f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose Kerberos 5 Backend Module -- Renew a TGT automatically
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose Sumit Bose <sbose@redhat.com>
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose Copyright (C) 2010 Red Hat
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose This program is free software; you can redistribute it and/or modify
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose it under the terms of the GNU General Public License as published by
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose the Free Software Foundation; either version 3 of the License, or
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose (at your option) any later version.
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose This program is distributed in the hope that it will be useful,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose GNU General Public License for more details.
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose You should have received a copy of the GNU General Public License
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_done(struct tevent_req *req);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt(struct tevent_context *ev, struct tevent_timer *te,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct auth_data *auth_data = talloc_get_type(private_data,
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek req = krb5_auth_queue_send(auth_data, ev, auth_data->be_ctx, auth_data->pd,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth_send failed.\n");
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose/* Give back the pam data to the renewal item to be able to retry at the next
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * time the renewals re run. */
08c427fc3cdec58b670de02a6c39d2ec4d753050Sumit Bose auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose tevent_req_set_callback(req, renew_tgt_done, auth_data);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_done(struct tevent_req *req)
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct auth_data *auth_data = tevent_req_callback_data(req,
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek ret = krb5_auth_queue_recv(req, &pam_status, &dp_err);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "krb5_auth request failed.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n");
08c427fc3cdec58b670de02a6c39d2ec4d753050Sumit Bose auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Successfully renewed TGT for user [%s].\n",
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose/* In general a successful renewal will update the renewal item and free the
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * old data. But if the TGT has reached the end of his renewable lifetime it
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * will not be put into the list of renewable tickets again. In this case the
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * renewal item is not updated and the value from the hash and the one we have
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * stored are the same. Since the TGT cannot be renewed anymore we want to
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * remove it from the list of renewable tickets. */
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose ret = hash_lookup(auth_data->table, &auth_data->key, &value);
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose auth_data->renew_data == talloc_get_type(value.ptr,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "New TGT was not added for renewal, "
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose "removing list entry for user [%s].\n",
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose ret = hash_delete(auth_data->table, &auth_data->key);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Cannot renewed TGT for user [%s] while offline, "
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose "will retry later.\n",
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "Giving back pam data.\n");
08c427fc3cdec58b670de02a6c39d2ec4d753050Sumit Bose auth_data->renew_data->pd = talloc_steal(auth_data->renew_data,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to renew TGT for user [%s].\n",
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_delete(auth_data->table, &auth_data->key);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "hash_entries failed.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose for (c = 0; c < count; c++) {
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Checking [%s] for renewal at [%.24s].\n", renew_data->ccfile,
08c427fc3cdec58b670de02a6c39d2ec4d753050Sumit Bose /* If renew_data->pd == NULL a renewal request for this data is
08c427fc3cdec58b670de02a6c39d2ec4d753050Sumit Bose * currently running so we skip it. */
08c427fc3cdec58b670de02a6c39d2ec4d753050Sumit Bose if (renew_data->start_renew_at < now && renew_data->pd != NULL) {
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose auth_data = talloc_zero(renew_tgt_ctx, struct auth_data);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose/* We need to steal the pam_data here, because a successful renewal of the
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * ticket might add a new renewal item to the list with the same key (upn).
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * This would delete renew_data and all its children. But we cannot be sure
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * that adding the new renewal item is the last operation of the renewal
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * process with access the pam_data. To be on the safe side we steal the
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * pam_data and make it a child of auth_data which is only freed after the
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * renewal process is finished. In the case of an error during renewal we
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * might want to steal the pam_data back to renew_data before freeing
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose * auth_data to allow a new renewal attempt. */
cc0f97794926a426ee82df343dc223c9648ed064Sumit Bose auth_data->pd = talloc_move(auth_data, &renew_data->pd);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "tevent_add_timer failed.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to renew TGT in [%s].\n", renew_data->ccfile);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "hash_delete failed.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx);
7591a7368078c2b4cde744ede431260fd663903aSumit Bosestatic void renew_tgt_offline_callback(void *private_data)
7591a7368078c2b4cde744ede431260fd663903aSumit Bose struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(private_data,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_online_callback(void *private_data)
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(private_data,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_timer_handler(struct tevent_context *ev,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(data,
7591a7368078c2b4cde744ede431260fd663903aSumit Bose /* forget the timer event, it will be freed by the tevent timer loop */
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CONF_SETTINGS, "Offline, disable renew timer.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "renew_all_tgts failed. "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Disabling automatic TGT renewal\n");
