providers/krb5/krb5_utils.c

	krb5_utils.c revision 318f12c90208971a5b6d3574f0026601161d81c7
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder/*
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    SSSD
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    Kerberos 5 Backend Module -- Utilities
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    Authors:
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        Sumit Bose <sbose@redhat.com>
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    Copyright (C) 2009 Red Hat
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    This program is free software; you can redistribute it and/or modify
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    it under the terms of the GNU General Public License as published by
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    the Free Software Foundation; either version 3 of the License, or
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    (at your option) any later version.
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    This program is distributed in the hope that it will be useful,
3ab1e7a18f3fc3eb004464bc54b7df4483f1f060Christian Maeder    but WITHOUT ANY WARRANTY; without even the implied warranty of
c438c79d00fc438f99627e612498744bdc0d0c89Christian Maeder    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    GNU General Public License for more details.
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    You should have received a copy of the GNU General Public License
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    along with this program.  If not, see <http://www.gnu.org/licenses/>.
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder*/
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder#include <string.h>
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder#include <stdlib.h>
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder#include "providers/krb5/krb5_utils.h"
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder#include "providers/krb5/krb5_auth.h"
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang#include "util/util.h"
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wangchar *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                             const char *template, bool file_mode,
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                             bool *private_path)
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang{
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder    char *copy;
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder    char *p;
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder    char *n;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    char *result = NULL;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    const char *dummy;
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder    const char *cache_dir_tmpl;
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    *private_path = false;
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder    if (template == NULL) {
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder        DEBUG(1, ("Missing template.\n"));
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder        return NULL;
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder    }
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder
011946ae38036abb5d34b4661060d0604c8bb074Christian Maeder    copy = talloc_strdup(mem_ctx, template);
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder    if (copy == NULL) {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        DEBUG(1, ("talloc_strdup failed.\n"));
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder        return NULL;
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder    }
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    result = talloc_strdup(mem_ctx, "");
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    if (result == NULL) {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        DEBUG(1, ("talloc_strdup failed.\n"));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        return NULL;
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder    }
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    p = copy;
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder    while ( (n = strchr(p, '%')) != NULL) {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        *n = '\0';
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        n++;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        if ( *n == '\0' ) {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang            DEBUG(1, ("format error, single %% at the end of the template.\n"));
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder            return NULL;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        }
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        switch( *n ) {
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder            case 'u':
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                if (kr->pd->user == NULL) {
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder                    DEBUG(1, ("Cannot expand user name template "
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                              "because user name is empty.\n"));
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder                    return NULL;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                }
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                result = talloc_asprintf_append(result, "%s%s", p,
ade1f65c2bb98fbf45f8ef16bed4fa50802225a4Christian Maeder                                                kr->pd->user);
9aef2f9a1f6d7557bc31bf4f9db235f7f0d5170dChristian Maeder                if (!file_mode) *private_path = true;
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                break;
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder            case 'U':
ade1f65c2bb98fbf45f8ef16bed4fa50802225a4Christian Maeder                if (kr->uid <= 0) {
9aef2f9a1f6d7557bc31bf4f9db235f7f0d5170dChristian Maeder                    DEBUG(1, ("Cannot expand uid template "
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                              "because uid is invalid.\n"));
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                    return NULL;
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                }
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                result = talloc_asprintf_append(result, "%s%d", p,
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                                                kr->uid);
57d9ffd4f0d821632c5dd116a5301c3305599b19Christian Maeder                if (!file_mode) *private_path = true;
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                break;
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang            case 'p':
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                if (kr->upn == NULL) {
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder                    DEBUG(1, ("Cannot expand user principal name template "
57d9ffd4f0d821632c5dd116a5301c3305599b19Christian Maeder                              "because upn is empty.\n"));
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                    return NULL;
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                }
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                result = talloc_asprintf_append(result, "%s%s", p, kr->upn);
