* cc_mslsa.c: Implement krb5_lcc_initialize()
authorJeffrey Altman <jaltman@secure-endpoints.com>
Fri, 10 Sep 2004 19:33:39 +0000 (19:33 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Fri, 10 Sep 2004 19:33:39 +0000 (19:33 +0000)
     Remove all tickets from the cache which have a client
     principal that matches the input principal.

ticket: 2705

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16737 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/ccache/ChangeLog
src/lib/krb5/ccache/cc_mslsa.c

index 42ae6035468af7fe8a8423860beaf5d29c6b7b46..1d51b69fa567302e09baa9848fb31ddd1153c728 100644 (file)
@@ -1,3 +1,8 @@
+2004-09-10  Jeffrey Altman <jaltman@mit.edu>
+        * cc_mslsa.c: Implement krb5_lcc_initialize()
+          Remove all tickets from the cache which have a client
+          principal that matches the input principal.
+
 2004-09-10  Jeffrey Altman <jaltman@mit.edu>
         * cc_mslsa.c: Correct test for KerbQueryTicketCacheExMessage
 
index 9b8025c772fd3c3afe091fafbb1a3c09f1db59bd..f594c895acb11725c2e98d54a775e62effdaf4c8 100644 (file)
@@ -1917,19 +1917,43 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
 }
 
 /*
- *  return success although we do not do anything
- *  perhaps we could purge all existing tickets but that is 
- *  probably not wise
- */
+*  return success although we do not do anything
+*  We should delete all tickets belonging to the specified principal
+*/
+
+static krb5_error_code KRB5_CALLCONV
+krb5_lcc_remove_cred(krb5_context context, krb5_ccache id, krb5_flags flags,
+                     krb5_creds *creds);
+
 static krb5_error_code KRB5_CALLCONV
 krb5_lcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
 {
+    krb5_cc_cursor cursor;
+    krb5_error_code code;
+    krb5_creds cred;
+
     if (!is_windows_2000())
         return KRB5_FCC_NOFILE;
 
-    return KRB5_OK;
-}
+    code = krb5_cc_start_seq_get(context, id, &cursor);
+    if (code)
+        return code;
 
+    while ( !(code = krb5_cc_next_cred(context, id, &cursor, &cred)) )
+    {
+        if ( krb5_principal_compare(context, princ, cred.client) ) {
+            code = krb5_lcc_remove_cred(context, id, 0, &cred);
+        }
+        krb5_free_cred_contents(context, &cred);
+    }
+
+    if (code == KRB5_CC_END || code == KRB5_CC_NOTFOUND)
+    {
+        krb5_cc_end_seq_get(context, id, &cursor);
+        return KRB5_OK;
+    }
+    return code;
+}
 
 /*
  * Modifies: