diff options
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/krb5/krb5_child.c | 10 | ||||
| -rw-r--r-- | src/providers/krb5/krb5_utils.c | 10 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_child.c | 5 |
3 files changed, 17 insertions, 8 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 297e3a76..c83179b4 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -530,7 +530,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) break; } - kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry); + kerr = sss_krb5_free_keytab_entry_contents(kr->ctx, &entry); if (kerr != 0) { DEBUG(1, ("Failed to free keytab entry.\n")); } @@ -578,7 +578,7 @@ done: if (krb5_kt_close(kr->ctx, keytab) != 0) { DEBUG(1, ("krb5_kt_close failed")); } - if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { + if (sss_krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { DEBUG(1, ("Failed to free keytab entry.\n")); } if (principal != NULL) { @@ -1194,7 +1194,7 @@ static int krb5_cleanup(void *ptr) static krb5_error_code get_tgt_times(krb5_context ctx, const char *ccname, krb5_principal server_principal, krb5_principal client_principal, - krb5_ticket_times *tgtt) + sss_krb5_ticket_times *tgtt) { krb5_error_code krberr; krb5_ccache ccache = NULL; @@ -1247,7 +1247,7 @@ static krb5_error_code check_fast_ccache(krb5_context ctx, const char *primary, krb5_error_code kerr; char *ccname; char *server_name; - krb5_ticket_times tgtt; + sss_krb5_ticket_times tgtt; krb5_keytab keytab = NULL; krb5_principal client_princ = NULL; krb5_principal server_princ = NULL; @@ -1420,6 +1420,7 @@ static int krb5_child_setup(struct krb5_req *kr, uint32_t offline) goto failed; } +#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_CHANGE_PASSWORD_PROMPT /* A prompter is used to catch messages about when a password will * expired. The library shall not use the prompter to ask for a new password * but shall return KRB5KDC_ERR_KEY_EXP. */ @@ -1428,6 +1429,7 @@ static int krb5_child_setup(struct krb5_req *kr, uint32_t offline) KRB5_DEBUG(1, kerr); goto failed; } +#endif lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); if (lifetime_str == NULL) { diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c index 2957598c..c97d58e7 100644 --- a/src/providers/krb5/krb5_utils.c +++ b/src/providers/krb5/krb5_utils.c @@ -431,6 +431,8 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, char *server_name; krb5_creds mcred; krb5_creds cred; + const char *realm_name; + int realm_length; kerr = krb5_init_context(&ctx); if (kerr != 0) { @@ -444,11 +446,11 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, goto done; } + sss_krb5_princ_realm(ctx, client_princ, &realm_name, &realm_length); + server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", - krb5_princ_realm(ctx, client_princ)->length, - krb5_princ_realm(ctx, client_princ)->data, - krb5_princ_realm(ctx, client_princ)->length, - krb5_princ_realm(ctx, client_princ)->data); + realm_length, realm_name, + realm_length, realm_name); if (server_name == NULL) { kerr = KRB5_CC_NOMEM; DEBUG(1, ("talloc_asprintf failed.\n")); diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 160cc1ce..05aadde9 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -287,6 +287,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } +#ifdef HAVE_KRB5_GET_TIME_OFFSETS krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); if (krberr) { DEBUG(2, ("Failed to get KDC time offset: %s\n", @@ -297,6 +298,10 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, kdc_time_offset++; } } +#else + /* If we don't have this function, just assume no offset */ + kdc_time_offset = 0; +#endif krberr = 0; *ccname_out = ccname; |