Add new cache collection APIs
authorGreg Hudson <ghudson@mit.edu>
Mon, 5 Sep 2011 16:26:37 +0000 (16:26 +0000)
committerGreg Hudson <ghudson@mit.edu>
Mon, 5 Sep 2011 16:26:37 +0000 (16:26 +0000)
* krb5_cc_get_full_name retrieves the full type:name of a cache.
* krb5_cc_switch makes a cache the primary cache.
* krb5_cc_cache_match searches the collection for a client principal.
* krb5_free_string releases a string (for the krb5_cc_get_full_name
  result).

All of these are from Heimdal except for krb5_free_string (Heimdal uses
krb5_xfree).

ticket: 6954

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25155 dc483132-0cff-0310-8789-dd5450dbe970

13 files changed:
src/include/k5-int.h
src/include/krb5/krb5.hin
src/lib/krb5/ccache/cc_dir.c
src/lib/krb5/ccache/cc_file.c
src/lib/krb5/ccache/cc_keyring.c
src/lib/krb5/ccache/cc_memory.c
src/lib/krb5/ccache/cc_mslsa.c
src/lib/krb5/ccache/ccbase.c
src/lib/krb5/ccache/cccursor.c
src/lib/krb5/ccache/ccfns.c
src/lib/krb5/krb/kfree.c
src/lib/krb5/libkrb5.exports
src/lib/krb5_32.def

index c153a7e51b617a1994ccbad0c4a7df12466f8888..0e82ce8a9be8e0d714c0ad1034290533f5e3ec18 100644 (file)
@@ -2367,6 +2367,7 @@ struct _krb5_cc_ops {
                                                 krb5_timestamp *);
     krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
     krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
+    krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache);
 };
 
 extern const krb5_cc_ops *krb5_cc_dfl_ops;
index e594035bbf2c9dd623b6610c3578e9dff574ba6e..d1a7c83c613331181cc456d4c6cc6ceb17c09c62 100644 (file)
@@ -2285,6 +2285,18 @@ typedef struct _krb5_cccol_cursor *krb5_cccol_cursor;
 const char * KRB5_CALLCONV
 krb5_cc_get_name(krb5_context context, krb5_ccache cache);
 
+/*
+ * Retrieve the full name of a credential cache.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  cache           Credential cache handle
+ * @param [out] fullname_out    Full name of cache
+ *
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
+                      char **fullname_out);
+
 #if KRB5_DEPRECATED
 krb5_error_code KRB5_CALLCONV
 krb5_cc_gen_new(krb5_context context, krb5_ccache *cache);
@@ -4393,6 +4405,54 @@ krb5_cc_set_config(krb5_context context, krb5_ccache id,
 krb5_boolean KRB5_CALLCONV
 krb5_is_config_principal(krb5_context context, krb5_const_principal principal);
 
+/**
+ * Make a credential cache the primary cache for its collection.
+ *
+ * @param [in] context          Library context
+ * @param [in] cache            Credential cache handle
+ *
+ * If the type of @a cache supports it, set @a cache to be the primary
+ * credential cache for the collection it belongs to.
+ *
+ * @retval
+ * 0  Success, or the type of @a cache doesn't support switching
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_switch(krb5_context context, krb5_ccache cache);
+
+/**
+ * Determine whether a credential cache type supports switching.
+ *
+ * @param [in] context          Library context
+ * @param [in] type             Credential cache type
+ *
+ * @retval @c TRUE if @a type supports switching
+ * @retval @a FALSE if it does not or is not a valid credential cache type.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_cc_support_switch(krb5_context context, const char *type);
+
+/**
+ * Find a credential cache with a specified client principal.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  client          Client principal
+ * @param [out] cache_out       Credential cache handle
+ *
+ * Find a cache within the collection whose default principal is @a client.
+ * Use @a krb5_cc_close to close @a ccache when it is no longer needed.
+ *
+ * @retval 0 Success
+ * @retval KRB5_CC_NOTFOUND
+ *
+ * @sa krb5_cccol_cursor_new
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_cache_match(krb5_context context, krb5_principal client,
+                    krb5_ccache *cache_out);
+
 /* krb5_free.c */
 /**
  * Free the storage assigned to a principal.
@@ -4570,6 +4630,15 @@ krb5_free_data_contents(krb5_context context, krb5_data *val);
 void KRB5_CALLCONV
 krb5_free_unparsed_name(krb5_context context, char *val);
 
+/**
+ * Free a string allocated by a krb5 function.
+ *
+ * @param [in] context          Library context
+ * @param [in] val              String to be freed
+ */
+void KRB5_CALLCONV
+krb5_free_string(krb5_context context, char *val);
+
 /**
  * Free an array of checksum types.
  *
index 1f32c389ae2341ad98bdf44172814141fe7d92d2..6cd192a710f31f3ee3f90c9fbd6d0d9ed0ecb707 100644 (file)
@@ -672,6 +672,30 @@ dcc_unlock(krb5_context context, krb5_ccache cache)
     return krb5_fcc_ops.unlock(context, data->fcc);
 }
 
+static krb5_error_code KRB5_CALLCONV
+dcc_switch_to(krb5_context context, krb5_ccache cache)
+{
+    dcc_data *data = cache->data;
+    char *primary_path = NULL, *dirname = NULL, *filename = NULL;
+    krb5_error_code ret;
+
+    ret = split_path(context, data->residual + 1, &dirname, &filename);
+    if (ret)
+        return ret;
+
+    ret = primary_pathname(dirname, &primary_path);
+    if (ret)
+        goto cleanup;
+
+    ret = write_primary_file(primary_path, filename);
+
+cleanup:
+    free(primary_path);
+    free(dirname);
+    free(filename);
+    return ret;
+}
+
 const krb5_cc_ops krb5_dcc_ops = {
     0,
     "DIR",
@@ -698,6 +722,7 @@ const krb5_cc_ops krb5_dcc_ops = {
     NULL, /* wasdefault */
     dcc_lock,
     dcc_unlock,
+    dcc_switch_to,
 };
 
 #endif /* not _WIN32 */
index aee8a8396933aa6ccdb554f60ef0bb83b1ad55ff..4599309322f0111e976b4c7fc6c99017db0e1050 100644 (file)
@@ -2557,6 +2557,7 @@ const krb5_cc_ops krb5_fcc_ops = {
     NULL, /* wasdefault */
     krb5_fcc_lock,
     krb5_fcc_unlock,
+    NULL, /* switch_to */
 };
 
 #if defined(_WIN32)
@@ -2626,4 +2627,5 @@ const krb5_cc_ops krb5_cc_file_ops = {
     NULL, /* wasdefault */
     krb5_fcc_lock,
     krb5_fcc_unlock,
+    NULL, /* switch_to */
 };
index 2c77c3cdab48f183eaa9a326f60476a56c600761..fd1bcec38dddb75c4ceb3936502c08f34b19903b 100644 (file)
@@ -2073,6 +2073,7 @@ const krb5_cc_ops krb5_krcc_ops = {
     NULL, /* wasdefault */
     krb5_krcc_lock,
     krb5_krcc_unlock,
+    NULL, /* switch_to */
 };
 
 #else /* !USE_KEYRING_CCACHE */
@@ -2106,5 +2107,6 @@ const krb5_cc_ops krb5_krcc_ops = {
     NULL,
     NULL,
     NULL,
+    NULL,
 };
 #endif  /* USE_KEYRING_CCACHE */
index 5ce6a0e6c244adc65a7e1b7adee2d1ba17e809c0..07d926144481e8d12ccffcce0b4bae17c5502a9f 100644 (file)
@@ -827,4 +827,5 @@ const krb5_cc_ops krb5_mcc_ops = {
     NULL, /* wasdefault */
     krb5_mcc_lock,
     krb5_mcc_unlock,
+    NULL, /* switch_to */
 };
index 9727b4fead73eda7f2866ac50c04b79a3046d414..600478a158824ad6dd097fb7d995d1bc884be309 100644 (file)
@@ -2758,5 +2758,6 @@ const krb5_cc_ops krb5_lcc_ops = {
     NULL,
     NULL,
     NULL,
+    NULL,
 };
 #endif /* _WIN32 */
index b330784c90664ab251b75ef15b030c1e41636764..a1fd3aa83796365aaeda51fbe8148e520b6ee30b 100644 (file)
@@ -418,6 +418,16 @@ krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst)
     return ret;
 }
 
