krb5_error_code KRB5_CALLCONV
krb5_copy_context(krb5_context ctx, krb5_context *nctx_out)
{
krb5_error_code ret;
krb5_context nctx;
*nctx_out = NULL;
if (ctx == NULL)
return EINVAL; /* XXX */
nctx = malloc(sizeof(*nctx));
if (nctx == NULL)
return ENOMEM;
*nctx = *ctx;
nctx->in_tkt_etypes = NULL;
nctx->tgs_etypes = NULL;
nctx->default_realm = NULL;
nctx->profile = NULL;
nctx->dal_handle = NULL;
nctx->ser_ctx_count = 0;
nctx->ser_ctx = NULL;
nctx->prompt_types = NULL;
nctx->os_context.default_ccname = NULL;
memset(&nctx->libkrb5_plugins, 0, sizeof(nctx->libkrb5_plugins));
nctx->vtbl = NULL;
nctx->locate_fptrs = NULL;
memset(&nctx->err, 0, sizeof(nctx->err));
ret = k5_copy_etypes(ctx->in_tkt_etypes, &nctx->in_tkt_etypes);
if (ret)
goto errout;
ret = k5_copy_etypes(ctx->tgs_etypes, &nctx->tgs_etypes);
if (ret)
goto errout;
if (ctx->os_context.default_ccname != NULL) {
nctx->os_context.default_ccname =
strdup(ctx->os_context.default_ccname);
if (nctx->os_context.default_ccname == NULL) {
ret = ENOMEM;
goto errout;
}
}
ret = krb5_get_profile(ctx, &nctx->profile);
if (ret)
goto errout;
errout:
if (ret) {
krb5_free_context(nctx);
} else {
*nctx_out = nctx;
}
return ret;
}
bool sss_krb5_realm_has_proxy(const char *realm)
{
krb5_context context = NULL;
krb5_error_code kerr;
struct _profile_t *profile = NULL;
const char *profile_path[4] = {"realms", NULL, "kdc", NULL};
char **list = NULL;
bool res = false;
size_t c;
if (realm == NULL) {
return false;
}
kerr = krb5_init_context(&context);
if (kerr != 0) {
DEBUG(SSSDBG_OP_FAILURE, "krb5_init_context failed.\n");
return false;
}
kerr = krb5_get_profile(context, &profile);
if (kerr != 0) {
DEBUG(SSSDBG_OP_FAILURE, "krb5_get_profile failed.\n");
goto done;
}
profile_path[1] = realm;
kerr = profile_get_values(profile, profile_path, &list);
if (kerr == PROF_NO_RELATION || kerr == PROF_NO_SECTION) {
kerr = 0;
goto done;
} else if (kerr != 0) {
DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n");
goto done;
}
for (c = 0; list[c] != NULL; c++) {
if (strncasecmp(KDC_PROXY_INDICATOR, list[c],
KDC_PROXY_INDICATOR_LEN) == 0) {
DEBUG(SSSDBG_TRACE_ALL,
"Found KDC Proxy indicator [%s] in [%s].\n",
KDC_PROXY_INDICATOR, list[c]);
res = true;
break;
}
}
done:
profile_free_list(list);
profile_release(profile);
krb5_free_context(context);
return res;
}
