Line data    Source code

       1             : /*
       2             :    Unix SMB/CIFS implementation.
       3             : 
       4             :    Kerberos backend for GENSEC
       5             : 
       6             :    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004
       7             :    Copyright (C) Andrew Tridgell 2001
       8             :    Copyright (C) Luke Howard 2002-2003
       9             :    Copyright (C) Stefan Metzmacher 2004-2005
      10             : 
      11             :    This program is free software; you can redistribute it and/or modify
      12             :    it under the terms of the GNU General Public License as published by
      13             :    the Free Software Foundation; either version 3 of the License, or
      14             :    (at your option) any later version.
      15             : 
      16             :    This program is distributed in the hope that it will be useful,
      17             :    but WITHOUT ANY WARRANTY; without even the implied warranty of
      18             :    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      19             :    GNU General Public License for more details.
      20             : 
      21             : 
      22             :    You should have received a copy of the GNU General Public License
      23             :    along with this program.  If not, see <http://www.gnu.org/licenses/>.
      24             : */
      25             : 
      26             : #include "includes.h"
      27             : #include "auth/auth.h"
      28             : #include "auth/gensec/gensec.h"
      29             : #include "auth/gensec/gensec_internal.h"
      30             : #include "gensec_krb5_internal.h"
      31             : #include "gensec_krb5_helpers.h"
      32             : #include "system/kerberos.h"
      33             : #include "auth/kerberos/kerberos.h"
      34             : 
      35          61 : static struct gensec_krb5_state *get_private_state(const struct gensec_security *gensec_security)
      36             : {
      37          61 :         struct gensec_krb5_state *gensec_krb5_state = NULL;
      38             : 
      39          61 :         if (strcmp(gensec_security->ops->name, "krb5") != 0) {
      40             :                 /* We require that the krb5 mechanism is being used. */
      41           0 :                 return NULL;
      42             :         }
      43             : 
      44          61 :         gensec_krb5_state = talloc_get_type(gensec_security->private_data,
      45             :                                             struct gensec_krb5_state);
      46          61 :         return gensec_krb5_state;
      47             : }
      48             : 
      49             : /*
      50             :  * Returns 1 if our ticket has the initial flag set, 0 if not, and -1 in case of
      51             :  * error.
      52             :  */
      53          61 : int gensec_krb5_initial_ticket(const struct gensec_security *gensec_security)
      54             : {
      55          61 :         struct gensec_krb5_state *gensec_krb5_state = NULL;
      56             : 
      57          61 :         gensec_krb5_state = get_private_state(gensec_security);
      58          61 :         if (gensec_krb5_state == NULL) {
      59           0 :                 return -1;
      60             :         }
      61             : 
      62          61 :         if (gensec_krb5_state->ticket == NULL) {
      63             :                 /* We don't have a ticket */
      64           0 :                 return -1;
      65             :         }
      66             : 
      67             : #ifdef SAMBA4_USES_HEIMDAL
      68          33 :         return gensec_krb5_state->ticket->ticket.flags.initial;
      69             : #else /* MIT KERBEROS */
      70          28 :         return (gensec_krb5_state->ticket->enc_part2->flags & TKT_FLG_INITIAL) ? 1 : 0;
      71             : #endif /* SAMBA4_USES_HEIMDAL */
      72             : }