+krb5_boolean KRB5_CALLCONV
+krb5_cc_support_switch(krb5_context context, const char *type)
+{
+    const krb5_cc_ops *ops;
+    krb5_error_code err;
+
+    err = krb5int_cc_getops(context, type, &ops);
+    return (err ? FALSE : (ops->switch_to != NULL));
+}
+
 krb5_error_code
 k5_cc_mutex_init(k5_cc_mutex *m)
 {
index 3d9bb7c8bd25468143790901afe033198fbbcff2..7bb074938535e2e5901c05175e7908e6385f263d 100644 (file)
@@ -358,3 +358,47 @@ cccol_pertype_next(krb5_context context,
 errout:
     return ret;
 }
+
+krb5_error_code
+krb5_cc_cache_match(krb5_context context, krb5_principal client,
+                    krb5_ccache *cache_out)
+{
+    krb5_error_code ret;
+    krb5_cccol_cursor cursor;
+    krb5_ccache cache;
+    krb5_principal princ;
+    char *name;
+    krb5_boolean eq;
+
+    *cache_out = NULL;
+    ret = krb5_cccol_cursor_new(context, &cursor);
+    if (ret)
+        return ret;
+
+    while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
+           cache != NULL) {
+        ret = krb5_cc_get_principal(context, cache, &princ);
+        if (ret == 0) {
+            eq = krb5_principal_compare(context, princ, client);
+            krb5_free_principal(context, princ);
+            if (eq)
+                break;
+        }
+        krb5_cc_close(context, cache);
+    }
+    krb5_cccol_cursor_free(context, &cursor);
+    if (ret)
+        return ret;
+    if (cache == NULL) {
+        ret = krb5_unparse_name(context, client, &name);
+        if (ret == 0) {
+            krb5_set_error_message(context, KRB5_CC_NOTFOUND,
+                                   _("Can't find client principal %s in "
+                                     "cache collection"), name);
+            krb5_free_unparsed_name(context, name);
+        }
+        ret = KRB5_CC_NOTFOUND;
+    } else
+        *cache_out = cache;
+    return ret;
+}
index b92824d0a5a6f255460a0cc994620b88b95cf260..70c607dfb4569a5c41d2f41d92ba485a1284d66e 100644 (file)
@@ -32,6 +32,20 @@ krb5_cc_get_name(krb5_context context, krb5_ccache cache)
     return cache->ops->get_name(context, cache);
 }
 
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
+                      char **fullname_out)
+{
+    char *name;
+
+    *fullname_out = NULL;
+    if (asprintf(&name, "%s:%s", cache->ops->prefix,
+                 cache->ops->get_name(context, cache)) < 0)
+        return ENOMEM;
+    *fullname_out = name;
+    return 0;
+}
+
 krb5_error_code KRB5_CALLCONV
 krb5_cc_gen_new(krb5_context context, krb5_ccache *cache)
 {
@@ -323,3 +337,11 @@ out:
     krb5_free_cred_contents(context, &mcred);
     return ret;
 }
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_switch(krb5_context context, krb5_ccache cache)
+{
+    if (cache->ops->switch_to == NULL)
+        return 0;
+    return cache->ops->switch_to(context, cache);
+}
index 31e786cd85d9375c194c3f20ec9a2956be48aa75..72b685759a853826a9746fa663e0e5c9b98ef84f 100644 (file)
@@ -521,6 +521,12 @@ krb5_free_unparsed_name(krb5_context context, char *val)
         free(val);
 }
 
+void KRB5_CALLCONV
+krb5_free_string(krb5_context context, char *val)
+{
+    free(val);
+}
+
 void KRB5_CALLCONV
 krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge *sc)
 {
index 20bb6803da6fac9e2dc43901d4b50d02a507abd7..a5b05b5fba964d985bcba6c39bcb0edbc20fc26e 100644 (file)
@@ -183,6 +183,7 @@ krb5_build_principal
 krb5_build_principal_alloc_va
 krb5_build_principal_ext
 krb5_build_principal_va
+krb5_cc_cache_match
 krb5_cc_close
 krb5_cc_copy_creds
 krb5_cc_default
@@ -194,6 +195,7 @@ krb5_cc_end_seq_get
 krb5_cc_file_ops
 krb5_cc_gen_new
 krb5_cc_get_config
+krb5_cc_get_full_name
 krb5_cc_get_name
 krb5_cc_get_principal
 krb5_cc_get_type
@@ -210,6 +212,8 @@ krb5_cc_set_default_name
 krb5_cc_set_flags
 krb5_cc_start_seq_get
 krb5_cc_store_cred
+krb5_cc_support_switch
+krb5_cc_switch
 krb5_cccol_cursor_free
 krb5_cccol_cursor_new
 krb5_cccol_cursor_next
@@ -322,6 +326,7 @@ krb5_free_sam_response
 krb5_free_sam_response_2
 krb5_free_sam_response_2_contents
 krb5_free_sam_response_contents
+krb5_free_string
 krb5_free_tgt_creds
 krb5_free_ticket
 krb5_free_tickets
index cff28772ae7785ecf115ea8689fc90ddcb504cd0..0afa6e499fdb698ae2874df73c7760c066b99271 100644 (file)
@@ -412,3 +412,8 @@ EXPORTS
        krb5_init_context_profile                       @386
        krb5int_c_mandatory_cksumtype                   @387 ; PRIVATE GSSAPI
        krb5int_arcfour_gsscrypt                        @388 ; PRIVATE GSSAPI
+       krb5_cc_cache_match                             @389
+       krb5_cc_get_full_name                           @390
+       krb5_cc_support_switch                          @391
+       krb5_cc_switch                                  @392
+       krb5_free_string                                @393