#include "krb5_samba.h"
#include "lib/crypto/crypto.h"
#include "../libds/common/flags.h"
+#include "source3/include/krb5_env.h"
#ifdef HAVE_COM_ERR_H
#include <com_err.h>
}
#endif /* HAVE_KRB5 */
+void smb_krb5_dump_creds(int level, krb5_context context, const krb5_creds *creds)
+{
+ char *server_name = NULL;
+ char *client_name = NULL;
+ unsigned flags;
+ krb5_error_code ret;
+ krb5_timestamp sec;
+
+ krb5_timeofday (context, &sec);
+
+ ret = krb5_unparse_name(context, creds->server, &server_name);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+
+ ret = krb5_unparse_name(context, creds->client, &client_name);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+
+ flags = TicketFlags2int(creds->flags.b);
+
+ DEBUGADD(level, ("%s %s Times[a=%s,s=%s,e=%s,r=%s] Flags[0x%x] Ticket(%u) Client[%s]\n",
+ ((sec > creds->times.endtime) ? ",expired" : ""),
+ server_name,
+ http_timestring(talloc_tos(),creds->times.authtime),
+ http_timestring(talloc_tos(),creds->times.starttime),
+ http_timestring(talloc_tos(),creds->times.endtime),
+ http_timestring(talloc_tos(),creds->times.renew_till),
+ flags, (unsigned)creds->ticket.length, client_name));
+}
+
+void smb_krb5_dump_ccache(int level, krb5_context context, krb5_ccache ccache)
+{
+ krb5_error_code ret;
+ char *fullname = NULL;
+ int version;
+ char *principal_name = NULL;
+ krb5_principal principal;
+ krb5_cc_cursor cursor;
+ krb5_creds creds;
+ time_t t;
+
+ ret = krb5_cc_get_full_name(context, ccache, &fullname);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+ version = krb5_cc_get_version(context, ccache);
+
+ ret = krb5_cc_get_lifetime(context, ccache, &t);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+
+ ret = krb5_cc_get_principal(context, ccache, &principal);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+ ret = krb5_unparse_name(context, principal, &principal_name);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+ krb5_free_principal (context, principal);
+
+ DEBUG(level, ("ccache[%p:f=%s,l=%lld,v=%d] Principal[%s]\n",
+ ccache, fullname, (long long int)t, version, principal_name));
+
+ ret = krb5_cc_start_seq_get (context, ccache, &cursor);
+
+ while ((ret = krb5_cc_next_cred (context,
+ ccache,
+ &cursor,
+ &creds)) == 0) {
+ smb_krb5_dump_creds(level, context, &creds);
+ krb5_free_cred_contents (context, &creds);
+ }
+ //if(ret != KRB5_CC_END)
+ ret = krb5_cc_end_seq_get (context, ccache, &cursor);
+
+ ret = krb5_cc_close (context, ccache);
+}
+
+void smb_krb5_dump_all_ccaches(int level, const char *location, const char *func)
+{
+ krb5_context context = NULL;
+ krb5_error_code ret = 0;
+ krb5_ccache ccache = NULL;
+ krb5_cc_cache_cursor cursor = NULL;
+
+ initialize_krb5_error_table();
+ DEBUG(level, ("%s:%s: %s: %s=%s\n", location, func, __func__, KRB5_ENV_CCNAME, getenv(KRB5_ENV_CCNAME)));
+
+ ret = krb5_init_context(&context);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+
+ ret = krb5_cc_cache_get_first(context, NULL, &cursor);
+ if (ret != 0) { DEBUG(0, ("%s:%s: ret = %d\n", __location__, __func__, ret)); return; }
+ //if (ret != 0) return talloc_asprintf(NULL, "%s:%s: ret = %d", __location__, __func__, ret);
+
+ while (krb5_cc_cache_next(context, cursor, &ccache) == 0) {
+ smb_krb5_dump_ccache(level, context, ccache);
+ }
+ krb5_cc_cache_end_seq_get(context, cursor);
+}