From a2cabe1873c4d01c18ef6617b6b1f10a0ce3560e Mon Sep 17 00:00:00 2001 From: eindenbom Date: Fri, 2 Jul 2010 18:38:48 +0400 Subject: GSSAPI ticket expiry time is returned from ldap_child and stored in sdap_handle for future reference. --- src/providers/ldap/ldap_child.c | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) (limited to 'src/providers/ldap/ldap_child.c') diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 3369d709..19162e92 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -94,13 +94,13 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, return EOK; } -static int pack_buffer(struct response *r, int result, const char *msg) +static int pack_buffer(struct response *r, int result, const char *msg, time_t expire_time) { int len; size_t p = 0; len = strlen(msg); - r->size = 2 * sizeof(uint32_t) + len; + r->size = 2 * sizeof(uint32_t) + len + sizeof(time_t); r->buf = talloc_array(r, uint8_t, r->size); if(!r->buf) { @@ -116,6 +116,9 @@ static int pack_buffer(struct response *r, int result, const char *msg) /* message itself */ safealign_memcpy(&r->buf[p], msg, len, &p); + /* ticket expiration time */ + safealign_memcpy(&r->buf[p], &expire_time, sizeof(expire_time), &p); + return EOK; } @@ -124,7 +127,8 @@ static int ldap_child_get_tgt_sync(TALLOC_CTX *memctx, const char *princ_str, const char *keytab_name, const krb5_deltat lifetime, - const char **ccname_out) + const char **ccname_out, + time_t *expire_time_out) { char *ccname; char *realm_name = NULL; @@ -136,6 +140,8 @@ static int ldap_child_get_tgt_sync(TALLOC_CTX *memctx, krb5_creds my_creds; krb5_get_init_creds_opt options; krb5_error_code krberr; + krb5_timestamp kdc_time_offset; + int kdc_time_offset_usec; int ret; krberr = krb5_init_context(&context); @@ -254,8 +260,20 @@ static int ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } + krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); + if (krberr) { + DEBUG(2, ("Failed to get KDC time offset: %s\n", + sss_krb5_get_error_message(context, krberr))); + kdc_time_offset = 0; + } else { + if (kdc_time_offset_usec > 0) { + kdc_time_offset++; + } + } + ret = EOK; *ccname_out = ccname; + *expire_time_out = my_creds.times.endtime - kdc_time_offset; done: if (keytab) krb5_kt_close(context, keytab); @@ -265,6 +283,7 @@ done: static int prepare_response(TALLOC_CTX *mem_ctx, const char *ccname, + time_t expire_time, krb5_error_code kerr, struct response **rsp) { @@ -279,7 +298,7 @@ static int prepare_response(TALLOC_CTX *mem_ctx, r->size = 0; if (kerr == 0) { - ret = pack_buffer(r, EOK, ccname); + ret = pack_buffer(r, EOK, ccname, expire_time); } else { krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); if (krb5_msg == NULL) { @@ -287,7 +306,7 @@ static int prepare_response(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = pack_buffer(r, EFAULT, krb5_msg); + ret = pack_buffer(r, EFAULT, krb5_msg, 0); sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); } @@ -311,6 +330,7 @@ int main(int argc, const char *argv[]) uint8_t *buf = NULL; ssize_t len = 0; const char *ccname = NULL; + time_t expire_time = 0; struct input_buffer *ibuf = NULL; struct response *resp = NULL; size_t written; @@ -397,13 +417,14 @@ int main(int argc, const char *argv[]) kerr = ldap_child_get_tgt_sync(main_ctx, ibuf->realm_str, ibuf->princ_str, - ibuf->keytab_name, ibuf->lifetime, &ccname); + ibuf->keytab_name, ibuf->lifetime, + &ccname, &expire_time); if (kerr != EOK) { DEBUG(1, ("ldap_child_get_tgt_sync failed.\n")); /* Do not return, must report failure */ } - ret = prepare_response(main_ctx, ccname, kerr, &resp); + ret = prepare_response(main_ctx, ccname, expire_time, kerr, &resp); if (ret != EOK) { DEBUG(1, ("prepare_response failed. [%d][%s].\n", ret, strerror(ret))); return ENOMEM; -- cgit