krb5_timestamp *);
krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
krb5_error_code (KRB5_CALLCONV *unlock)(krb5_context, krb5_ccache);
+ krb5_error_code (KRB5_CALLCONV *switch_to)(krb5_context, krb5_ccache);
};
extern const krb5_cc_ops *krb5_cc_dfl_ops;
const char * KRB5_CALLCONV
krb5_cc_get_name(krb5_context context, krb5_ccache cache);
+/*
+ * Retrieve the full name of a credential cache.
+ *
+ * @param [in] context Library context
+ * @param [in] cache Credential cache handle
+ * @param [out] fullname_out Full name of cache
+ *
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
+ char **fullname_out);
+
#if KRB5_DEPRECATED
krb5_error_code KRB5_CALLCONV
krb5_cc_gen_new(krb5_context context, krb5_ccache *cache);
krb5_boolean KRB5_CALLCONV
krb5_is_config_principal(krb5_context context, krb5_const_principal principal);
+/**
+ * Make a credential cache the primary cache for its collection.
+ *
+ * @param [in] context Library context
+ * @param [in] cache Credential cache handle
+ *
+ * If the type of @a cache supports it, set @a cache to be the primary
+ * credential cache for the collection it belongs to.
+ *
+ * @retval
+ * 0 Success, or the type of @a cache doesn't support switching
+ * @return
+ * Kerberos error codes
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_switch(krb5_context context, krb5_ccache cache);
+
+/**
+ * Determine whether a credential cache type supports switching.
+ *
+ * @param [in] context Library context
+ * @param [in] type Credential cache type
+ *
+ * @retval @c TRUE if @a type supports switching
+ * @retval @a FALSE if it does not or is not a valid credential cache type.
+ */
+krb5_boolean KRB5_CALLCONV
+krb5_cc_support_switch(krb5_context context, const char *type);
+
+/**
+ * Find a credential cache with a specified client principal.
+ *
+ * @param [in] context Library context
+ * @param [in] client Client principal
+ * @param [out] cache_out Credential cache handle
+ *
+ * Find a cache within the collection whose default principal is @a client.
+ * Use @a krb5_cc_close to close @a ccache when it is no longer needed.
+ *
+ * @retval 0 Success
+ * @retval KRB5_CC_NOTFOUND
+ *
+ * @sa krb5_cccol_cursor_new
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cc_cache_match(krb5_context context, krb5_principal client,
+ krb5_ccache *cache_out);
+
/* krb5_free.c */
/**
* Free the storage assigned to a principal.
void KRB5_CALLCONV
krb5_free_unparsed_name(krb5_context context, char *val);
+/**
+ * Free a string allocated by a krb5 function.
+ *
+ * @param [in] context Library context
+ * @param [in] val String to be freed
+ */
+void KRB5_CALLCONV
+krb5_free_string(krb5_context context, char *val);
+
/**
* Free an array of checksum types.
*
return krb5_fcc_ops.unlock(context, data->fcc);
}
+static krb5_error_code KRB5_CALLCONV
+dcc_switch_to(krb5_context context, krb5_ccache cache)
+{
+ dcc_data *data = cache->data;
+ char *primary_path = NULL, *dirname = NULL, *filename = NULL;
+ krb5_error_code ret;
+
+ ret = split_path(context, data->residual + 1, &dirname, &filename);
+ if (ret)
+ return ret;
+
+ ret = primary_pathname(dirname, &primary_path);
+ if (ret)
+ goto cleanup;
+
+ ret = write_primary_file(primary_path, filename);
+
+cleanup:
+ free(primary_path);
+ free(dirname);
+ free(filename);
+ return ret;
+}
+
const krb5_cc_ops krb5_dcc_ops = {
0,
"DIR",
NULL, /* wasdefault */
dcc_lock,
dcc_unlock,
+ dcc_switch_to,
};
#endif /* not _WIN32 */
NULL, /* wasdefault */
krb5_fcc_lock,
krb5_fcc_unlock,
+ NULL, /* switch_to */
};
#if defined(_WIN32)
NULL, /* wasdefault */
