Finished KLL to KIM shim.
authorAlexandra Ellwood <lxs@mit.edu>
Wed, 1 Oct 2008 19:34:06 +0000 (19:34 +0000)
committerAlexandra Ellwood <lxs@mit.edu>
Wed, 1 Oct 2008 19:34:06 +0000 (19:34 +0000)
Switched krb5 code to using it.

ticket: 6134

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970

src/kadmin/cli/kadmin.c
src/kim/lib/kim_ccache.c
src/kim/lib/mac/KerberosLogin.c
src/kim/lib/mac/KerberosLogin.exports [new file with mode: 0644]
src/kim/lib/mac/KerberosLoginPrivate.h [new file with mode: 0644]
src/lib/gssapi/krb5/acquire_cred.c
src/lib/krb5/ccache/ccdefault.c
src/lib/krb5/krb/gic_pwd.c
src/lib/krb5/os/init_os_ctx.c

index 897787255e91190a83184eb54e47f871a3359cf3..b3f2b3f21f1f8bfadc905dc544bdc3e4c5fea4b7 100644 (file)
@@ -45,8 +45,8 @@
 #include <time.h>
 #include "kadmin.h"
 
-#if defined(USE_LOGIN_LIBRARY)
-#include <Kerberos/KerberosLoginPrivate.h>
+#if defined(USE_KIM)
+#include <kim/kim.h>
 #endif
 
 /* special struct to convert flag names for principals
@@ -219,11 +219,12 @@ char *kadmin_startup(argc, argv)
 
     memset((char *) &params, 0, sizeof(params));
 
-#if defined(USE_LOGIN_LIBRARY)
+#if defined(USE_KIM)
     /* Turn off all password prompting from the KLL */
-    retval = __KLSetPromptMechanism (klPromptMechanism_None);
+    retval = kim_library_set_allow_automatic_prompting (0);
     if (retval) {
-       com_err(whoami, retval, "while calling __KLSetPromptMechanism()");
+       com_err(whoami, retval, 
+                "while calling kim_library_set_allow_automatic_prompting()");
        exit(1);
     }
 #endif
index 2e457be89f6e19cbb01c59d9107f8661bf5abe64..43da3f29b51a7931993b249d65bfaa7f2039be85 100644 (file)
@@ -255,19 +255,42 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache   *out_ccache,
                                            kim_options   in_options)
 {
     kim_error err = KIM_NO_ERROR;
+    kim_ccache ccache = NULL;
     
     if (!err && !out_ccache        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
-        err = kim_ccache_create_from_client_identity (out_ccache, in_client_identity);
+        kim_credential_state state;
         
-        if (err) {
-            /* ccache does not already exist, create a new one */
-            err = kim_ccache_create_new (out_ccache, in_client_identity, in_options);
+        err = kim_ccache_create_from_client_identity (&ccache, in_client_identity);
+        
+        if (!err) {
+            err = kim_ccache_get_state (ccache, &state);
         }
+        
+        if (!err && state != kim_credentials_state_valid) {
+            if (state == kim_credentials_state_needs_validation) {
+                err = kim_ccache_validate (ccache, in_options);
+            } else {
+                kim_ccache_free (&ccache);
+                ccache = NULL;
+            }
+        }
+        
+        if (!ccache) {
+            /* ccache does not already exist, create a new one */
+            err = kim_ccache_create_new (&ccache, in_client_identity, in_options);
+        }        
     }
     
+    if (!err) {
+        *out_ccache = ccache;
+        ccache = NULL;
+    }
+    
+    kim_ccache_free (&ccache);
+    
     return check_error (err);
 }
 
index e5fa38468865ab8539b3effe4b9a0506926a3fd3..b97128ccf056577f3fceca2fdbdae4a57f453dc3 100644 (file)
  * or implied warranty.
  */
 
+#ifndef LEAN_CLIENT
+
 #define KERBEROSLOGIN_DEPRECATED
 
 #include "CredentialsCache.h"
 #include "KerberosLogin.h"
+#include "KerberosLoginPrivate.h"
 #include <kim/kim.h>
 #include "kim_private.h"
 
