diff options
Diffstat (limited to 'server/providers')
-rw-r--r-- | server/providers/krb5/krb5_auth.h | 1 | ||||
-rw-r--r-- | server/providers/krb5/krb5_child.c | 40 | ||||
-rw-r--r-- | server/providers/krb5/krb5_common.h | 6 | ||||
-rw-r--r-- | server/providers/ldap/sdap_async.c | 16 |
4 files changed, 17 insertions, 46 deletions
diff --git a/server/providers/krb5/krb5_auth.h b/server/providers/krb5/krb5_auth.h index 95647e31..84eafec8 100644 --- a/server/providers/krb5/krb5_auth.h +++ b/server/providers/krb5/krb5_auth.h @@ -26,6 +26,7 @@ #ifndef __KRB5_AUTH_H__ #define __KRB5_AUTH_H__ +#include "util/sss_krb5.h" #include "providers/dp_backend.h" #include "providers/krb5/krb5_common.h" diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index e67ff889..319775a2 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -90,19 +90,13 @@ struct krb5_req { char *ccname; }; -#ifdef HAVE_KRB5_GET_ERROR_MESSAGE static krb5_context krb5_error_ctx; static const char *__krb5_error_msg; #define KRB5_DEBUG(level, krb5_error) do { \ - __krb5_error_msg = krb5_get_error_message(krb5_error_ctx, krb5_error); \ + __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ - krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ + sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ } while(0); -#else -#define KRB5_DEBUG(level, krb5_error) do { \ - DEBUG(level, ("%d: kerberos error [%d]\n", __LINE__, krb5_error)); \ -} while(0); -#endif struct response { size_t max_size; @@ -181,20 +175,14 @@ static struct response *prepare_response_message(struct krb5_req *kr, ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg); talloc_zfree(msg); } else { -#ifdef HAVE_KRB5_GET_ERROR_MESSAGE - krb5_msg = krb5_get_error_message(krb5_error_ctx, kerr); + krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); if (krb5_msg == NULL) { - DEBUG(1, ("krb5_get_error_message failed.\n")); + DEBUG(1, ("sss_krb5_get_error_message failed.\n")); return NULL; } ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, krb5_msg); - krb5_free_error_message(krb5_error_ctx, krb5_msg); -#else - msg = talloc_asprintf(kr, "Kerberos error [%d]", kerr); - ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, msg); - talloc_zfree(msg); -#endif + sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); } if (ret != EOK) { @@ -536,11 +524,7 @@ static int krb5_cleanup(void *ptr) if (kr == NULL) return EOK; if (kr->options != NULL) { -#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC - krb5_get_init_creds_opt_free(kr->ctx, kr->options); -#else - free(kr->options); -#endif + sss_krb5_get_init_creds_opt_free(kr->ctx, kr->options); } if (kr->creds != NULL) { @@ -639,21 +623,11 @@ static int krb5_setup(struct pam_data *pd, const char *user_princ_str, goto failed; } -#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC - kerr = krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); + kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); if (kerr != 0) { KRB5_DEBUG(1, kerr); goto failed; } -#else - kr->options = calloc(1, sizeof(krb5_get_init_creds_opt)); - if (kr->options == NULL) { - DEBUG(1, ("calloc failed.\n")); - kerr = ENOMEM; - goto failed; - } - krb5_get_init_creds_opt_init(&kr->options); -#endif /* TODO: set options, e.g. * krb5_get_init_creds_opt_set_tkt_life diff --git a/server/providers/krb5/krb5_common.h b/server/providers/krb5/krb5_common.h index 5d784a55..60f6a82f 100644 --- a/server/providers/krb5/krb5_common.h +++ b/server/providers/krb5/krb5_common.h @@ -28,14 +28,10 @@ #include "config.h" #include <stdbool.h> -#ifdef HAVE_KRB5_KRB5_H -#include <krb5/krb5.h> -#else -#include <krb5.h> -#endif #include "providers/dp_backend.h" #include "util/util.h" +#include "util/sss_krb5.h" #define SSSD_KRB5_KDC "SSSD_KRB5_KDC" #define SSSD_KRB5_REALM "SSSD_KRB5_REALM" diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c index dfdd267e..bce25419 100644 --- a/server/providers/ldap/sdap_async.c +++ b/server/providers/ldap/sdap_async.c @@ -20,11 +20,11 @@ */ #include <ctype.h> #include <sasl/sasl.h> -#include <krb5/krb5.h> #include "db/sysdb.h" #include "providers/ldap/sdap_async.h" #include "util/util.h" +#include "util/sss_krb5.h" #define REALM_SEPARATOR '@' @@ -991,7 +991,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_get_default_realm(context, &realm_name); if (krberr) { DEBUG(2, ("Failed to get default realm name: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1032,7 +1032,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_parse_name(context, full_princ, &kprinc); if (krberr) { DEBUG(2, ("Unable to build principal: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1044,7 +1044,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, } if (krberr) { DEBUG(2, ("Failed to read keytab file: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1065,7 +1065,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_cc_resolve(context, ccname, &ccache); if (krberr) { DEBUG(2, ("Failed to set cache name: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1084,7 +1084,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, if (krberr) { DEBUG(2, ("Failed to init credentials: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1092,7 +1092,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_cc_initialize(context, ccache, kprinc); if (krberr) { DEBUG(2, ("Failed to init ccache: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1100,7 +1100,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_cc_store_cred(context, ccache, &my_creds); if (krberr) { DEBUG(2, ("Failed to store creds: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } |