diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/Makefile.am | 8 | ||||
-rw-r--r-- | server/providers/krb5/krb5_auth.h | 1 | ||||
-rw-r--r-- | server/providers/krb5/krb5_child.c | 40 | ||||
-rw-r--r-- | server/providers/krb5/krb5_common.h | 6 | ||||
-rw-r--r-- | server/providers/ldap/sdap_async.c | 16 | ||||
-rw-r--r-- | server/util/sss_krb5.c | 92 | ||||
-rw-r--r-- | server/util/sss_krb5.h | 45 |
7 files changed, 160 insertions, 48 deletions
diff --git a/server/Makefile.am b/server/Makefile.am index 81223f48..2173b171 100644 --- a/server/Makefile.am +++ b/server/Makefile.am @@ -247,6 +247,7 @@ dist_noinst_HEADERS = \ util/util.h \ util/strtonum.h \ util/sss_ldap.h \ + util/sss_krb5.h \ config.h \ monitor/monitor.h \ monitor/monitor_interfaces.h \ @@ -469,7 +470,8 @@ libsss_ldap_la_SOURCES = \ providers/ldap/ldap_common.c \ providers/ldap/sdap_async.c \ providers/ldap/sdap.c \ - util/sss_ldap.c + util/sss_ldap.c \ + util/sss_krb5.c libsss_ldap_la_CFLAGS = \ $(AM_CFLAGS) \ $(LDAP_CFLAGS) \ @@ -514,6 +516,7 @@ libsss_ipa_la_SOURCES = \ providers/ldap/sdap_async.c \ providers/ldap/sdap.c \ util/sss_ldap.c \ + util/sss_krb5.c \ providers/krb5/krb5_utils.c \ providers/krb5/krb5_common.c \ providers/krb5/krb5_auth.c @@ -530,7 +533,8 @@ libsss_ipa_la_LDFLAGS = \ krb5_child_SOURCES = \ $(SSSD_DEBUG_OBJ) \ - providers/krb5/krb5_child.c + providers/krb5/krb5_child.c \ + util/sss_krb5.c krb5_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ diff --git a/server/providers/krb5/krb5_auth.h b/server/providers/krb5/krb5_auth.h index 95647e31..84eafec8 100644 --- a/server/providers/krb5/krb5_auth.h +++ b/server/providers/krb5/krb5_auth.h @@ -26,6 +26,7 @@ #ifndef __KRB5_AUTH_H__ #define __KRB5_AUTH_H__ +#include "util/sss_krb5.h" #include "providers/dp_backend.h" #include "providers/krb5/krb5_common.h" diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c index e67ff889..319775a2 100644 --- a/server/providers/krb5/krb5_child.c +++ b/server/providers/krb5/krb5_child.c @@ -90,19 +90,13 @@ struct krb5_req { char *ccname; }; -#ifdef HAVE_KRB5_GET_ERROR_MESSAGE static krb5_context krb5_error_ctx; static const char *__krb5_error_msg; #define KRB5_DEBUG(level, krb5_error) do { \ - __krb5_error_msg = krb5_get_error_message(krb5_error_ctx, krb5_error); \ + __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ - krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ + sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ } while(0); -#else -#define KRB5_DEBUG(level, krb5_error) do { \ - DEBUG(level, ("%d: kerberos error [%d]\n", __LINE__, krb5_error)); \ -} while(0); -#endif struct response { size_t max_size; @@ -181,20 +175,14 @@ static struct response *prepare_response_message(struct krb5_req *kr, ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg); talloc_zfree(msg); } else { -#ifdef HAVE_KRB5_GET_ERROR_MESSAGE - krb5_msg = krb5_get_error_message(krb5_error_ctx, kerr); + krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); if (krb5_msg == NULL) { - DEBUG(1, ("krb5_get_error_message failed.\n")); + DEBUG(1, ("sss_krb5_get_error_message failed.\n")); return NULL; } ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, krb5_msg); - krb5_free_error_message(krb5_error_ctx, krb5_msg); -#else - msg = talloc_asprintf(kr, "Kerberos error [%d]", kerr); - ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, msg); - talloc_zfree(msg); -#endif + sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); } if (ret != EOK) { @@ -536,11 +524,7 @@ static int krb5_cleanup(void *ptr) if (kr == NULL) return EOK; if (kr->options != NULL) { -#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC - krb5_get_init_creds_opt_free(kr->ctx, kr->options); -#else - free(kr->options); -#endif + sss_krb5_get_init_creds_opt_free(kr->ctx, kr->options); } if (kr->creds != NULL) { @@ -639,21 +623,11 @@ static int krb5_setup(struct pam_data *pd, const char *user_princ_str, goto failed; } -#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC - kerr = krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); + kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); if (kerr != 0) { KRB5_DEBUG(1, kerr); goto failed; } -#else - kr->options = calloc(1, sizeof(krb5_get_init_creds_opt)); - if (kr->options == NULL) { - DEBUG(1, ("calloc failed.