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                if (!file_mode) *private_path = true;
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                break;
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder            case '%':
8519df804b37f95a2394a6cd5662da02efa3400bChristian Maeder                result = talloc_asprintf_append(result, "%s%%", p);
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                break;
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder            case 'r':
8519df804b37f95a2394a6cd5662da02efa3400bChristian Maeder                dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM);
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                if (dummy == NULL) {
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                    DEBUG(1, ("Missing kerberos realm.\n"));
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder                    return NULL;
eab576044505ba1fbc64610323053490fbd9e82cChristian Maeder                }
8519df804b37f95a2394a6cd5662da02efa3400bChristian Maeder                result = talloc_asprintf_append(result, "%s%s", p, dummy);
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                break;
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang            case 'h':
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                if (kr->homedir == NULL) {
264b794970b6f2bd437f14233f367f1067565728Jian Chun Wang                    DEBUG(1, ("Cannot expand home directory template "
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder                              "because the path is not available.\n"));
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder                    return NULL;
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                }
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                result = talloc_asprintf_append(result, "%s%s", p, kr->homedir);
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                if (!file_mode) *private_path = true;
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                break;
84855a862ab77950c0c5059b1bba98cce0fb8ac3Christian Maeder            case 'd':
84855a862ab77950c0c5059b1bba98cce0fb8ac3Christian Maeder                if (file_mode) {
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                    cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts,
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder                                                       KRB5_CCACHEDIR);
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                    if (cache_dir_tmpl == NULL) {
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder                        DEBUG(1, ("Missing credential cache directory.\n"));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                        return NULL;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                    }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                    dummy = expand_ccname_template(mem_ctx, kr, cache_dir_tmpl,
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                                                   false, private_path);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                    if (dummy == NULL) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                        DEBUG(1, ("Expanding credential cache directory "
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                                  "template failed.\n"));
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder                        return NULL;
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder                    }
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                    result = talloc_asprintf_append(result, "%s%s", p, dummy);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                } else {
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                    DEBUG(1, ("'%%d' is not allowed in this template.\n"));
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                    return NULL;
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                }
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                break;
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder            case 'P':
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                if (!file_mode) {
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                    DEBUG(1, ("'%%P' is not allowed in this template.\n"));
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                    return NULL;
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                }
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                if (kr->pd->cli_pid == 0) {
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                    DEBUG(1, ("Cannot expand PID template "
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                              "because PID is not available.\n"));
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                    return NULL;
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                }
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                result = talloc_asprintf_append(result, "%s%d", p,
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder                                                kr->pd->cli_pid);
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                break;
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder            default:
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder                DEBUG(1, ("format error, unknown template [%%%c].\n", *n));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                return NULL;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        }
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        if (result == NULL) {
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder            DEBUG(1, ("talloc_asprintf_append failed.\n"));
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder            return NULL;
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder        }
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder        p = n + 1;
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder    }
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder    result = talloc_asprintf_append(result, "%s", p);
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder    return result;
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder}
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder
c4a8059d0469a85bb58c28ac66729ac19d743d3cChristian Maederstatic errno_t check_parent_stat(bool private_path, struct stat *parent_stat,
c4a8059d0469a85bb58c28ac66729ac19d743d3cChristian Maeder                                 uid_t uid, gid_t gid)
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder{
ade1f65c2bb98fbf45f8ef16bed4fa50802225a4Christian Maeder    if (private_path) {
c4a8059d0469a85bb58c28ac66729ac19d743d3cChristian Maeder        if (!((parent_stat->st_uid == 0 && parent_stat->st_gid == 0) ||
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder               parent_stat->st_uid == uid)) {
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder            DEBUG(1, ("Private directory can only be created below a "
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder                      "directory belonging to root or to [%d][%d].\n",
