krb5_utils.c revision a3c8390d19593b1e5277d95bfb4ab206d4785150
fd9abdda70912b99b24e3bf1a38f26fde908a74cnd Kerberos 5 Backend Module -- Utilities
6ae232055d4d8a97267517c5e50074c2c819941and Sumit Bose <sbose@redhat.com>
6ae232055d4d8a97267517c5e50074c2c819941and Copyright (C) 2009 Red Hat
6ae232055d4d8a97267517c5e50074c2c819941and This program is free software; you can redistribute it and/or modify
6ae232055d4d8a97267517c5e50074c2c819941and it under the terms of the GNU General Public License as published by
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen the Free Software Foundation; either version 3 of the License, or
2e545ce2450a9953665f701bb05350f0d3f26275nd (at your option) any later version.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen This program is distributed in the hope that it will be useful,
6ae232055d4d8a97267517c5e50074c2c819941and but WITHOUT ANY WARRANTY; without even the implied warranty of
6ae232055d4d8a97267517c5e50074c2c819941and MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen GNU General Public License for more details.
6ae232055d4d8a97267517c5e50074c2c819941and You should have received a copy of the GNU General Public License
6ae232055d4d8a97267517c5e50074c2c819941and along with this program. If not, see <http://www.gnu.org/licenses/>.
d474d8ef01ec5c2a09341cd148851ed383c3287crbowenerrno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
6ae232055d4d8a97267517c5e50074c2c819941and if (krb5_ctx == NULL || dom == NULL || user == NULL || _upn == NULL) {
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh upn = ldb_msg_find_attr_as_string(msg, SYSDB_CANONICAL_UPN, NULL);
b062c76dff08accbdae415e6fed10ad6696b5a80takashi ret = krb5_get_simple_upn(mem_ctx, krb5_ctx, dom, user,
6ae232055d4d8a97267517c5e50074c2c819941and DEBUG(SSSDBG_OP_FAILURE, "krb5_get_simple_upn failed.\n");
6ae232055d4d8a97267517c5e50074c2c819941anderrno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb,
6ae232055d4d8a97267517c5e50074c2c819941and const char *user,
6ae232055d4d8a97267517c5e50074c2c819941and const char *upn)
6ae232055d4d8a97267517c5e50074c2c819941and const char *attrs[] = {SYSDB_UPN, SYSDB_CANONICAL_UPN, NULL};
6ae232055d4d8a97267517c5e50074c2c819941and bool in_transaction = false;
6ae232055d4d8a97267517c5e50074c2c819941and const char *cached_upn;
6ae232055d4d8a97267517c5e50074c2c819941and ret = sysdb_get_user_attr(tmp_ctx, domain, user, attrs, &res);
6ae232055d4d8a97267517c5e50074c2c819941and DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_user_attr failed.\n");
6ae232055d4d8a97267517c5e50074c2c819941and DEBUG(SSSDBG_OP_FAILURE, "[%d] user objects for name [%s] found, " \
6ae232055d4d8a97267517c5e50074c2c819941and cached_upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL);
6ae232055d4d8a97267517c5e50074c2c819941and if (cached_upn != NULL && strcmp(cached_upn, upn) == 0) {
6ae232055d4d8a97267517c5e50074c2c819941and "nothing to do.\n");
6ae232055d4d8a97267517c5e50074c2c819941and cached_canonical_upn = ldb_msg_find_attr_as_string(res->msgs[0],
6ae232055d4d8a97267517c5e50074c2c819941and DEBUG(SSSDBG_TRACE_ALL, "Cached canonical UPN and new one match, "
6ae232055d4d8a97267517c5e50074c2c819941and "nothing to do.\n");
6ae232055d4d8a97267517c5e50074c2c819941and DEBUG(SSSDBG_TRACE_LIBS, "Replacing canonical UPN [%s] with [%s] " \
6ae232055d4d8a97267517c5e50074c2c819941and "for user [%s].\n",
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
0d0ba3a410038e179b695446bb149cce6264e0abnd ret = sysdb_attrs_add_string(new_attrs, SYSDB_CANONICAL_UPN, upn);
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string failed.\n");
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh "Error %d starting transaction (%s)\n", ret, strerror(ret));
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd ret = sysdb_set_entry_attr(sysdb, res->msgs[0]->dn, new_attrs,
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
bool case_sensitive)
char *copy;
char *dummy;
char *name;
const char *cache_dir_tmpl;
char action;
bool rerun;
return NULL;
goto done;
goto done;
p = copy;
goto done;
rerun = true;
action = *n;
while (rerun) {
rerun = false;
switch (action) {
goto done;
if (!name) {
goto done;
name);
goto done;
goto done;
goto done;
goto done;
if (file_mode) {
goto done;
false, case_sensitive);
goto done;
goto done;
if (!file_mode) {
goto done;
goto done;
/* Additional syntax from krb5.conf default_ccache_name */
rerun = true;
rerun = true;
rerun = true;
rerun = true;
name = n;
template);
goto done;
goto done;
goto done;
goto done;
done:
return res;
return EINVAL;
return EINVAL;
return EINVAL;
return EOK;
struct string_list {
const char *ccdirname,
char *end;
return EINVAL;
return EOK;
return ret;
return ENOMEM;
return ENOMEM;
return ENOMEM;
goto done;
done:
return ret;
static errno_t
0, 0, NULL, 0);
if (ret == 0) {
return EINVAL;
return EOK;
return EFAULT;
return ENOMEM;
goto done;
goto done;
goto done;
goto done;
goto done;
goto done;
done:
return ret;
char *server_name;
const char *realm_name;
int realm_length;
if (kerr != 0) {
goto done;
if (kerr != 0) {
goto done;
goto done;
if (kerr != 0) {
goto done;
if (kerr != 0) {
goto done;
if (kerr != 0) {
goto done;
if (kerr != 0) {
goto done;
kerr = 0;
done:
if (kerr != 0) {
return EIO;
return EOK;
const char *filename;
char *ccdirname;
char *end;
return EOK;
goto done;
goto done;
done:
return ret;
struct sss_krb5_ccache {
const char *ccname,
if (!cc) {
return ENOMEM;
if (ret) {
goto done;
if (kerr) {
goto done;
goto done;
} else if (kerr != 0) {
goto done;
done:
if (ret) {
return ret;
if (kerr) {
return ret;
return ENOMEM;
if (ret) {
goto done;
done:
return ret;
const char *cc_type;
return ENOMEM;
if (ret) {
goto done;
if (kerr != 0) {
goto done;
if (kerr != 0) {
if (ccprinc) {
goto done;
#ifdef HAVE_KRB5_CC_COLLECTION
if (kerr != 0) {
if (kerr == 0) {
goto done;
done:
return ret;
const char *filename;
int ret;
return EOK;
return EOK;
char *tgt_name;
if (ret) {
return ret;
return ENOMEM;
if (ret) {
goto done;
if (!tgt_name) {
goto done;
if (kerr) {
goto done;
if (kerr) {
goto done;
if (kerr) {
done:
return ret;
char *domain_name,
return ENOMEM;
return EOK;