summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/Makefile.am8
-rw-r--r--server/providers/krb5/krb5_auth.h1
-rw-r--r--server/providers/krb5/krb5_child.c40
-rw-r--r--server/providers/krb5/krb5_common.h6
-rw-r--r--server/providers/ldap/sdap_async.c16
-rw-r--r--server/util/sss_krb5.c92
-rw-r--r--server/util/sss_krb5.h45
7 files changed, 160 insertions, 48 deletions
diff --git a/server/Makefile.am b/server/Makefile.am
index 81223f48..2173b171 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -247,6 +247,7 @@ dist_noinst_HEADERS = \
util/util.h \
util/strtonum.h \
util/sss_ldap.h \
+ util/sss_krb5.h \
config.h \
monitor/monitor.h \
monitor/monitor_interfaces.h \
@@ -469,7 +470,8 @@ libsss_ldap_la_SOURCES = \
providers/ldap/ldap_common.c \
providers/ldap/sdap_async.c \
providers/ldap/sdap.c \
- util/sss_ldap.c
+ util/sss_ldap.c \
+ util/sss_krb5.c
libsss_ldap_la_CFLAGS = \
$(AM_CFLAGS) \
$(LDAP_CFLAGS) \
@@ -514,6 +516,7 @@ libsss_ipa_la_SOURCES = \
providers/ldap/sdap_async.c \
providers/ldap/sdap.c \
util/sss_ldap.c \
+ util/sss_krb5.c \
providers/krb5/krb5_utils.c \
providers/krb5/krb5_common.c \
providers/krb5/krb5_auth.c
@@ -530,7 +533,8 @@ libsss_ipa_la_LDFLAGS = \
krb5_child_SOURCES = \
$(SSSD_DEBUG_OBJ) \
- providers/krb5/krb5_child.c
+ providers/krb5/krb5_child.c \
+ util/sss_krb5.c
krb5_child_CFLAGS = \
$(AM_CFLAGS) \
$(POPT_CFLAGS) \
diff --git a/server/providers/krb5/krb5_auth.h b/server/providers/krb5/krb5_auth.h
index 95647e31..84eafec8 100644
--- a/server/providers/krb5/krb5_auth.h
+++ b/server/providers/krb5/krb5_auth.h
@@ -26,6 +26,7 @@
#ifndef __KRB5_AUTH_H__
#define __KRB5_AUTH_H__
+#include "util/sss_krb5.h"
#include "providers/dp_backend.h"
#include "providers/krb5/krb5_common.h"
diff --git a/server/providers/krb5/krb5_child.c b/server/providers/krb5/krb5_child.c
index e67ff889..319775a2 100644
--- a/server/providers/krb5/krb5_child.c
+++ b/server/providers/krb5/krb5_child.c
@@ -90,19 +90,13 @@ struct krb5_req {
char *ccname;
};
-#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
static krb5_context krb5_error_ctx;
static const char *__krb5_error_msg;
#define KRB5_DEBUG(level, krb5_error) do { \
- __krb5_error_msg = krb5_get_error_message(krb5_error_ctx, krb5_error); \
+ __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \
DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \
- krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
+ sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
} while(0);
-#else
-#define KRB5_DEBUG(level, krb5_error) do { \
- DEBUG(level, ("%d: kerberos error [%d]\n", __LINE__, krb5_error)); \
-} while(0);
-#endif
struct response {
size_t max_size;
@@ -181,20 +175,14 @@ static struct response *prepare_response_message(struct krb5_req *kr,
ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg);
talloc_zfree(msg);
} else {
-#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
- krb5_msg = krb5_get_error_message(krb5_error_ctx, kerr);
+ krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr);
if (krb5_msg == NULL) {
- DEBUG(1, ("krb5_get_error_message failed.\n"));
+ DEBUG(1, ("sss_krb5_get_error_message failed.\n"));
return NULL;
}
ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, krb5_msg);
- krb5_free_error_message(krb5_error_ctx, krb5_msg);
-#else
- msg = talloc_asprintf(kr, "Kerberos error [%d]", kerr);
- ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, msg);
- talloc_zfree(msg);
-#endif
+ sss_krb5_free_error_message(krb5_error_ctx, krb5_msg);
}
if (ret != EOK) {
@@ -536,11 +524,7 @@ static int krb5_cleanup(void *ptr)
if (kr == NULL) return EOK;
if (kr->options != NULL) {
-#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
- krb5_get_init_creds_opt_free(kr->ctx, kr->options);
-#else
- free(kr->options);
-#endif
+ sss_krb5_get_init_creds_opt_free(kr->ctx, kr->options);
}
if (kr->creds != NULL) {
@@ -639,21 +623,11 @@ static int krb5_setup(struct pam_data *pd, const char *user_princ_str,
goto failed;
}
-#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
- kerr = krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
+ kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
if (kerr != 0) {
KRB5_DEBUG(1, kerr);
goto failed;
}
-#else
- kr->options = calloc(1, sizeof(krb5_get_init_creds_opt));
- if (kr->options == NULL) {
- DEBUG(1, ("calloc failed.\n"));
- kerr = ENOMEM;
- goto failed;
- }
- krb5_get_init_creds_opt_init(&kr->options);
-#endif
/* TODO: set options, e.g.