03a6bbff551286168d0b15dc53476c2ede4e60d0Christian Maeder                      uid, gid));
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder            return EINVAL;
0015e1756b734b34d4b550318c078f9a0c585611Christian Maeder        }
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder        if (parent_stat->st_uid == uid) {
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder            if (!(parent_stat->st_mode & S_IXUSR)) {
c4a8059d0469a85bb58c28ac66729ac19d743d3cChristian Maeder                DEBUG(1, ("Parent directory does have the search bit set for "
66939c546b3eaf25eb34d1dc36c0c82943f85552Christian Maeder                          "the owner.\n"));
c4a8059d0469a85bb58c28ac66729ac19d743d3cChristian Maeder                return EINVAL;
c4a8059d0469a85bb58c28ac66729ac19d743d3cChristian Maeder            }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        } else {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang            if (!(parent_stat->st_mode & S_IXOTH)) {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                DEBUG(1, ("Parent directory does have the search bit set for "
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang                        "others.\n"));
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder                return EINVAL;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder            }
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder        }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    } else {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        if (parent_stat->st_uid != 0 || parent_stat->st_gid != 0) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            DEBUG(1, ("Public directory cannot be created below a user "
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                      "directory.\n"));
37354e3ed68875fb527338105a610df481f98cb0Christian Maeder            return EINVAL;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        }
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder
50ed946595d60c06f773e73bb22b21f5cf1199caChristian Maeder        if (!(parent_stat->st_mode & S_IXOTH)) {
50ed946595d60c06f773e73bb22b21f5cf1199caChristian Maeder            DEBUG(1, ("Parent directory does have the search bit set for "
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                      "others.\n"));
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            return EINVAL;
50ed946595d60c06f773e73bb22b21f5cf1199caChristian Maeder        }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    }
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder    return EOK;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder}
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maederstruct string_list {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    struct string_list *next;
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder    struct string_list *prev;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    char *s;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder};
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maederstatic errno_t find_ccdir_parent_data(TALLOC_CTX *mem_ctx, const char *dirname,
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                                      struct stat *parent_stat,
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                                      struct string_list **missing_parents)
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder{
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    int ret = EFAULT;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    char *parent = NULL;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder    char *end;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder    struct string_list *li;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    ret = stat(dirname, parent_stat);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    if (ret == EOK) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        if ( !S_ISDIR(parent_stat->st_mode) ) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            DEBUG(1, ("[%s] is not a directory.\n", dirname));
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder            return EINVAL;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        }
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder        return EOK;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder    } else {
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder        if (errno != ENOENT) {
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang            ret = errno;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang            DEBUG(1, ("stat for [%s] failed: [%d][%s].\n", dirname, ret,
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang                      strerror(ret)));
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang            return ret;
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder        }
9031d53c51b21d50ff4af9e8a365f0252401539fChristian Maeder    }
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    li = talloc_zero(mem_ctx, struct string_list);
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    if (li == NULL) {
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        DEBUG(1, ("talloc_zero failed.\n"));
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        return ENOMEM;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    }
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
224e5f347275f5e9ada6cd976f195de2e77e41cbChristian Maeder    li->s = talloc_strdup(li, dirname);
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    if (li->s == NULL) {
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        DEBUG(1, ("talloc_strdup failed.\n"));
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        return ENOMEM;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    }
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    DLIST_ADD(*missing_parents, li);
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
224e5f347275f5e9ada6cd976f195de2e77e41cbChristian Maeder    parent = talloc_strdup(mem_ctx, dirname);
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    if (parent == NULL) {
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        DEBUG(1, ("talloc_strdup failed.\n"));
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        return ENOMEM;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    }
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    end = strrchr(parent, '/');
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder    if (end == NULL || end == parent) {
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        DEBUG(1, ("Cannot find parent directory of [%s], / is not allowed.\n",
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang                   dirname));
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        ret = EINVAL;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang        goto done;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    }
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    *end = '\0';
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    ret = find_ccdir_parent_data(mem_ctx, parent, parent_stat, missing_parents);
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wangdone:
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    talloc_free(parent);
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    return ret;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang}