-#define kl_check_error(x) (x)
+krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions);
+KLTime __KLLoginOptionsGetStartTime (KLLoginOptions ioOptions);
+char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions);
+
+/* ------------------------------------------------------------------------ */
+
+static KLStatus kl_check_error_ (kim_error inError, const char *function, const char *file, int line)
+{
+    kim_error err = inError;
+    
+    switch (err) {
+        case ccNoError:
+            err = klNoErr;
+            break;
+            
+        case ccErrBadName:
+            err = klPrincipalDoesNotExistErr;
+            break;
+            
+        case ccErrCCacheNotFound:
+            err = klCacheDoesNotExistErr;
+            break;
+            
+        case ccErrCredentialsNotFound:
+            err = klNoCredentialsErr;
+            break;
+            
+        case KIM_OUT_OF_MEMORY_ERR:
+        case ccErrNoMem:
+            err = klMemFullErr;
+            break;
+            
+        case ccErrBadCredentialsVersion:
+            err = klInvalidVersionErr;
+            break;
+            
+        case KIM_NULL_PARAMETER_ERR:
+        case ccErrBadParam:
+        case ccIteratorEnd:
+        case ccErrInvalidContext:
+        case ccErrInvalidCCache:
+        case ccErrInvalidString:
+        case ccErrInvalidCredentials:
+        case ccErrInvalidCCacheIterator:
+        case ccErrInvalidCredentialsIterator:
+        case ccErrInvalidLock:
+        case ccErrBadAPIVersion:
+        case ccErrContextLocked:
+        case ccErrContextUnlocked:
+        case ccErrCCacheLocked:
+        case ccErrCCacheUnlocked:
+        case ccErrBadLockType:
+        case ccErrNeverDefault:
+            err = klParameterErr;
+            break;
+            
+        case KIM_USER_CANCELED_ERR:
+        case KRB5_LIBOS_PWDINTR:
+            err = klUserCanceledErr;
+            break;
+    }
+    
+    if (err) {
+        kim_debug_printf ("%s() remapped %d to %d ('%s') at %s: %d", 
+                          function, inError, err, kim_error_message (err), 
+                          file, line);
+    }
+    
+    return err;
+}
+#define kl_check_error(err) kl_check_error_(err, __FUNCTION__, __FILE__, __LINE__)
 
 /* ------------------------------------------------------------------------ */
 
@@ -1051,7 +1124,7 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption  inOption,
         kim_string_free (&new_identity_string);
         kim_identity_free (&old_identity);
         kim_identity_free (&new_identity);
-         
+        
     } else if (!err && inOption == loginOption_LoginInstance) {
         /* Ignored */
         
@@ -1536,11 +1609,192 @@ KLStatus KLDisposeLoginOptions(KLLoginOptions ioOptions)
 
 /* ------------------------------------------------------------------------ */
 
-
-/* Misc function */
-
 KLStatus KLDisposeString (char *inStringToDispose)
 {
     kim_string_free ((kim_string *)&inStringToDispose);
     return klNoErr;
 }
+
+#pragma mark -
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetApplicationPrompter (KLPrompterProcPtr inPrompter)
+{
+    /* Deprecated */
+    return klNoErr;
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetHomeDirectoryAccess (KLBoolean inAllowHomeDirectoryAccess)
+{
+    return kl_check_error (kim_library_set_allow_home_directory_access (inAllowHomeDirectoryAccess));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLAllowHomeDirectoryAccess (void)
+{
+    return kim_library_allow_home_directory_access ();
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting)
+{
+    return kl_check_error (kim_library_set_allow_automatic_prompting (inAllowAutomaticPrompting));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLAllowAutomaticPrompting (void)
+{
+    return kl_check_error (kim_library_allow_automatic_prompting ());
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetPromptMechanism (KLPromptMechanism inPromptMechanism)
+{
+    kim_error err = KIM_NO_ERROR;
+
+    if (inPromptMechanism == klPromptMechanism_None) {
+        err = kim_library_set_allow_automatic_prompting (0);
+    } else {
+        err = kim_library_set_allow_automatic_prompting (1);
+    }
+
+    return kl_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLPromptMechanism __KLPromptMechanism (void)
+{
+    kim_ui_environment environment = kim_library_ui_environment ();
+    
+    if (environment == KIM_UI_ENVIRONMENT_GUI) {
+        return klPromptMechanism_GUI;
+    } else if (environment == KIM_UI_ENVIRONMENT_CLI) {
+        return klPromptMechanism_CLI;
+    }
+    return klPromptMechanism_None;
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLAllowRememberPassword (void)
+{
+    return kl_check_error (kim_os_identity_allow_save_password ());
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLCreatePrincipalFromTriplet (const char  *inName,
+                                         const char  *inInstance,
+                                         const char  *inRealm,
+                                         KLKerberosVersion  inKerberosVersion,
+                                         KLPrincipal *outPrincipal)
+{
+    return kl_check_error (kim_identity_create_from_components (outPrincipal,
+                                                                inRealm,
+                                                                inName, 
+                                                                inInstance,
+                                                                NULL));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLGetTripletFromPrincipal (KLPrincipal         inPrincipal,
+                                      KLKerberosVersion   inKerberosVersion,
+                                      char              **outName,
+                                      char              **outInstance,
+                                      char              **outRealm)
+{
+    return KLGetTripletFromPrincipal (inPrincipal, 
+                                      outName, outInstance, outRealm);
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal inPrincipal,
+                                                    KLPrincipal *outPrincipal)
+{
+    return KLCreatePrincipalFromKerberos5Principal (inPrincipal, outPrincipal);
+    
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal, 
+                                                 krb5_context    inContext, 
+                                                 krb5_principal *outKrb5Principal)
+{
+    return kl_check_error (kim_identity_get_krb5_principal (inPrincipal, 
+                                                            inContext, 
+                                                            outKrb5Principal));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLPrincipalIsTicketGrantingService (KLPrincipal inPrincipal)
+{
+    kim_boolean is_tgt = FALSE;
+    kim_error err = kim_identity_is_tgt_service (inPrincipal, &is_tgt);
+    
+    return !err ? is_tgt : FALSE; 
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLGetKeychainPasswordForPrincipal (KLPrincipal   inPrincipal,
+                                              char        **outPassword)
+{
+    return kl_check_error (kim_os_identity_get_saved_password (inPrincipal,
+                                                               (kim_string *) outPassword));
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLPrincipalSetKeychainPassword (KLPrincipal  inPrincipal,
+                                           const char  *inPassword)
+{
+    return kl_check_error (kim_os_identity_set_saved_password (inPrincipal,
+                                                               inPassword));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLRemoveKeychainPasswordForPrincipal (KLPrincipal inPrincipal)
+{
+    return kl_check_error (kim_os_identity_remove_saved_password (inPrincipal));
+}
+
+#pragma mark -
+
+// ---------------------------------------------------------------------------
+
+krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions)
+{
+    return kim_options_init_cred_options (ioOptions);
+}
+
+// ---------------------------------------------------------------------------
+
+KLTime __KLLoginOptionsGetStartTime (KLLoginOptions ioOptions)
+{
+    return kim_options_start_time (ioOptions);
+}
+
+// ---------------------------------------------------------------------------
+
+char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions)
+{
+    return kim_options_service_name (ioOptions);
+}
+
+
+
+#endif /* LEAN_CLIENT */
diff --git a/src/kim/lib/mac/KerberosLogin.exports b/src/kim/lib/mac/KerberosLogin.exports
new file mode 100644 (file)
index 0000000..9fd85f4
--- /dev/null
@@ -0,0 +1,107 @@
+
+# Public API:
+
+KLAcquireTickets
+KLAcquireNewTickets
+KLAcquireTicketsWithPassword
+KLAcquireNewTicketsWithPassword
+
+KLAcquireInitialTickets
+KLAcquireNewInitialTickets
+KLAcquireInitialTicketsWithPassword
+KLAcquireNewInitialTicketsWithPassword
+KLAcquireNewInitialTicketCredentialsWithPassword
+KLStoreNewInitialTicketCredentials
+
+KLVerifyInitialTickets
+KLVerifyInitialTicketCredentials
+KLAcquireNewInitialTicketsWithKeytab
+
+KLChangePassword
+KLChangePasswordWithPasswords
+KLRenewInitialTickets
+KLValidateInitialTickets
+KLDestroyTickets
+
+KLLastChangedTime
+KLCacheHasValidTickets
+KLTicketStartTime
+KLTicketExpirationTime
+KLSetSystemDefaultCache
+
+KLHandleError
+KLGetErrorString
