From 43799a169bacdfdac17ecc861d5f634422e3c71e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 9 Nov 2010 13:11:52 +0100 Subject: [PATCH 7/8] krb5_child returns TGT lifetime --- src/providers/krb5/krb5_auth.c | 19 +++++++++++++++++++ src/providers/krb5/krb5_child.c | 29 +++++++++++++++++++++++++++++ src/providers/krb5/krb5_common.h | 7 +++++++ src/util/util.h | 6 ++++++ 4 files changed, 61 insertions(+), 0 deletions(-) diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 9dc7a2c..a7711ad 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -688,6 +688,10 @@ static void krb5_child_done(struct tevent_req *subreq) int32_t msg_status; int32_t msg_type; int32_t msg_len; + int64_t int64_value; + struct tgt_times tgtt; + + memset(&tgtt, 0, sizeof(tgtt)); ret = handle_child_recv(subreq, pd, &buf, &len); talloc_zfree(subreq); @@ -751,6 +755,21 @@ static void krb5_child_done(struct tevent_req *subreq) } } + if (msg_type == SSS_KRB5_INFO_TGT_LIFETIME && + msg_len == 4*sizeof(int64_t)) { + SAFEALIGN_COPY_INT32(&int64_value, buf+p, NULL); + SAFEALIGN_COPY_INT64(&int64_value, buf+p, NULL); + tgtt.authtime = (time_t) int64_value; + SAFEALIGN_COPY_INT64(&int64_value, buf+p+sizeof(int64_t), NULL); + tgtt.starttime = (time_t) int64_value; + SAFEALIGN_COPY_INT64(&int64_value, buf+p+2*sizeof(int64_t), NULL); + tgtt.endtime = (time_t) int64_value; + SAFEALIGN_COPY_INT64(&int64_value, buf+p+3*sizeof(int64_t), NULL); + tgtt.renew_till = (time_t) int64_value; + DEBUG(7, ("TGT times are [%d][%d][%d][%d].\n", tgtt.authtime, + tgtt.starttime, tgtt.endtime, tgtt.renew_till)); + } + ret = pam_add_response(pd, msg_type, msg_len, &buf[p]); if (ret != EOK) { /* This is not a fatal error */ diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index cebc4ee..5267605 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -456,6 +456,25 @@ static errno_t sendresponse(int fd, krb5_error_code kerr, int pam_status, return EOK; } +static errno_t add_ticket_times_to_response(struct krb5_req *kr) +{ + int ret; + int64_t t[4]; + + t[0] = (int64_t) kr->creds->times.authtime; + t[1] = (int64_t) kr->creds->times.starttime; + t[2] = (int64_t) kr->creds->times.endtime; + t[3] = (int64_t) kr->creds->times.renew_till; + + ret = pam_add_response(kr->pd, SSS_KRB5_INFO_TGT_LIFETIME, + 4*sizeof(int64_t), (uint8_t *) t); + if (ret != EOK) { + DEBUG(1, ("pack_response_packet failed.\n")); + } + + return ret; +} + static krb5_error_code validate_tgt(struct krb5_req *kr) { krb5_error_code kerr; @@ -595,6 +614,11 @@ static krb5_error_code get_and_save_tgt(struct krb5_req *kr, goto done; } + ret = add_ticket_times_to_response(kr); + if (ret != EOK) { + DEBUG(1, ("add_ticket_times_to_response failed.\n")); + } + kerr = 0; done: @@ -919,6 +943,11 @@ static errno_t renew_tgt_child(int fd, struct krb5_req *kr) goto done; } + ret = add_ticket_times_to_response(kr); + if (ret != EOK) { + DEBUG(1, ("add_ticket_times_to_response failed.\n")); + } + status = PAM_SUCCESS; done: diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h index 01d2dbf..68e4426 100644 --- a/src/providers/krb5/krb5_common.h +++ b/src/providers/krb5/krb5_common.h @@ -62,6 +62,13 @@ enum krb5_opts { typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type; +struct tgt_times { + time_t authtime; + time_t starttime; + time_t endtime; + time_t renew_till; +}; + struct krb5_service { char *name; char *address; diff --git a/src/util/util.h b/src/util/util.h index e93f6f8..9ad87a4 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -183,6 +183,12 @@ safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter) safealign_memcpy(dest, &CV_MACRO_val, sizeof(type), pctr); \ } while(0) +#define SAFEALIGN_COPY_INT64(dest, src, pctr) \ + safealign_memcpy(dest, src, sizeof(int64_t), pctr) + +#define SAFEALIGN_SET_INT64(dest, value, pctr) \ + SAFEALIGN_SET_VALUE(dest, value, int64_t, pctr) + #define SAFEALIGN_COPY_UINT32(dest, src, pctr) \ safealign_memcpy(dest, src, sizeof(uint32_t), pctr) -- 1.7.3.2