From f674270b1068e4ad51c80dcd528ae996a4fe99ef Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 17 May 2012 13:49:30 +0200 Subject: Residual util functions Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc. --- src/util/sss_krb5.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/util/sss_krb5.h | 16 ++++++++++ 2 files changed, 102 insertions(+) (limited to 'src') diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 81a1623e..5bc1140d 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -1124,3 +1124,89 @@ sss_krb5_read_etypes_for_keytab(TALLOC_CTX *mem_ctx, talloc_free(tmp_ctx); return ret; } + +#define SSS_KRB5_FILE "FILE:" +#define SSS_KRB5_DIR "DIR:" + +enum sss_krb5_cc_type +sss_krb5_get_type(const char *full_location) +{ + if (!full_location) { + return SSS_KRB5_TYPE_UNKNOWN; + } + + if (strncmp(full_location, SSS_KRB5_FILE, + sizeof(SSS_KRB5_FILE)-1) == 0) { + return SSS_KRB5_TYPE_FILE; + } else if (strncmp(full_location, SSS_KRB5_DIR, + sizeof(SSS_KRB5_DIR)-1) == 0) { + return SSS_KRB5_TYPE_DIR; + } else if (full_location[0] == '/') { + return SSS_KRB5_TYPE_FILE; + } + + return SSS_KRB5_TYPE_UNKNOWN; +} + +const char * +sss_krb5_residual_by_type(const char *full_location, + enum sss_krb5_cc_type type) +{ + size_t offset; + + if (full_location == NULL) return NULL; + + switch (type) { + case SSS_KRB5_TYPE_FILE: + if (full_location[0] == '/') { + offset = 0; + } else { + offset = sizeof(SSS_KRB5_FILE)-1; + } + break; + case SSS_KRB5_TYPE_DIR: + offset = sizeof(SSS_KRB5_DIR)-1; + break; + default: + return NULL; + } + + return full_location + offset; +} + +const char * +sss_krb5_cc_file_path(const char *full_location) +{ + enum sss_krb5_cc_type cc_type; + const char *residual; + + cc_type = sss_krb5_get_type(full_location); + residual = sss_krb5_residual_by_type(full_location, cc_type); + + switch(cc_type) { + case SSS_KRB5_TYPE_FILE: + return residual; + case SSS_KRB5_TYPE_DIR: + /* DIR::/run/user/tkt_foo */ + if (residual[0] == ':') return residual+1; + case SSS_KRB5_TYPE_UNKNOWN: + break; + } + + return NULL; +} + +const char * +sss_krb5_residual_check_type(const char *full_location, + enum sss_krb5_cc_type expected_type) +{ + enum sss_krb5_cc_type type; + + type = sss_krb5_get_type(full_location); + if (type != expected_type) { + DEBUG(SSSDBG_OP_FAILURE, ("Unexpected ccache type\n")); + return NULL; + } + + return sss_krb5_residual_by_type(full_location, type); +} diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 12412585..bba2a7ed 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -122,6 +122,22 @@ sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal void sss_krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opts, int canonicalize); +enum sss_krb5_cc_type { + SSS_KRB5_TYPE_FILE, + SSS_KRB5_TYPE_DIR, + SSS_KRB5_TYPE_UNKNOWN +}; + +enum sss_krb5_cc_type +sss_krb5_get_type(const char *full_location); +const char * +sss_krb5_residual_by_type(const char *full_location, enum sss_krb5_cc_type type); +const char * +sss_krb5_cc_file_path(const char *full_location); +const char * +sss_krb5_residual_check_type(const char *full_location, + enum sss_krb5_cc_type expected_type); + /* === Compatibility routines for the Heimdal Kerberos implementation === */ void sss_krb5_princ_realm(krb5_context context, krb5_const_principal princ, -- cgit