\n")); - kerr = ENOMEM; - goto failed; - } - krb5_get_init_creds_opt_init(&kr->options); -#endif /* TODO: set options, e.g. * krb5_get_init_creds_opt_set_tkt_life diff --git a/server/providers/krb5/krb5_common.h b/server/providers/krb5/krb5_common.h index 5d784a55..60f6a82f 100644 --- a/server/providers/krb5/krb5_common.h +++ b/server/providers/krb5/krb5_common.h @@ -28,14 +28,10 @@ #include "config.h" #include <stdbool.h> -#ifdef HAVE_KRB5_KRB5_H -#include <krb5/krb5.h> -#else -#include <krb5.h> -#endif #include "providers/dp_backend.h" #include "util/util.h" +#include "util/sss_krb5.h" #define SSSD_KRB5_KDC "SSSD_KRB5_KDC" #define SSSD_KRB5_REALM "SSSD_KRB5_REALM" diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c index dfdd267e..bce25419 100644 --- a/server/providers/ldap/sdap_async.c +++ b/server/providers/ldap/sdap_async.c @@ -20,11 +20,11 @@ */ #include <ctype.h> #include <sasl/sasl.h> -#include <krb5/krb5.h> #include "db/sysdb.h" #include "providers/ldap/sdap_async.h" #include "util/util.h" +#include "util/sss_krb5.h" #define REALM_SEPARATOR '@' @@ -991,7 +991,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_get_default_realm(context, &realm_name); if (krberr) { DEBUG(2, ("Failed to get default realm name: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1032,7 +1032,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_parse_name(context, full_princ, &kprinc); if (krberr) { DEBUG(2, ("Unable to build principal: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1044,7 +1044,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, } if (krberr) { DEBUG(2, ("Failed to read keytab file: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1065,7 +1065,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_cc_resolve(context, ccname, &ccache); if (krberr) { DEBUG(2, ("Failed to set cache name: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1084,7 +1084,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, if (krberr) { DEBUG(2, ("Failed to init credentials: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1092,7 +1092,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_cc_initialize(context, ccache, kprinc); if (krberr) { DEBUG(2, ("Failed to init ccache: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } @@ -1100,7 +1100,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx, krberr = krb5_cc_store_cred(context, ccache, &my_creds); if (krberr) { DEBUG(2, ("Failed to store creds: %s\n", - krb5_get_error_message(context, krberr))); + sss_krb5_get_error_message(context, krberr))); ret = EFAULT; goto done; } diff --git a/server/util/sss_krb5.c b/server/util/sss_krb5.c new file mode 100644 index 00000000..59e278ed --- /dev/null +++ b/server/util/sss_krb5.c @@ -0,0 +1,92 @@ +/* + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2009 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ +#include <stdio.h> +#include <errno.h> + +#include "config.h" + +#include "util/sss_krb5.h" + + + +const char *KRB5_CALLCONV sss_krb5_get_error_message(krb5_context ctx, + krb5_error_code ec) +{ +#ifdef HAVE_KRB5_GET_ERROR_MESSAGE + return krb5_get_error_message(ctx, ec); +#else + int ret; + char *s = NULL; + int size = sizeof("Kerberos error [XXXXXXXXXXXX]"); + + s = malloc(sizeof(char) * (size)); + if (s == NULL) { + return NULL; + } + + ret = snprintf(s, size, "Kerberos error [%12d]", ec); + + if (ret < 0 || ret >= size) { + return NULL; + } + + return s; +#endif +} + +void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s) +{ +#ifdef HAVE_KRB5_GET_ERROR_MESSAGE + krb5_free_error_message(ctx, s); +#else + free(s); +#endif + + return; +} + +krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc( + krb5_context context, + krb5_get_init_creds_opt **opt) +{ +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC + return krb5_get_init_creds_opt_alloc(context, opt); +#else + *opt = calloc(1, sizeof(krb5_get_init_creds_opt)); + if (*opt == NULL) { + return ENOMEM; + } + krb5_get_init_creds_opt_init(*opt); + + return 0; +#endif +} + +void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, + krb5_get_init_creds_opt *opt) +{ +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC + krb5_get_init_creds_opt_free(context, opt); +#else + free(opt); +#endif + + return; +} diff --git a/server/util/sss_krb5.h b/server/util/sss_krb5.h new file mode 100644 index 00000000..755cf816 --- /dev/null +++ b/server/util/sss_krb5.h @@ -0,0 +1,45 @@ +/* + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (C) 2009 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef __SSS_KRB5_H__ +#define __SSS_KRB5_H__ + +#include "config.h" + +#include <stdbool.h> + +#ifdef HAVE_KRB5_KRB5_H +#include <krb5/krb5.h> +#else +#include <krb5.h> +#endif + +const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, + krb5_error_code); + +void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context, const char *); + +krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc( + krb5_context context, + krb5_get_init_creds_opt **opt); + +void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, + krb5_get_init_creds_opt *opt); +#endif /* __SSS_KRB5_H__ */ |