krb5_fcc_lock,
krb5_fcc_unlock,
+ NULL, /* switch_to */
};
NULL, /* wasdefault */
krb5_krcc_lock,
krb5_krcc_unlock,
+ NULL, /* switch_to */
};
#else /* !USE_KEYRING_CCACHE */
NULL,
NULL,
NULL,
+ NULL,
};
#endif /* USE_KEYRING_CCACHE */
NULL, /* wasdefault */
krb5_mcc_lock,
krb5_mcc_unlock,
+ NULL, /* switch_to */
};
NULL,
NULL,
NULL,
+ NULL,
};
#endif /* _WIN32 */
return ret;
}
+krb5_boolean KRB5_CALLCONV
+krb5_cc_support_switch(krb5_context context, const char *type)
+{
+ const krb5_cc_ops *ops;
+ krb5_error_code err;
+
+ err = krb5int_cc_getops(context, type, &ops);
+ return (err ? FALSE : (ops->switch_to != NULL));
+}
+
krb5_error_code
k5_cc_mutex_init(k5_cc_mutex *m)
{
errout:
return ret;
}
+
+krb5_error_code
+krb5_cc_cache_match(krb5_context context, krb5_principal client,
+ krb5_ccache *cache_out)
+{
+ krb5_error_code ret;
+ krb5_cccol_cursor cursor;
+ krb5_ccache cache;
+ krb5_principal princ;
+ char *name;
+ krb5_boolean eq;
+
+ *cache_out = NULL;
+ ret = krb5_cccol_cursor_new(context, &cursor);
+ if (ret)
+ return ret;
+
+ while ((ret = krb5_cccol_cursor_next(context, cursor, &cache)) == 0 &&
+ cache != NULL) {
+ ret = krb5_cc_get_principal(context, cache, &princ);
+ if (ret == 0) {
+ eq = krb5_principal_compare(context, princ, client);
+ krb5_free_principal(context, princ);
+ if (eq)
+ break;
+ }
+ krb5_cc_close(context, cache);
+ }
+ krb5_cccol_cursor_free(context, &cursor);
+ if (ret)
+ return ret;
+ if (cache == NULL) {
+ ret = krb5_unparse_name(context, client, &name);
+ if (ret == 0) {
+ krb5_set_error_message(context, KRB5_CC_NOTFOUND,
+ _("Can't find client principal %s in "
+ "cache collection"), name);
+ krb5_free_unparsed_name(context, name);
+ }
+ ret = KRB5_CC_NOTFOUND;
+ } else
+ *cache_out = cache;
+ return ret;
+}
return cache->ops->get_name(context, cache);
}
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_full_name(krb5_context context, krb5_ccache cache,
+ char **fullname_out)
+{
+ char *name;
+
+ *fullname_out = NULL;
+ if (asprintf(&name, "%s:%s", cache->ops->prefix,
+ cache->ops->get_name(context, cache)) < 0)
+ return ENOMEM;
+ *fullname_out = name;
+ return 0;
+}
+
krb5_error_code KRB5_CALLCONV
krb5_cc_gen_new(krb5_context context, krb5_ccache *cache)
{
krb5_free_cred_contents(context, &mcred);
return ret;
}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_switch(krb5_context context, krb5_ccache cache)
+{
+ if (cache->ops->switch_to == NULL)
+ return 0;
+ return cache->ops->switch_to(context, cache);
+}
free(val);
}
+void KRB5_CALLCONV
+krb5_free_string(krb5_context context, char *val)
+{
+ free(val);
+}
+
void KRB5_CALLCONV
krb5_free_sam_challenge(krb5_context ctx, krb5_sam_challenge *sc)
{
krb5_build_principal_alloc_va
krb5_build_principal_ext
krb5_build_principal_va
+krb5_cc_cache_match
krb5_cc_close
krb5_cc_copy_creds
krb5_cc_default
krb5_cc_file_ops
krb5_cc_gen_new
krb5_cc_get_config
+krb5_cc_get_full_name
krb5_cc_get_name
krb5_cc_get_principal
krb5_cc_get_type
krb5_cc_set_flags
krb5_cc_start_seq_get
krb5_cc_store_cred
+krb5_cc_support_switch
+krb5_cc_switch
krb5_cccol_cursor_free
krb5_cccol_cursor_new
krb5_cccol_cursor_next
krb5_free_sam_response_2
krb5_free_sam_response_2_contents
krb5_free_sam_response_contents
+krb5_free_string
krb5_free_tgt_creds
krb5_free_ticket
krb5_free_tickets
krb5_init_context_profile @386
krb5int_c_mandatory_cksumtype @387 ; PRIVATE GSSAPI
krb5int_arcfour_gsscrypt @388 ; PRIVATE GSSAPI
+ krb5_cc_cache_match @389
+ krb5_cc_get_full_name @390
+ krb5_cc_support_switch @391
+ krb5_cc_switch @392
+ krb5_free_string @393