7591a7368078c2b4cde744ede431260fd663903aSumit Bose sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "There is an active renewal timer, doing nothing.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Adding new renew timer.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_tgt_ctx->te = tevent_add_timer(renew_tgt_ctx->ev, renew_tgt_ctx,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bosestatic void renew_del_cb(hash_entry_t *entry, hash_destroy_enum type, void *pvt)
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bose renew_data = talloc_get_type(entry->value.ptr, struct renew_data);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Unexpected value type [%d].\n", entry->value.type);
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bosestatic errno_t check_ccache_file(struct renew_tgt_ctx *renew_tgt_ctx,
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose if (ccache_file == NULL || upn == NULL || user_name == NULL) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Missing one of the needed attributes: [%s][%s][%s].\n",
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose ccache_file == NULL ? "cache file missing" : ccache_file,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov user_name == NULL ? "user name missing" : user_name);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_ALL, "Found ccache file [%s].\n", ccache_file);
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose ret = get_ccache_file_data(ccache_file, upn, &tgtt);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "get_ccache_file_data failed.\n");
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose if (tgtt.renew_till > tgtt.endtime && tgtt.renew_till > now &&
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Adding [%s] for automatic renewal.\n", ccache_file);
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose ret = add_tgt_to_renew_table(renew_tgt_ctx->krb5_ctx, ccache_file,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "add_tgt_to_renew_table failed, "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "automatic renewal not possible.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "TGT in [%s] for [%s] is too old.\n", ccache_file, upn);
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bosestatic errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx)
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose const char *ccache_filter = "(&("SYSDB_CCACHE_FILE"=*)("SYSDB_UC"))";
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose const char *ccache_attrs[] = { SYSDB_CCACHE_FILE, SYSDB_UPN, SYSDB_NAME,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
df0596ec12bc5091608371e2977f3111241e8cafSimo Sorce base_dn = sysdb_base_dn(renew_tgt_ctx->be_ctx->domain->sysdb, tmp_ctx);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_base_dn failed.\n");
df0596ec12bc5091608371e2977f3111241e8cafSimo Sorce ret = sysdb_search_entry(tmp_ctx, renew_tgt_ctx->be_ctx->domain->sysdb, base_dn,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_search_entry failed.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "No entries with ccache file found in cache.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Found [%zu] entries with ccache file in cache.\n", msgs_count);
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose for (c = 0; c < msgs_count; c++) {
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose user_name = ldb_msg_find_attr_as_string(msgs[c], SYSDB_NAME, NULL);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "No user name found, this is a severe error, "
5a299e7c9f634ae86c9bd7e0a1e681aed79de6b5Jakub Hrozek "but we ignore it here.\n");
5a299e7c9f634ae86c9bd7e0a1e681aed79de6b5Jakub Hrozek ret = sss_parse_internal_fqname(tmp_ctx, user_name, NULL, &user_dom);
5a299e7c9f634ae86c9bd7e0a1e681aed79de6b5Jakub Hrozek "Cannot parse internal fqname [%d]: %s\n",
964628ab89229e9266adc5f4f8a26222734788b7Sumit Bose ret = find_or_guess_upn(tmp_ctx, msgs[c], renew_tgt_ctx->krb5_ctx,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "find_or_guess_upn failed.\n");
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose ccache_file = ldb_msg_find_attr_as_string(msgs[c], SYSDB_CCACHE_FILE,
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose ret = check_ccache_file(renew_tgt_ctx, ccache_file, upn, user_name);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to check ccache file [%s].\n", ccache_file);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Boseerrno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bose ret = sss_hash_create_ex(krb5_ctx->renew_tgt_ctx, INITIAL_TGT_TABLE_SIZE,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sss_hash_create failed.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose krb5_ctx->renew_tgt_ctx->timer_interval = renew_intv;
318f12c90208971a5b6d3574f0026601161d81c7Sumit Bose ret = check_ccache_files(krb5_ctx->renew_tgt_ctx);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to read ccache files, continuing ...\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose krb5_ctx->renew_tgt_ctx->te = tevent_add_timer(ev, krb5_ctx->renew_tgt_ctx,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_timer failed.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Adding offline callback to remove renewal timer.\n");
7591a7368078c2b4cde744ede431260fd663903aSumit Bose ret = be_add_offline_cb(krb5_ctx->renew_tgt_ctx, be_ctx,
7591a7368078c2b4cde744ede431260fd663903aSumit Bose renew_tgt_offline_callback, krb5_ctx->renew_tgt_ctx,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add offline callback.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Adding renewal task to online callbacks.\n");
7591a7368078c2b4cde744ede431260fd663903aSumit Bose ret = be_add_online_cb(krb5_ctx->renew_tgt_ctx, be_ctx,
7591a7368078c2b4cde744ede431260fd663903aSumit Bose renew_tgt_online_callback, krb5_ctx->renew_tgt_ctx,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to add renewal task to online callbacks.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Boseerrno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bose const char *upn)
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS ,"Renew context not initialized, "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "automatic renewal not available.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW &&
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected pam task [%d].\n", pd->cmd);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Missing user principal name.\n");
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bose /* hash_enter copies the content of the hash string, so it is safe to use
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bose * discard_const_p here. */
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bose renew_data->ccfile = talloc_asprintf(renew_data, "FILE:%s", ccfile);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
589dd0f6600515926e4e514442c62366db0a62b3Sumit Bose renew_data->ccfile = talloc_strdup(renew_data, ccfile);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data->start_renew_at = (time_t) (tgtt->starttime +
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = copy_pam_data(renew_data, pd, &renew_data->pd);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "copy_pam_data failed.\n");
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik sss_authtok_set_empty(renew_data->pd->newauthtok);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik ret = sss_authtok_set_ccfile(renew_data->pd->authtok, renew_data->ccfile, 0);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to store ccfile in auth token.\n");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "hash_enter failed.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Added [%s] for renewal at [%.24s].\n", renew_data->ccfile,