+
+KLCancelAllDialogs
+
+KLSetApplicationOptions
+KLGetApplicationOptions
+
+KLSetIdleCallback
+KLGetIdleCallback
+
+KLGetDefaultLoginOption
+KLSetDefaultLoginOption
+
+KLFindKerberosRealmByName
+KLGetKerberosRealm
+KLSetKerberosRealm
+KLRemoveKerberosRealm
+KLInsertKerberosRealm
+KLRemoveAllKerberosRealms
+KLCountKerberosRealms
+KLGetKerberosDefaultRealm
+KLGetKerberosDefaultRealmByName
+KLSetKerberosDefaultRealm
+KLSetKerberosDefaultRealmByName
+
+KLCreatePrincipalFromTriplet
+KLCreatePrincipalFromString
+KLGetTripletFromPrincipal
+KLGetStringFromPrincipal
+KLGetDisplayStringFromPrincipal
+KLComparePrincipal
+KLDisposePrincipal
+
+KLCreateLoginOptions
+KLLoginOptionsSetTicketLifetime
+KLLoginOptionsSetForwardable
+KLLoginOptionsSetProxiable
+KLLoginOptionsSetRenewableLifetime
+KLLoginOptionsSetAddressless
+KLLoginOptionsSetTicketStartTime
+KLLoginOptionsSetServiceName
+KLDisposeLoginOptions
+
+KLDisposeString
+
+# Private APIs being used by external callers:
+
+#__KLChangePasswordWithPasswordsCompat
+#__KLAcquireInitialTicketsForCache
+#__KLPrompter
+
+__KLSetApplicationPrompter
+
+__KLSetHomeDirectoryAccess
+__KLAllowHomeDirectoryAccess
+
+__KLSetAutomaticPrompting
+__KLAllowAutomaticPrompting
+__KLSetPromptMechanism
+__KLPromptMechanism
+__KLAllowRememberPassword
+
+__KLCreatePrincipalFromTriplet
+__KLGetTripletFromPrincipal
+__KLCreatePrincipalFromKerberos5Principal
+__KLGetKerberos5PrincipalFromPrincipal
+__KLPrincipalIsTicketGrantingService
+
+__KLGetKeychainPasswordForPrincipal
+__KLPrincipalSetKeychainPassword
+__KLRemoveKeychainPasswordForPrincipal
+
+__KLLoginOptionsGetKerberos5Options
+__KLLoginOptionsGetStartTime
+__KLLoginOptionsGetServiceName
diff --git a/src/kim/lib/mac/KerberosLoginPrivate.h b/src/kim/lib/mac/KerberosLoginPrivate.h
new file mode 100644 (file)
index 0000000..52e10fc
--- /dev/null
@@ -0,0 +1,123 @@
+/*
+* Copyright 1998-2008 Massachusetts Institute of Technology.
+* All Rights Reserved.
+*
+* Export of this software from the United States of America may
+* require a specific license from the United States Government.
+* It is the responsibility of any person or organization contemplating
+* export to obtain such a license before exporting.
+* 
+* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+* distribute this software and its documentation for any purpose and
+* without fee is hereby granted, provided that the above copyright
+* notice appear in all copies and that both that copyright notice and
+* this permission notice appear in supporting documentation, and that
+* the name of M.I.T. not be used in advertising or publicity pertaining
+* to distribution of the software without specific, written prior
+* permission.  Furthermore if you modify this software you must label
+* your software as modified software and not distribute it in such a
+* fashion that it might be confused with the original M.I.T. software.
+* M.I.T. makes no representations about the suitability of
+* this software for any purpose.  It is provided "as is" without express
+* or implied warranty.
+*/
+
+#ifndef __KERBEROSLOGINPRIVATE__
+#define __KERBEROSLOGINPRIVATE__
+
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#    include <TargetConditionals.h>
+#    if TARGET_RT_MAC_CFM
+#        error "Use KfM 4.0 SDK headers for CFM compilation."
+#    endif
+#endif
+
+#include <Kerberos/KerberosLogin.h>
+#include <Kerberos/krb5.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+    klPromptMechanism_Autodetect = 0,
+    klPromptMechanism_GUI = 1,
+    klPromptMechanism_CLI = 2,
+    klPromptMechanism_None = 0xFFFFFFFF
+};
+typedef uint32_t KLPromptMechanism;
+
+/*************/
+/*** Types ***/
+/*************/
+
+#ifdef KERBEROSLOGIN_DEPRECATED
+
+typedef krb5_error_code (*KLPrompterProcPtr) (krb5_context  context,
+                                              void         *data,
+                                              const char   *name,
+                                              const char   *banner,
+                                              int           num_prompts,
+                                              krb5_prompt   prompts[]);
+KLStatus __KLSetApplicationPrompter (KLPrompterProcPtr inPrompter);
+
+#endif /* KERBEROSLOGIN_DEPRECATED */
+    
+/*****************/
+/*** Functions ***/
+/*****************/
+
+KLStatus  __KLSetHomeDirectoryAccess (KLBoolean inAllowHomeDirectoryAccess);
+KLBoolean __KLAllowHomeDirectoryAccess (void);
+
+KLStatus  __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting);
+KLBoolean __KLAllowAutomaticPrompting (void);
+
+KLBoolean __KLAllowRememberPassword (void);
+
+KLStatus          __KLSetPromptMechanism (KLPromptMechanism inPromptMechanism);
+KLPromptMechanism __KLPromptMechanism (void);
+
+KLStatus __KLCreatePrincipalFromTriplet (const char  *inName,
+                                         const char  *inInstance,
+                                         const char  *inRealm,
+                                         KLKerberosVersion  inKerberosVersion,
+                                         KLPrincipal *outPrincipal);
+
+KLStatus __KLGetTripletFromPrincipal (KLPrincipal         inPrincipal,
+                                      KLKerberosVersion   inKerberosVersion,
+                                      char              **outName,
+                                      char              **outInstance,
+                                      char              **outRealm);
+
+KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal  inPrincipal,
+                                                    KLPrincipal    *outPrincipal);
+
+KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal, 
+                                                 krb5_context    inContext, 
+                                                 krb5_principal *outKrb5Principal);
+
+KLStatus __KLGetRealmFromPrincipal (KLPrincipal inPrincipal, char **outRealm);
+
+KLBoolean __KLPrincipalIsTicketGrantingService (KLPrincipal inPrincipal);
+
+KLStatus __KLGetKeychainPasswordForPrincipal (KLPrincipal   inPrincipal,
+                                              char        **outPassword);
+
+KLStatus __KLPrincipalSetKeychainPassword (KLPrincipal  inPrincipal,
+                                           const char  *inPassword);
+
+KLStatus __KLRemoveKeychainPasswordForPrincipal (KLPrincipal inPrincipal);
+
+#if TARGET_OS_MAC
+#    if defined(__MWERKS__)
+#        pragma import reset
+#    endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __KERBEROSLOGINPRIVATE__ */
+
index 55d19fd5af759ce4208ca498e97434fcfd24d85f..a36dfe060fb6ad8e7dda3cd28ad0f8f175d826fc 100644 (file)
@@ -79,8 +79,8 @@
 #include <strings.h>
 #endif
 
-#if defined(USE_LOGIN_LIBRARY)
-#include <Kerberos/KerberosLoginPrivate.h>
+#if defined(USE_KIM)
+#include <kim/kim.h>
 #elif defined(USE_LEASH)
 #ifdef _WIN64
 #define LEASH_DLL "leashw64.dll"
@@ -244,32 +244,35 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
        return(GSS_S_FAILURE);
    }
 
-#if defined(USE_LOGIN_LIBRARY) || defined(USE_LEASH)
+#if defined(USE_KIM) || defined(USE_LEASH)
    if (desired_name && !caller_provided_ccache_name) {
-#if defined(USE_LOGIN_LIBRARY)
-       KLStatus err = klNoErr;
-       char *ccache_name = NULL;
-       KLPrincipal kl_desired_princ = NULL;
-
-       err = __KLCreatePrincipalFromKerberos5Principal ((krb5_principal) desired_name,
-                                                        &kl_desired_princ);
+#if defined(USE_KIM)
+       kim_error err = KIM_NO_ERROR;
+       kim_ccache kimccache = NULL;
+       kim_identity identity = NULL;
+
+       err = kim_identity_create_from_krb5_principal (&identity,
+                                                      context, 
+                                                      (krb5_principal) desired_name);
        
        if (!err) {
-           err = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name);
+           err = kim_ccache_create_new_if_needed (&kimccache, 
+                                                  identity, 
+                                                  KIM_OPTIONS_DEFAULT);
        }
-
+       
        if (!err) {
-           err = krb5_cc_resolve (context, ccache_name, &ccache);
+           err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache);
        }
        
+       kim_ccache_free (&kimccache);
+       kim_identity_free (&identity);
+       
        if (err) {
            *minor_status = err;
            return(GSS_S_CRED_UNAVAIL);
        }
        
-       if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); }
-       if (ccache_name      != NULL) { KLDisposeString (ccache_name); }
-       
 #elif defined(USE_LEASH)
        if ( hLeashDLL == INVALID_HANDLE_VALUE ) {
           hLeashDLL = LoadLibrary(LEASH_DLL);
@@ -301,7 +304,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred)
        }
 #endif /* USE_LEASH */
    } else
-#endif /* USE_LOGIN_LIBRARY || USE_LEASH */
+#endif /* USE_KIM || USE_LEASH */
    {
        /* open the default credential cache */
    
index d6a2597dbdece37d94f9e9cfb45a1e922aa96cd3..e5006de220cc3f76dc30bc92db7d5b382a0efb4e 100644 (file)
@@ -29,8 +29,8 @@
 
 #include "k5-int.h"
 
-#if defined(USE_LOGIN_LIBRARY)
-#include "KerberosLoginPrivate.h"
+#if defined(USE_KIM)
+#include <kim/kim.h>
 #elif defined(USE_LEASH)
 static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL;
 static HANDLE hLeashDLL = INVALID_HANDLE_VALUE;
@@ -77,25 +77,43 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
         return KV5M_CONTEXT;
     }
 
-#ifdef USE_LOGIN_LIBRARY
+#ifdef USE_KIM
     {
-        /* make sure the default cache has tix before you open it */
-        KLStatus err = klNoErr;
-        char *outCacheName = NULL;
+        kim_error err = KIM_NO_ERROR;
+        kim_ccache kimccache = NULL;
+        kim_identity identity = KIM_IDENTITY_ANY;
+        kim_credential_state state;
+        kim_string name = NULL;
         
-        /* Try to make sure a krb5 tgt is in the cache */
-        err = __KLInternalAcquireInitialTicketsForCache (krb5_cc_default_name (context), kerberosVersion_V5, 
-                                                         NULL, NULL, &outCacheName);
-        if (err == klNoErr) {
-            /* This function tries to get tickets and put them in the specified 
-            cache, however, if the cache does not exist, it may choose to put 
-            them elsewhere (ie: the system default) so we set that here */
-            const char * ccdefname = krb5_cc_default_name (context);
-            if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) {
-                krb5_cc_set_default_name (context, outCacheName);
-            }
-            KLDisposeString (outCacheName);
+        err = kim_ccache_create_from_display_name (&kimccache, 
+                                                   krb5_cc_default_name (context));
+        
+        if (!err) {
+            err = kim_ccache_get_client_identity (kimccache, &identity);
+        }
+        
+        if (!err) {
+            err = kim_ccache_get_state (kimccache, &state);
+        }
+                        
+        if (err || state != kim_credentials_state_valid) {
+            /* Either the ccache is does not exist or is invalid.  Get new
+             * tickets.  Use the identity in the ccache if there was one. */
+            kim_ccache_free (&kimccache);
+            err = kim_ccache_create_new (&kimccache, 
+                                         identity, KIM_OPTIONS_DEFAULT);
         }
+        
+        if (!err) {
+            err = kim_ccache_get_display_name (kimccache, &name);
+        }
+        
+        if (!err) {
+             krb5_cc_set_default_name (context, name);
+        }
+        
+        kim_string_free (&name);
+        kim_ccache_free (&kimccache);
     }
 #else
 #ifdef USE_LEASH
index 094eb79f5bbd4fff50f6c74d29ee8fe03e7d1de1..bd5cbd195c8ed10750030d6ef4fd2ba4c6f2e7b3 100644 (file)
@@ -186,7 +186,7 @@ krb5_get_init_creds_password(krb5_context context,
           use_master = 0;
    }
 
-#ifdef USE_LOGIN_LIBRARY
+#ifdef USE_KIM
        if (ret == KRB5KDC_ERR_KEY_EXP)
                goto cleanup;   /* Login library will deal appropriately with this error */
 #endif
index 06a5b6bfa81638592dec573d7c6a67f28df15ede..5011d548ce1aab1b41462c22c582bfa6e54e75ae 100644 (file)
@@ -32,8 +32,8 @@
 #include "os-proto.h"
 #include "prof_int.h"          /* XXX for profile_copy, not public yet */
 
-#ifdef USE_LOGIN_LIBRARY
-#include "KerberosLoginPrivate.h"
+#ifdef USE_KIM
+#include "kim/kim_library.h"
 #endif
 
 #if defined(_WIN32)
@@ -240,10 +240,10 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure)
     unsigned int ent_len;
     const char *s, *t;
 
-#ifdef USE_LOGIN_LIBRARY
-    /* If __KLAllowHomeDirectoryAccess() == FALSE, we are probably
+#ifdef USE_KIM
+    /* If kim_library_allow_home_directory_access() == FALSE, we are probably
         trying to authenticate to a fileserver for the user's homedir. */
-    if (!__KLAllowHomeDirectoryAccess ())
+    if (!kim_library_allow_home_directory_access ())
        secure = 1;
 #endif
     if (secure) {