define __KRB5_AUTH_H__
+#include "util/sss_krb5.h"
#include "providers/dp_backend.h"
#include "providers/krb5/krb5_common.h"
diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c
index e67ff889..319775a2 100644
--- a/server/providers/krb5/krb5_child.c
+++ b/server/providers/krb5/krb5_child.c
@@ -90,19 +90,13 @@ struct krb5_req {
char *ccname;
};
-#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
static krb5_context krb5_error_ctx;
static const char *__krb5_error_msg;
#define KRB5_DEBUG(level, krb5_error) do { \
- __krb5_error_msg = krb5_get_error_message(krb5_error_ctx, krb5_error); \
+ __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \
DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \
- krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
+ sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
} while(0);
-#else
-#define KRB5_DEBUG(level, krb5_error) do { \
- DEBUG(level, ("%d: kerberos error [%d]\n", __LINE__, krb5_error)); \
-} while(0);
-#endif
struct response {
size_t max_size;
@@ -181,20 +175,14 @@ static struct response *prepare_response_message(struct krb5_req *kr,
ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg);
talloc_zfree(msg);
} else {
-#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
- krb5_msg = krb5_get_error_message(krb5_error_ctx, kerr);
+ krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr);
if (krb5_msg == NULL) {
- DEBUG(1, ("krb5_get_error_message failed.\n"));
+ DEBUG(1, ("sss_krb5_get_error_message failed.\n"));
return NULL;
}
ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, krb5_msg);
- krb5_free_error_message(krb5_error_ctx, krb5_msg);
-#else
- msg = talloc_asprintf(kr, "Kerberos error [%d]", kerr);
- ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, msg);
- talloc_zfree(msg);
-#endif
+ sss_krb5_free_error_message(krb5_error_ctx, krb5_msg);
}
if (ret != EOK) {
@@ -536,11 +524,7 @@ static int krb5_cleanup(void *ptr)
if (kr == NULL) return EOK;
if (kr->options != NULL) {
-#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
- krb5_get_init_creds_opt_free(kr->ctx, kr->options);
-#else
- free(kr->options);
-#endif
+ sss_krb5_get_init_creds_opt_free(kr->ctx, kr->options);
}
if (kr->creds != NULL) {
@@ -639,21 +623,11 @@ static int krb5_setup(struct pam_data *pd, const char *user_princ_str,
goto failed;
}
-#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
- kerr = krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
+ kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
if (kerr != 0) {
KRB5_DEBUG(1, kerr);
goto failed;
}
-#else
- kr->options = calloc(1, sizeof(krb5_get_init_creds_opt));
- if (kr->options == NULL) {
- DEBUG(1, ("calloc failed.\n"));
- kerr = ENOMEM;
- goto failed;
- }
- krb5_get_init_creds_opt_init(&kr->options);
-#endif
/* TODO: set options, e.g.
* krb5_get_init_creds_opt_set_tkt_life
diff --git a/server/providers/krb5/krb5_common.h b/server/providers/krb5/krb5_common.h
index 5d784a55..60f6a82f 100644
--- a/server/providers/krb5/krb5_common.h
+++ b/server/providers/krb5/krb5_common.h
@@ -28,14 +28,10 @@
#include "config.h"
#include <stdbool.h>
-#ifdef HAVE_KRB5_KRB5_H
-#include <krb5/krb5.h>
-#else
-#include <krb5.h>
-#endif
#include "providers/dp_backend.h"
#include "util/util.h"
+#include "util/sss_krb5.h"
#define SSSD_KRB5_KDC "SSSD_KRB5_KDC"
#define SSSD_KRB5_REALM "SSSD_KRB5_REALM"
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c
index dfdd267e..bce25419 100644
--- a/server/providers/ldap/sdap_async.c
+++ b/server/providers/ldap/sdap_async.c
@@ -20,11 +20,11 @@
*/
#include <ctype.h>
#include <sasl/sasl.h>
-#include <krb5/krb5.h>
#include "db/sysdb.h"
#include "providers/ldap/sdap_async.h"
#include "util/util.h"
+#include "util/sss_krb5.h"
#define REALM_SEPARATOR '@'
@@ -991,7 +991,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_get_default_realm(context, &realm_name);
if (krberr) {
DEBUG(2, ("Failed to get default realm name: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1032,7 +1032,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_parse_name(context, full_princ, &kprinc);
if (krberr) {
DEBUG(2, ("Unable to build principal: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1044,7 +1044,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
}
if (krberr) {
DEBUG(2, ("Failed to read keytab file: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1065,7 +1065,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_cc_resolve(context, ccname, &ccache);
if (krberr) {
DEBUG(2, ("Failed to set cache name: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1084,7 +1084,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
if (krberr) {
DEBUG(2, ("Failed to init credentials: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1092,7 +1092,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_cc_initialize(context, ccache, kprinc);
if (krberr) {
DEBUG(2, ("Failed to init ccache: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1100,7 +1100,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_cc_store_cred(context, ccache, &my_creds);
if (krberr) {
DEBUG(2, ("Failed to store creds: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}