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maedererrno_t create_ccache_dir(TALLOC_CTX *mem_ctx, const char *filename,
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang                          pcre *illegal_re, uid_t uid, gid_t gid,
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang                          bool private_path)
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang{
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    int ret = EFAULT;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    char *dirname;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    char *end;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    struct stat parent_stat;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    struct string_list *missing_parents = NULL;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    struct string_list *li = NULL;
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder    mode_t old_umask;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang    mode_t new_dir_mode;
8c4c53f1d84490c7eac208905e92964c6508c1d6Christian Maeder    size_t offset = 0;
9031d53c51b21d50ff4af9e8a365f0252401539fChristian Maeder    TALLOC_CTX *tmp_ctx = NULL;
db453fe9625a9dab5d108f7a5e464598814144b8Jian Chun Wang
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    tmp_ctx = talloc_new(mem_ctx);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    if (tmp_ctx == NULL) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        DEBUG(1, ("talloc_new failed.\n"));
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder        return ENOMEM;
84855a862ab77950c0c5059b1bba98cce0fb8ac3Christian Maeder    }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
b9fef2e5a40737182d451b846f6656c9abebb203Christian Maeder    if (strncmp(filename, "FILE:", 5) == 0) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        offset = 5;
b9fef2e5a40737182d451b846f6656c9abebb203Christian Maeder    }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder    dirname = talloc_strdup(tmp_ctx, filename + offset);
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder    if (dirname == NULL) {
b9fef2e5a40737182d451b846f6656c9abebb203Christian Maeder        DEBUG(1, ("talloc_strndup failed.\n"));
b9fef2e5a40737182d451b846f6656c9abebb203Christian Maeder        ret = ENOMEM;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        goto done;
b9fef2e5a40737182d451b846f6656c9abebb203Christian Maeder    }
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    if (*dirname != '/') {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        DEBUG(1, ("Only absolute paths are allowed, not [%s] .\n", dirname));
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        ret = EINVAL;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        goto done;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    }
9031d53c51b21d50ff4af9e8a365f0252401539fChristian Maeder
c26ff5708c4a855bf9503b3001bcc19e5fd6286fChristian Maeder    if (illegal_re != NULL) {
b9fef2e5a40737182d451b846f6656c9abebb203Christian Maeder        ret = pcre_exec(illegal_re, NULL, dirname, strlen(dirname),
b9fef2e5a40737182d451b846f6656c9abebb203Christian Maeder                        0, 0, NULL, 0);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        if (ret == 0) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            DEBUG(1, ("Illegal pattern in ccache directory name [%s].\n",
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                      dirname));
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            ret = EINVAL;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            goto done;
a4b140e7220222c38a7bf9704690d476a8a40d55Christian Maeder        } else if ( ret == PCRE_ERROR_NOMATCH) {
07284edd3063927c626df9c1cea9a0a7c2774efdChristian Maeder            DEBUG(9, ("Ccache directory name [%s] does not contain "
07284edd3063927c626df9c1cea9a0a7c2774efdChristian Maeder                      "illegal patterns.\n", dirname));
07284edd3063927c626df9c1cea9a0a7c2774efdChristian Maeder        } else {
07284edd3063927c626df9c1cea9a0a7c2774efdChristian Maeder            DEBUG(1, ("pcre_exec failed [%d].\n", ret));
07284edd3063927c626df9c1cea9a0a7c2774efdChristian Maeder            ret = EFAULT;
07284edd3063927c626df9c1cea9a0a7c2774efdChristian Maeder            goto done;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        }
ade1f65c2bb98fbf45f8ef16bed4fa50802225a4Christian Maeder    }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    end = strrchr(dirname, '/');
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    if (end == NULL || end == dirname) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        DEBUG(1, ("Missing filename in [%s].\n", dirname));
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder        ret = EINVAL;
9031d53c51b21d50ff4af9e8a365f0252401539fChristian Maeder        goto done;
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder    }
479da8506f391abe070ced2fb93c9759a280fa68Christian Maeder    *end = '\0';
b68f7c26243f3f99df2ddf8de966c73ad78a3741Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    ret = find_ccdir_parent_data(tmp_ctx, dirname, &parent_stat,
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                                 &missing_parents);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    if (ret != EOK) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        DEBUG(1, ("find_ccdir_parent_data failed.\n"));
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder        goto done;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder    }
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    ret = check_parent_stat(private_path, &parent_stat, uid, gid);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    if (ret != EOK) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        DEBUG(1, ("check_parent_stat failed for %s directory [%s].\n",
9031d53c51b21d50ff4af9e8a365f0252401539fChristian Maeder                  private_path ? "private" : "public", dirname));
9031d53c51b21d50ff4af9e8a365f0252401539fChristian Maeder        goto done;
9031d53c51b21d50ff4af9e8a365f0252401539fChristian Maeder    }
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder    DLIST_FOR_EACH(li, missing_parents) {
ce944c156ca6b4a56e81e232d7a22e582fbdcf33Christian Maeder        DEBUG(9, ("Creating directory [%s].\n", li->s));
ce944c156ca6b4a56e81e232d7a22e582fbdcf33Christian Maeder        if (li->next == NULL) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            new_dir_mode = private_path ? 0700 : 01777;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder        } else {
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder            if (private_path &&
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder                parent_stat.st_uid == uid && parent_stat.st_gid == gid) {
3ab1e7a18f3fc3eb004464bc54b7df4483f1f060Christian Maeder                new_dir_mode = 0700;
3ab1e7a18f3fc3eb004464bc54b7df4483f1f060Christian Maeder            } else {
3ab1e7a18f3fc3eb004464bc54b7df4483f1f060Christian Maeder                new_dir_mode = 0755;
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder            }
3ab1e7a18f3fc3eb004464bc54b7df4483f1f060Christian Maeder        }
d06598e0c310f65ab552ca55626c2f7694ffd5e3Christian Maeder
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder        old_umask = umask(0000);
2344f16936f5b31c9530d0cafb3838e9df3f3644Christian Maeder        ret = mkdir(li->s, new_dir_mode);
