krb5_renew_tgt.c revision f3f9ce8024d7610439d6c70ddafab1ab025cf8a8
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose Kerberos 5 Backend Module -- Renew a TGT automatically
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose Sumit Bose <sbose@redhat.com>
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose Copyright (C) 2010 Red Hat
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose This program is free software; you can redistribute it and/or modify
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose it under the terms of the GNU General Public License as published by
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose the Free Software Foundation; either version 3 of the License, or
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose (at your option) any later version.
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose This program is distributed in the hope that it will be useful,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose GNU General Public License for more details.
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose You should have received a copy of the GNU General Public License
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_done(struct tevent_req *req);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt(struct tevent_context *ev, struct tevent_timer *te,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct auth_data *auth_data = talloc_get_type(private_data,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose req = krb5_auth_send(auth_data, ev, auth_data->be_ctx, auth_data->pd,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose tevent_req_set_callback(req, renew_tgt_done, auth_data);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_done(struct tevent_req *req)
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct auth_data *auth_data = tevent_req_callback_data(req,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(4, ("Successfully renewed TGT for user [%s].\n",
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(4, ("Cannot renewed TGT for user [%s] while offline, "
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose "will retry later.\n",
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(1, ("Failed to renew TGT for user [%s].\n",
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_delete(auth_data->table, &auth_data->key);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic errno_t renew_all_tgts(struct renew_tgt_ctx *renew_tgt_ctx)
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose unsigned long count;
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_entries(renew_tgt_ctx->tgt_table, &count, &entries);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose for (c = 0; c < count; c++) {
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data = talloc_get_type(entries[c].value.ptr, struct renew_data);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(9, ("Checking [%s] for renewal at [%.24s].\n", entries[c].key.str,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose auth_data = talloc_zero(renew_tgt_ctx, struct auth_data);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(1, ("Failed to renew TGT in [%s].\n", entries[c].key.str));
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_delete(renew_tgt_ctx->tgt_table, &entries[c].key);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_online_callback(void *private_data)
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(private_data,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_tgt_ctx->added_to_online_callbacks = false;
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_tgt_timer_handler(struct tevent_context *ev,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose struct renew_tgt_ctx *renew_tgt_ctx = talloc_get_type(data,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bosestatic void renew_handler(struct renew_tgt_ctx *renew_tgt_ctx)
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(3, ("Renewal task was already added to online callbacks.\n"));
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(7, ("Offline, adding renewal task to online callbacks.\n"));
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = be_add_online_cb(renew_tgt_ctx->krb5_ctx, renew_tgt_ctx->be_ctx,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(1, ("Failed to add the renewal task to online callbacks, "
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose "continue normal operation.\n"));
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose "Disabling automatic TGT renewal\n"));
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose next = tevent_timeval_current_ofs(renew_tgt_ctx->timer_interval,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_tgt_ctx->te = tevent_add_timer(renew_tgt_ctx->ev, renew_tgt_ctx,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose sss_log(SSS_LOG_ERR, "Disabling automatic TGT renewal.");
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Boseerrno_t init_renew_tgt(struct krb5_ctx *krb5_ctx, struct be_ctx *be_ctx,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose krb5_ctx->renew_tgt_ctx = talloc_zero(krb5_ctx, struct renew_tgt_ctx);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = sss_hash_create(krb5_ctx->renew_tgt_ctx, INITIAL_TGT_TABLE_SIZE,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose krb5_ctx->renew_tgt_ctx->timer_interval = renew_intv;
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose krb5_ctx->renew_tgt_ctx->added_to_online_callbacks = false;
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose next = tevent_timeval_current_ofs(krb5_ctx->renew_tgt_ctx->timer_interval,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose krb5_ctx->renew_tgt_ctx->te = tevent_add_timer(ev, krb5_ctx->renew_tgt_ctx,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Boseerrno_t add_tgt_to_renew_table(struct krb5_ctx *krb5_ctx, const char *ccfile,
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose "automatic renewal not available.\n"));
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose if (pd->cmd != SSS_PAM_AUTHENTICATE && pd->cmd != SSS_CMD_RENEW &&
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(1, ("Unexpected pam task [%d].\n", pd->cmd));
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose key_str = talloc_asprintf(NULL, "FILE:%s", ccfile);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data = talloc_zero(krb5_ctx->renew_tgt_ctx, struct renew_data);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data->start_renew_at = (time_t) (tgtt->starttime +
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = copy_pam_data(renew_data, pd, &renew_data->pd);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose if (renew_data->pd->newauthtok_type != SSS_AUTHTOK_TYPE_EMPTY) {
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data->pd->newauthtok_type = SSS_AUTHTOK_TYPE_EMPTY;
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data->pd->authtok = (uint8_t *) talloc_strdup(renew_data->pd, key.str);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data->pd->authtok_size = strlen((char *) renew_data->pd->authtok) + 1;
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose renew_data->pd->authtok_type = SSS_AUTHTOK_TYPE_CCFILE;
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose ret = hash_enter(krb5_ctx->renew_tgt_ctx->tgt_table, &key, &value);
f3f9ce8024d7610439d6c70ddafab1ab025cf8a8Sumit Bose DEBUG(7, ("Added [%s] for renewal at [%.24s].\n", key_str,