From 5654903a0be960a2ec5be5bfb77cc3263e11e58c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Thu, 30 Jul 2015 16:52:42 +0200 Subject: [PATCH 48/57] krb5 utils: add sss_krb5_realm_has_proxy() Reviewed-by: Alexander Bokovoy Reviewed-by: Jakub Hrozek --- Makefile.am | 1 + src/tests/krb5_proxy_check_test_data.conf | 8 +++++ src/tests/krb5_utils-tests.c | 17 +++++++++ src/util/sss_krb5.c | 57 +++++++++++++++++++++++++++++++ src/util/sss_krb5.h | 2 ++ 5 files changed, 85 insertions(+) create mode 100644 src/tests/krb5_proxy_check_test_data.conf diff --git a/Makefile.am b/Makefile.am index 5345d90d22cd285a5268ac50a6b527645acdb351..8b64317d6dce9a1ee8614916395b9afd9f11f382 100644 --- a/Makefile.am +++ b/Makefile.am @@ -366,6 +366,7 @@ dist_noinst_SCRIPTS = \ src/tests/pysss_murmur-test.py2.sh \ src/tests/pysss_murmur-test.py3.sh \ src/tests/python-test.py \ + src/tests/krb5_proxy_check_test_data.conf \ $(NULL) dist_noinst_DATA = \ diff --git a/src/tests/krb5_proxy_check_test_data.conf b/src/tests/krb5_proxy_check_test_data.conf new file mode 100644 index 0000000000000000000000000000000000000000..eb74dbfa47d643668688d5c789b5962698c3d17c --- /dev/null +++ b/src/tests/krb5_proxy_check_test_data.conf @@ -0,0 +1,8 @@ +[realms] + REALM = { + kdc = hello + } + + REALM_PROXY = { + kdc = https://hello + } diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c index 650ed48592768c214156d5274e654a447be98e36..9a25b09cdc136651a7117327036dd51b8ff23606 100644 --- a/src/tests/krb5_utils-tests.c +++ b/src/tests/krb5_utils-tests.c @@ -684,6 +684,22 @@ START_TEST(test_parse_krb5_map_user) } END_TEST +START_TEST(test_sss_krb5_realm_has_proxy) +{ + krb5_error_code kerr; + long perr; + + fail_unless(sss_krb5_realm_has_proxy(NULL) == false); + + setenv("KRB5_CONFIG", "/dev/null", 1); + fail_unless(sss_krb5_realm_has_proxy("REALM") == false); + + setenv("KRB5_CONFIG", ABS_SRC_DIR"/src/tests/krb5_proxy_check_test_data.conf", 1); + fail_unless(sss_krb5_realm_has_proxy("REALM") == false); + fail_unless(sss_krb5_realm_has_proxy("REALM_PROXY") == true); +} +END_TEST + Suite *krb5_utils_suite (void) { Suite *s = suite_create ("krb5_utils"); @@ -723,6 +739,7 @@ Suite *krb5_utils_suite (void) TCase *tc_krb5_helpers = tcase_create("Helper functions"); tcase_add_test(tc_krb5_helpers, test_compare_principal_realm); tcase_add_test(tc_krb5_helpers, test_parse_krb5_map_user); + tcase_add_test(tc_krb5_helpers, test_sss_krb5_realm_has_proxy); suite_add_tcase(s, tc_krb5_helpers); return s; diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index e5c2121da575b174c8b6a9a90835f2c97f807f37..2e128db3c9fcb0dfa88cab1ed799abd714ad8ba6 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "config.h" @@ -1069,3 +1070,59 @@ krb5_error_code sss_krb5_kt_have_content(krb5_context context, return 0; #endif } + +#define KDC_PROXY_INDICATOR "https://" +#define KDC_PROXY_INDICATOR_LEN (sizeof(KDC_PROXY_INDICATOR) - 1) + +bool sss_krb5_realm_has_proxy(const char *realm) +{ + krb5_context context = NULL; + krb5_error_code kerr; + struct _profile_t *profile = NULL; + const char *profile_path[4] = {"realms", NULL, "kdc", NULL}; + char **list = NULL; + bool res = false; + size_t c; + + if (realm == NULL) { + return false; + } + + kerr = krb5_init_context(&context); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_init_context failed.\n"); + return false; + } + + kerr = krb5_get_profile(context, &profile); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_get_profile failed.\n"); + goto done; + } + + profile_path[1] = realm; + + kerr = profile_get_values(profile, profile_path, &list); + if (kerr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "profile_get_values failed.\n"); + goto done; + } + + for (c = 0; list[c] != NULL; c++) { + if (strncasecmp(KDC_PROXY_INDICATOR, list[c], + KDC_PROXY_INDICATOR_LEN) == 0) { + DEBUG(SSSDBG_TRACE_ALL, + "Found KDC Proxy indicator [%s] in [%s].\n", + KDC_PROXY_INDICATOR, list[c]); + res = true; + break; + } + } + +done: + profile_free_list(list); + profile_release(profile); + krb5_free_context(context); + + return res; +} diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 462dbbe0bda8969432c8ac2f062a0123c1f098f0..fdaeb49314764e096448f342a054dc6938f0c248 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -189,4 +189,6 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx, krb5_error_code sss_krb5_kt_have_content(krb5_context context, krb5_keytab keytab); + +bool sss_krb5_realm_has_proxy(const char *realm); #endif /* __SSS_KRB5_H__ */ -- 2.4.3