2344f16936f5b31c9530d0cafb3838e9df3f3644Christian Maeder        umask(old_umask);
2344f16936f5b31c9530d0cafb3838e9df3f3644Christian Maeder        if (ret != EOK) {
2344f16936f5b31c9530d0cafb3838e9df3f3644Christian Maeder            ret = errno;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            DEBUG(1, ("mkdir [%s] failed: [%d][%s].\n", li->s, ret,
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                      strerror(ret)));
2344f16936f5b31c9530d0cafb3838e9df3f3644Christian Maeder            goto done;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder        }
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder        if (private_path &&
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            ((parent_stat.st_uid == uid && parent_stat.st_gid == gid) ||
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder             li->next == NULL)) {
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            ret = chown(li->s, uid, gid);
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder            if (ret != EOK) {
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder                ret = errno;
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder                DEBUG(1, ("chown failed [%d][%s].\n", ret, strerror(ret)));
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder                goto done;
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder            }
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder        }
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder    }
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder
690e4ab8f298d9cff3803316cda70ad9b98e9c43Christian Maeder    ret = EOK;
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maederdone:
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder    talloc_free(tmp_ctx);
abcb1baa565c878598d732d0aa7724f474c9265cChristian Maeder    return ret;
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder}
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder
f799084b320209cdd71a29e74fff1be054c1d342Christian Maedererrno_t get_ccache_file_data(const char *ccache_file, const char *client_name,
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder                             struct tgt_times *tgtt)
f799084b320209cdd71a29e74fff1be054c1d342Christian Maeder{
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    krb5_error_code kerr;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    krb5_context ctx = NULL;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    krb5_ccache cc = NULL;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    krb5_principal client_princ = NULL;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    krb5_principal server_princ = NULL;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    char *server_name;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    krb5_creds mcred;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    krb5_creds cred;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    kerr = krb5_init_context(&ctx);
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    if (kerr != 0) {
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder        DEBUG(1, ("krb5_init_context failed.\n"));
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder        goto done;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    }
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    kerr = krb5_parse_name(ctx, client_name, &client_princ);
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    if (kerr != 0) {
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder        DEBUG(1, ("krb5_parse_name failed.\n"));
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder        goto done;
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    }
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s",
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder                                  krb5_princ_realm(ctx, client_princ)->length,
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder                                  krb5_princ_realm(ctx, client_princ)->data,
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder                                  krb5_princ_realm(ctx, client_princ)->length,
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder                                  krb5_princ_realm(ctx, client_princ)->data);
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder    if (server_name == NULL) {
47d6bc7bc9a708427f96be8d805f712697ad3d9eChristian Maeder        kerr = KRB5_CC_NOMEM;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        DEBUG(1, ("talloc_asprintf failed.\n"));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        goto done;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    }
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    kerr = krb5_parse_name(ctx, server_name, &server_princ);
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    talloc_free(server_name);
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    if (kerr != 0) {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        DEBUG(1, ("krb5_parse_name failed.\n"));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        goto done;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    }
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    kerr = krb5_cc_resolve(ctx, ccache_file, &cc);
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    if (kerr != 0) {
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        DEBUG(1, ("krb5_cc_resolve failed.\n"));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang        goto done;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    }
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    memset(&mcred, 0, sizeof(mcred));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    memset(&cred, 0, sizeof(mcred));
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    mcred.server = server_princ;
5be2fb5bcfaa6abbb6043d679a1d536b4878b789Jian Chun Wang    mcred.client = client_princ;
1aee531e3fe5a94300ddc7933c1983a38a76316eChristian Maeder
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang    kerr = krb5_cc_retrieve_cred(ctx, cc, 0, &mcred, &cred);
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang    if (kerr != 0) {
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang        DEBUG(1, ("krb5_cc_retrieve_cred failed.\n"));
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang        goto done;
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang    }
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang    tgtt->authtime = cred.times.authtime;
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang    tgtt->starttime = cred.times.starttime;
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang    tgtt->endtime = cred.times.endtime;
5a06d13dafa3f6c8470951a4c7cb05891ed12328Jian Chun Wang    tgtt->renew_till = cred.times.renew_till;
9aef2f9a1f6d7557bc31bf4f9db235f7f0d5170dChristian Maeder
    krb5_free_cred_contents(ctx, &cred);

    kerr = krb5_cc_close(ctx, cc);
    if (kerr != 0) {
        DEBUG(1, ("krb5_cc_close failed.\n"));
        goto done;
    }
    cc = NULL;

    kerr = 0;

done:
    if (cc != NULL) {
        krb5_cc_close(ctx, cc);
    }

    if (client_princ != NULL) {
        krb5_free_principal(ctx, client_princ);
    }

    if (server_princ != NULL) {
        krb5_free_principal(ctx, server_princ);
    }

    if (ctx != NULL) {
        krb5_free_context(ctx);
    }

    if (kerr != 0) {
        return EIO;
    }

    return EOK;
}