From: Günther Deschner Date: Wed, 11 Nov 2009 23:52:38 +0000 (+0100) Subject: cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT. X-Git-Tag: tdb-1.2.0~181 X-Git-Url: http://git.samba.org/samba.git/?p=ira%2Fwip.git;a=commitdiff_plain;h=b29eed492f1c056adb0b53510be10e738276ca11 cifs.upcall: Fix Bug #6868: support building with Heimdal we well as with MIT. Guenther --- diff --git a/client/cifs.upcall.c b/client/cifs.upcall.c index 97c6ae022d4..d3ff5f17a2d 100644 --- a/client/cifs.upcall.c +++ b/client/cifs.upcall.c @@ -45,18 +45,6 @@ typedef enum _sectype { MS_KRB5 } sectype_t; -static inline int -k5_data_equal(krb5_data d1, krb5_data d2, unsigned int length) -{ - if (!length) - length = d1.length; - - return (d1.length == length && - d1.length == d2.length && - memcmp(d1.data, d2.data, length) == 0); - -} - /* does the ccache have a valid TGT? */ static time_t get_tgt_time(const char *ccname) { @@ -65,9 +53,8 @@ get_tgt_time(const char *ccname) { krb5_cc_cursor cur; krb5_creds creds; krb5_principal principal; - krb5_data tgt = { .data = "krbtgt", - .length = 6 }; time_t credtime = 0; + char *realm = NULL; if (krb5_init_context(&context)) { syslog(LOG_DEBUG, "%s: unable to init krb5 context", __func__); @@ -94,16 +81,27 @@ get_tgt_time(const char *ccname) { goto err_ccstart; } + if ((realm = smb_krb5_principal_get_realm(context, principal)) == NULL) { + syslog(LOG_DEBUG, "%s: unable to get realm", __func__); + goto err_ccstart; + } + while (!credtime && !krb5_cc_next_cred(context, ccache, &cur, &creds)) { - if (k5_data_equal(creds.server->realm, principal->realm, 0) && - k5_data_equal(creds.server->data[0], tgt, tgt.length) && - k5_data_equal(creds.server->data[1], principal->realm, 0) && + char *name; + if (smb_krb5_unparse_name(NULL, context, creds.server, &name)) { + syslog(LOG_DEBUG, "%s: unable to unparse name", __func__); + goto err_endseq; + } + if (krb5_realm_compare(context, creds.server, principal) && + strnequal(name, KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE) && + strnequal(name+KRB5_TGS_NAME_SIZE+1, realm, strlen(realm)) && creds.times.endtime > time(NULL)) credtime = creds.times.endtime; krb5_free_cred_contents(context, &creds); + TALLOC_FREE(name); } +err_endseq: krb5_cc_end_seq_get(context, ccache, &cur); - err_ccstart: krb5_free_principal(context, principal); err_princ: