* without resending secrets to the KDC (such as a password). If credentials are
* not renewable, this function will return an error.
*
+ * \li #kim_ccache_get_options()
+ * returns a kim_options object with the credential options of the credentials
+ * in the ccache. This function is intended to be used when adding
+ * an identity with existing credentials to the favorite identities list.
+ * By passing in the options returned by this call, future requests for the
+ * favorite identity will use the same credential options.
+ *
* See \ref kim_ccache_reference and \ref kim_ccache_iterator_reference for
* information on specific APIs.
*/
kim_error kim_ccache_get_renewal_expiration_time (kim_ccache in_ccache,
kim_time *out_renewal_expiration_time);
+/*!
+ * \param kim_ccache a ccache object.
+ * \param out_options on exit, an options object reflecting the ticket
+ * options of the credentials in \a in_ccache.
+ * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
+ * \brief Get a kim_options object based on a ccache's credential attributes.
+ */
+kim_error kim_ccache_get_options (kim_ccache in_ccache,
+ kim_options *out_options);
+
/*!
* \param io_ccache a ccache object which will be set to the default ccache.
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* without resending secrets to the KDC (such as a password). If credentials are
* not renewable, this function will return a renewal expiration time of 0.
*
+ * \li #kim_credential_get_options()
+ * returns a kim_options object with the credential options of the
+ * credential. This function is intended to be used when adding
+ * an identity with existing credentials to the favorite identities list.
+ * By passing in the options returned by this call, future requests for the
+ * favorite identity will use the same credential options.
+ *
*
* See \ref kim_credential_reference and \ref kim_credential_iterator_reference for
* information on specific APIs.
kim_error kim_credential_get_renewal_expiration_time (kim_credential in_credential,
kim_time *out_renewal_expiration_time);
+/*!
+ * \param in_credential a credential object.
+ * \param out_options on exit, an options object reflecting the ticket
+ * options of \a in_credential.
+ * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
+ * \brief Get a kim_options object based on a credential's attributes.
+ */
+kim_error kim_credential_get_options (kim_credential in_credential,
+ kim_options *out_options);
+
/*!
* \param in_credential a credential object.
* \param in_client_identity a client identity.
kim_credential_get_start_time
kim_credential_get_expiration_time
kim_credential_get_renewal_expiration_time
+kim_credential_get_options
kim_credential_store
kim_credential_renew
kim_credential_validate
kim_ccache_get_start_time
kim_ccache_get_expiration_time
kim_ccache_get_renewal_expiration_time
+kim_ccache_get_options
kim_ccache_set_default
kim_ccache_renew
kim_ccache_validate
kim_credential_get_start_time
kim_credential_get_expiration_time
kim_credential_get_renewal_expiration_time
+kim_credential_get_options
kim_credential_store
kim_credential_verify
kim_credential_renew
kim_ccache_get_start_time
kim_ccache_get_expiration_time
kim_ccache_get_renewal_expiration_time
+kim_ccache_get_options
kim_ccache_set_default
kim_ccache_verify
kim_ccache_renew
return check_error (err);
}
+/* ------------------------------------------------------------------------ */
+
+kim_error kim_ccache_get_options (kim_ccache in_ccache,
+ kim_options *out_options)
+{
+ kim_error err = KIM_NO_ERROR;
+ kim_credential credential = NULL;
+
+ if (!err && !in_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+
+ if (!err) {
+ err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL,
+ &credential);
+ }
+
+ if (!err) {
+ err = kim_credential_get_options (credential, out_options);
+ }
+
+ kim_credential_free (&credential);
+
+ return check_error (err);
+}
+
#pragma mark -
/* ------------------------------------------------------------------------ */
/* ------------------------------------------------------------------------ */
+kim_error kim_credential_get_options (kim_credential in_credential,
+ kim_options *out_options)
+{
+ kim_error err = KIM_NO_ERROR;
+ kim_options options = NULL;
+ krb5_creds *creds = NULL;
+
+ if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+
+ if (!err) {
+ creds = in_credential->creds;
+
+ err = kim_options_create (&options);
+ }
+
+ if (!err) {
+ err = kim_options_set_start_time (options, creds->times.starttime);
+ }
+
+ if (!err) {
+ kim_lifetime lifetime = (creds->times.endtime -
+ (creds->times.starttime ?
+ creds->times.starttime :
+ creds->times.authtime));
+
+ err = kim_options_set_lifetime (options, lifetime);
+ }
+
+ if (!err) {
+ kim_boolean renewable = (creds->ticket_flags & TKT_FLG_RENEWABLE);
+
+ err = kim_options_set_renewable (options, renewable);
+ }
+
+ if (!err) {
+ kim_lifetime rlifetime = (creds->ticket_flags & TKT_FLG_RENEWABLE ?
+ creds->times.renew_till : 0);
+
+ err = kim_options_set_lifetime (options, rlifetime);
+ }
+
+ if (!err) {
+ kim_boolean forwardable = (creds->ticket_flags & TKT_FLG_FORWARDABLE);
+
+ err = kim_options_set_forwardable (options, forwardable);
+ }
+
+ if (!err) {
+ kim_boolean proxiable = (creds->ticket_flags & TKT_FLG_PROXIABLE);
+
+ err = kim_options_set_proxiable (options, proxiable);
+ }
+
+ if (!err) {
+ kim_boolean addressless = (!creds->addresses || !creds->addresses[0]);
+
+ err = kim_options_set_addressless (options, addressless);
+ }
+
+ if (!err) {
+ kim_boolean is_tgt = 0;
+ kim_string service = NULL; /* tgt service */
+
+ err = kim_credential_is_tgt (in_credential, &is_tgt);
+
+ if (!err && !is_tgt) {
+ kim_identity identity = NULL;
+
+ err = kim_credential_get_service_identity (in_credential, &identity);
+
+ if (!err) {
+ err = kim_identity_get_string (identity, &service);
+ }
+
+ kim_identity_free (&identity);
+ }
+
+ if (!err) {
+ err = kim_options_set_service_name (options, service);
+ }
+
+ kim_string_free (&service);
+ }
+
+ if (!err) {
+ *out_options = options;
+ options = NULL;
+ }
+
+ kim_options_free (&options);
+
+ return check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
kim_error kim_credential_store (kim_credential in_credential,
kim_identity in_client_identity,
kim_ccache *out_ccache)
projects / krb5.git / commitdiff