ldap_child.c revision 4c157ecedd52602f75574605ef48d0c48e9bfbe8
/*
SSSD
LDAP Backend Module -- prime ccache with TGT in a child process
Authors:
Jakub Hrozek <jhrozek@redhat.com>
Copyright (C) 2009 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <unistd.h>
#include <popt.h>
#include <security/pam_modules.h>
#include "util/sss_krb5.h"
#include "util/child_common.h"
#include "providers/dp_backend.h"
static krb5_context krb5_error_ctx;
static const char *__krb5_error_msg;
#define KRB5_SYSLOG(krb5_error) do { \
} while(0)
struct input_buffer {
const char *realm_str;
const char *princ_str;
const char *keytab_name;
};
struct input_buffer *ibuf)
{
size_t p = 0;
/* realm_str size and length */
if (len) {
p += len;
}
/* princ_str size and length */
if (len) {
p += len;
}
/* keytab_name size and length */
if (len) {
p += len;
}
/* ticket lifetime */
return EOK;
}
{
int len;
size_t p = 0;
if(!r->buf) {
return ENOMEM;
}
/* result */
/* krb5 error code */
/* message size */
/* message itself */
/* ticket expiration time */
return EOK;
}
const char *realm_str,
const char *princ_str,
const char *keytab_name,
const krb5_deltat lifetime,
const char **ccname_out,
{
char *ccname;
char *realm_name = NULL;
char *full_princ = NULL;
char *default_realm = NULL;
int n_etype_list;
int canonicalize = 0;
int kdc_time_offset_usec;
int ret;
if (krberr) {
return krberr;
}
if (!realm_str) {
if (krberr) {
goto done;
}
if (!realm_name) {
goto done;
}
} else {
if (!realm_name) {
goto done;
}
}
if (princ_str) {
} else {
}
} else {
char hostname[512];
if (ret == -1) {
goto done;
}
}
if (!full_princ) {
goto done;
}
if (krberr) {
goto done;
}
if (keytab_name) {
} else {
}
if (krberr) {
("Failed to read keytab file [%s]: %s\n",
goto done;
}
/* Verify the keytab */
if (ret) {
goto done;
}
if (!ccname) {
goto done;
}
if (krberr) {
goto done;
}
canonicalize = 1;
}
&etype_list, &n_etype_list);
if (krberr) {
krberr)));
} else if (n_etype_list > 0) {
}
if (krberr) {
("Failed to init credentials: %s\n",
"Failed to initialize credentials using keytab [%s]: %s. "
"Unable to create GSSAPI-encrypted LDAP connection.",
goto done;
}
/* Use updated principal if changed due to canonicalization. */
if (krberr) {
goto done;
}
if (krberr) {
goto done;
}
#ifdef HAVE_KRB5_GET_TIME_OFFSETS
if (krberr) {
kdc_time_offset = 0;
} else {
if (kdc_time_offset_usec > 0) {
}
}
#else
/* If we don't have this function, just assume no offset */
kdc_time_offset = 0;
#endif
krberr = 0;
*ccname_out = ccname;
done:
return krberr;
}
const char *ccname,
{
int ret;
if (!r) return ENOMEM;
r->size = 0;
if (kerr == 0) {
} else {
return ENOMEM;
}
}
return ret;
}
*rsp = r;
return EOK;
}
{
int ret;
int kerr;
int opt;
int debug_fd = -1;
time_t expire_time = 0;
struct poptOption long_options[] = {
_("Debug level"), NULL},
_("Add debug timestamps"), NULL},
_("Show timestamps with microseconds"), NULL},
_("An open file descriptor for the debug logs"), NULL},
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */
switch(opt) {
default:
_exit(-1);
}
}
if (!debug_prg_name) {
goto fail;
}
if (debug_fd != -1) {
}
}
goto fail;
}
goto fail;
}
goto fail;
}
errno = 0;
if (len == -1) {
goto fail;
}
goto fail;
}
&ccname, &expire_time);
/* Do not return, must report failure */
}
goto fail;
}
errno = 0;
if (written == -1) {
goto fail;
}
goto fail;
}
_exit(0);
fail:
_exit(-1);
}