aboutsummaryrefslogtreecommitdiff
path: root/src/krb5-auth-dialog.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/krb5-auth-dialog.c')
-rw-r--r--src/krb5-auth-dialog.c72
1 files changed, 54 insertions, 18 deletions
diff --git a/src/krb5-auth-dialog.c b/src/krb5-auth-dialog.c
index 5dfaa23..2bd2215 100644
--- a/src/krb5-auth-dialog.c
+++ b/src/krb5-auth-dialog.c
@@ -374,30 +374,66 @@ renew_credentials (void)
}
gboolean
-using_krb5()
+get_tgt_from_ccache (krb5_context context, krb5_creds *creds)
{
- const gchar *krb5ccname;
+ krb5_ccache ccache;
+ krb5_cc_cursor cursor;
+ krb5_creds mcreds;
+ krb5_principal principal, tgt_principal;
+ gboolean ret;
+
+ memset(&ccache, 0, sizeof(ccache));
+ ret = FALSE;
+ if (krb5_cc_default(context, &ccache) == 0)
+ {
+ memset(&principal, 0, sizeof(principal));
+ if (krb5_cc_get_principal(context, ccache, &principal) == 0)
+ {
+ memset(&tgt_principal, 0, sizeof(tgt_principal));
+ if (krb5_build_principal_ext(context, &tgt_principal,
+ principal->realm.length,
+ principal->realm.data,
+ KRB5_TGS_NAME_SIZE,
+ KRB5_TGS_NAME,
+ principal->realm.length,
+ principal->realm.data,
+ 0) == 0) {
+ memset(creds, 0, sizeof(*creds));
+ memset(&mcreds, 0, sizeof(mcreds));
+ mcreds.client = principal;
+ mcreds.server = tgt_principal;
+ if (krb5_cc_retrieve_cred(context, ccache,
+ 0,
+ &mcreds,
+ creds) == 0)
+ {
+ ret = TRUE;
+ } else {
+ memset(creds, 0, sizeof(*creds));
+ }
+ krb5_free_principal(context, tgt_principal);
+ }
+ krb5_free_principal(context, principal);
+ }
+ krb5_cc_close(context, ccache);
+ }
+ return ret;
+}
- gboolean success;
- int exit_status;
- GError *error;
+gboolean
+using_krb5()
+{
+ krb5_error_code err;
+ gboolean have_tgt = FALSE;
+ krb5_creds creds;
- /* See if we have a credential cache specified. */
- krb5ccname = g_getenv("KRB5CCNAME");
- if (krb5ccname != NULL)
+ err = krb5_init_context(&kcontext);
+ if (err)
return TRUE;
- /* Nope, let's see if we have any prior tickets. */
- success = g_spawn_command_line_sync("klist -s",
- NULL, NULL,
- &exit_status,
- &error);
-
- if (success == TRUE && error == NULL &&
- WIFEXITED(exit_status) && WEXITSTATUS(exit_status) == 0)
- return TRUE;
+ have_tgt = get_tgt_from_ccache(kcontext, &creds);
- return FALSE;
+ return have_tgt;
}
int