const char * sss_krb5_residual_check_type(const char *full_location, enum sss_krb5_cc_type expected_type) { enum sss_krb5_cc_type type; type = sss_krb5_get_type(full_location); if (type != expected_type) { DEBUG(SSSDBG_OP_FAILURE, ("Unexpected ccache type\n")); return NULL; } return sss_krb5_residual_by_type(full_location, type); }
static errno_t safe_remove_old_ccache_file(struct sss_krb5_cc_be *cc_be, const char *princ, const char *old_ccache, const char *new_ccache) { int ret; enum sss_krb5_cc_type old_type; struct sss_krb5_cc_be *old_cc_ops; if (old_ccache == NULL) { DEBUG(SSSDBG_FUNC_DATA, ("No old ccache, nothing to do\n")); return EOK; } if (new_ccache == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing new ccache file, old ccache file is not deleted.\n")); return EINVAL; } old_type = sss_krb5_get_type(old_ccache); old_cc_ops = get_cc_be_ops(old_type); if (!old_cc_ops) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get ccache operations\n")); return EINVAL; } if (cc_be->type == old_type && strcmp(old_ccache, new_ccache) == 0) { DEBUG(SSSDBG_TRACE_FUNC, ("New and old ccache file are the same, " "no one will be deleted.\n")); return EOK; } ret = old_cc_ops->remove(old_ccache); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot remove ccache [%s]\n", old_ccache)); return EIO; } return EOK; }
const char * sss_krb5_cc_file_path(const char *full_location) { enum sss_krb5_cc_type cc_type; const char *residual; cc_type = sss_krb5_get_type(full_location); residual = sss_krb5_residual_by_type(full_location, cc_type); switch(cc_type) { case SSS_KRB5_TYPE_FILE: return residual; #ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: /* DIR::/run/user/tkt_foo */ if (residual[0] == ':') return residual+1; #endif case SSS_KRB5_TYPE_UNKNOWN: break; } return NULL; }
errno_t check_and_export_options(struct dp_option *opts, struct sss_domain_info *dom, struct krb5_ctx *krb5_ctx) { int ret; const char *realm; const char *dummy; char *use_fast_str; char *fast_principal; enum sss_krb5_cc_type cc_be; realm = dp_opt_get_cstring(opts, KRB5_REALM); if (realm == NULL) { ret = dp_opt_set_string(opts, KRB5_REALM, dom->name); if (ret != EOK) { DEBUG(1, ("dp_opt_set_string failed.\n")); return ret; } realm = dom->name; } ret = setenv(SSSD_KRB5_REALM, realm, 1); if (ret != EOK) { DEBUG(2, ("setenv %s failed, authentication might fail.\n", SSSD_KRB5_REALM)); } ret = check_and_export_lifetime(opts, KRB5_RENEWABLE_LIFETIME, SSSD_KRB5_RENEWABLE_LIFETIME); if (ret != EOK) { DEBUG(1, ("Failed to check value of krb5_renewable_lifetime. [%d][%s]\n", ret, strerror(ret))); return ret; } ret = check_and_export_lifetime(opts, KRB5_LIFETIME, SSSD_KRB5_LIFETIME); if (ret != EOK) { DEBUG(1, ("Failed to check value of krb5_lifetime. [%d][%s]\n", ret, strerror(ret))); return ret; } use_fast_str = dp_opt_get_string(opts, KRB5_USE_FAST); if (use_fast_str != NULL) { ret = check_fast(use_fast_str, &krb5_ctx->use_fast); if (ret != EOK) { DEBUG(1, ("check_fast failed.\n")); return ret; } if (krb5_ctx->use_fast) { ret = setenv(SSSD_KRB5_USE_FAST, use_fast_str, 1); if (ret != EOK) { DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_USE_FAST)); } else { fast_principal = dp_opt_get_string(opts, KRB5_FAST_PRINCIPAL); if (fast_principal != NULL) { ret = setenv(SSSD_KRB5_FAST_PRINCIPAL, fast_principal, 1); if (ret != EOK) { DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_FAST_PRINCIPAL)); } } } } } if (dp_opt_get_bool(opts, KRB5_CANONICALIZE)) { ret = setenv(SSSD_KRB5_CANONICALIZE, "true", 1); } else { ret = setenv(SSSD_KRB5_CANONICALIZE, "false", 1); } if (ret != EOK) { DEBUG(2, ("setenv [%s] failed.\n", SSSD_KRB5_CANONICALIZE)); } dummy = dp_opt_get_cstring(opts, KRB5_KDC); if (dummy == NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("No KDC explicitly configured, using defaults.\n")); } dummy = dp_opt_get_cstring(opts, KRB5_KPASSWD); if (dummy == NULL) { DEBUG(SSSDBG_CONF_SETTINGS, ("No kpasswd server explicitly configured, " "using the KDC or defaults.\n")); } dummy = dp_opt_get_cstring(opts, KRB5_CCNAME_TMPL); if (dummy == NULL) { DEBUG(1, ("Missing credential cache name template.\n")); return EINVAL; } cc_be = sss_krb5_get_type(dummy); switch (cc_be) { case SSS_KRB5_TYPE_FILE: DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type FILE\n")); krb5_ctx->cc_be = &file_cc; if (dummy[0] != '/') { /* FILE:/path/to/cc */ break; } DEBUG(SSSDBG_CONF_SETTINGS, ("The ccname template was " "missing an explicit type, but is an absolute " "path specifier. Assuming FILE:\n")); dummy = talloc_asprintf(opts, "FILE:%s", dummy); if (!dummy) return ENOMEM; ret = dp_opt_set_string(opts, KRB5_CCNAME_TMPL, dummy); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("dp_opt_set_string failed.\n")); return ret; } break; #ifdef HAVE_KRB5_DIRCACHE case SSS_KRB5_TYPE_DIR: DEBUG(SSSDBG_CONF_SETTINGS, ("ccache is of type DIR\n")); krb5_ctx->cc_be = &dir_cc; break; #endif default: DEBUG(SSSDBG_OP_FAILURE, ("Unknown ccname database\n")); return EINVAL; break; } return EOK; }