* krb5_get_init_creds_opt_set_tkt_life
diff --git a/server/providers/krb5/krb5_common.h b/server/providers/krb5/krb5_common.h
index 5d784a55..60f6a82f 100644
--- a/server/providers/krb5/krb5_common.h
+++ b/server/providers/krb5/krb5_common.h
@@ -28,14 +28,10 @@
#include "config.h"
#include <stdbool.h>
-#ifdef HAVE_KRB5_KRB5_H
-#include <krb5/krb5.h>
-#else
-#include <krb5.h>
-#endif
#include "providers/dp_backend.h"
#include "util/util.h"
+#include "util/sss_krb5.h"
#define SSSD_KRB5_KDC "SSSD_KRB5_KDC"
#define SSSD_KRB5_REALM "SSSD_KRB5_REALM"
diff --git a/server/providers/ldap/sdap_async.c b/server/providers/ldap/sdap_async.c
index dfdd267e..bce25419 100644
--- a/server/providers/ldap/sdap_async.c
+++ b/server/providers/ldap/sdap_async.c
@@ -20,11 +20,11 @@
*/
#include <ctype.h>
#include <sasl/sasl.h>
-#include <krb5/krb5.h>
#include "db/sysdb.h"
#include "providers/ldap/sdap_async.h"
#include "util/util.h"
+#include "util/sss_krb5.h"
#define REALM_SEPARATOR '@'
@@ -991,7 +991,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_get_default_realm(context, &realm_name);
if (krberr) {
DEBUG(2, ("Failed to get default realm name: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1032,7 +1032,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_parse_name(context, full_princ, &kprinc);
if (krberr) {
DEBUG(2, ("Unable to build principal: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1044,7 +1044,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
}
if (krberr) {
DEBUG(2, ("Failed to read keytab file: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1065,7 +1065,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_cc_resolve(context, ccname, &ccache);
if (krberr) {
DEBUG(2, ("Failed to set cache name: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1084,7 +1084,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
if (krberr) {
DEBUG(2, ("Failed to init credentials: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1092,7 +1092,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_cc_initialize(context, ccache, kprinc);
if (krberr) {
DEBUG(2, ("Failed to init ccache: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
@@ -1100,7 +1100,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
krberr = krb5_cc_store_cred(context, ccache, &my_creds);
if (krberr) {
DEBUG(2, ("Failed to store creds: %s\n",
- krb5_get_error_message(context, krberr)));
+ sss_krb5_get_error_message(context, krberr)));
ret = EFAULT;
goto done;
}
diff --git a/server/util/sss_krb5.c b/server/util/sss_krb5.c
new file mode 100644
index 00000000..59e278ed
--- /dev/null
+++ b/server/util/sss_krb5.c
@@ -0,0 +1,92 @@
+/*
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2009 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#include <stdio.h>
+#include <errno.h>
+
+#include "config.h"
+
+#include "util/sss_krb5.h"
+
+
+
+const char *KRB5_CALLCONV sss_krb5_get_error_message(krb5_context ctx,
+ krb5_error_code ec)
+{
+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
+ return krb5_get_error_message(ctx, ec);
+#else
+ int ret;
+ char *s = NULL;
+ int size = sizeof("Kerberos error [XXXXXXXXXXXX]");
+
+ s = malloc(sizeof(char) * (size));
+ if (s == NULL) {
+ return NULL;
+ }
+
+ ret = snprintf(s, size, "Kerberos error [%12d]", ec);
+
+ if (ret < 0 || ret >= size) {
+ return NULL;
+ }
+
+ return s;
+#endif
+}
+
+void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s)
+{
+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
+ krb5_free_error_message(ctx, s);
+#else
+ free(s);
+#endif
+
+ return;
+}
+
+krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc(
+ krb5_context context,
+ krb5_get_init_creds_opt **opt)
+{
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+ return krb5_get_init_creds_opt_alloc(context, opt);
+#else
+ *opt = calloc(1, sizeof(krb5_get_init_creds_opt));
+ if (*opt == NULL) {
+ return ENOMEM;
+ }
+ krb5_get_init_creds_opt_init(*opt);
+
+ return 0;
+#endif
+}
+
+void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
+ krb5_get_init_creds_opt *opt)
+{
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+ krb5_get_init_creds_opt_free(context, opt);
+#else
+ free(opt);
+#endif
+
+ return;
+}
diff --git a/server/util/sss_krb5.h b/server/util/sss_krb5.h
new file mode 100644
index 00000000..755cf816
--- /dev/null
+++ b/server/util/sss_krb5.h
@@ -0,0 +1,45 @@
+/*
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+
+ Copyright (C) 2009 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SSS_KRB5_H__
+#define __SSS_KRB5_H__
+
+#include "config.h"
+
+#include <stdbool.h>
+
+#ifdef HAVE_KRB5_KRB5_H
+#include <krb5/krb5.h>
+#else
+#include <krb5.h>
+#endif
+
+const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context,
+ krb5_error_code);
+
+void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context, const char *);
+
+krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc(
+ krb5_context context,
+ krb5_get_init_creds_opt **opt);
+
+void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
+ krb5_get_init_creds_opt *opt);
+#endif /* __SSS_KRB5_H__ */