KL APIs which take a NULL principal return klParameterErr
authorAlexandra Ellwood <lxs@mit.edu>
Thu, 9 Oct 2008 02:35:38 +0000 (02:35 +0000)
committerAlexandra Ellwood <lxs@mit.edu>
Thu, 9 Oct 2008 02:35:38 +0000 (02:35 +0000)
Fixed by making kim_ccache_create_from_client_identity take KIM_IDENTITY_ANY
(at which point it returns the system default ccache).

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20850 dc483132-0cff-0310-8789-dd5450dbe970

src/include/kim/kim_ccache.h
src/kim/lib/kim_ccache.c
src/kim/lib/kim_ccache_private.h
src/kim/lib/mac/KerberosLogin.c

index d18a5aae4e0835bb93c0223e75ee4dfa5c9f5fea..709c698142b569bfac496295e41b1053b5516257 100644 (file)
@@ -307,8 +307,8 @@ void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator);
  * \brief Acquire a new initial credential and store it in a ccache.
  */
 kim_error kim_ccache_create_new (kim_ccache          *out_ccache,
-                                   kim_identity         in_client_identity,
-                                   kim_options          in_options);
+                                 kim_identity         in_client_identity,
+                                 kim_options          in_options);
 
 /*!
  * \param out_ccache          on exit, a ccache object for a ccache containing a newly acquired   
@@ -322,18 +322,21 @@ kim_error kim_ccache_create_new (kim_ccache          *out_ccache,
  *        unavailable, acquire and store a new initial credential.
  */
 kim_error kim_ccache_create_new_if_needed (kim_ccache   *out_ccache,
-                                             kim_identity  in_client_identity,
-                                             kim_options   in_options);
+                                           kim_identity  in_client_identity,
+                                           kim_options   in_options);
 
 /*!
  * \param out_ccache          on exit, a ccache object for a ccache containing a TGT  
  *                            credential. Must be freed with kim_ccache_free().
- * \param in_client_identity  a client identity to obtain a credential for.
+ * \param in_client_identity  a client identity to find a ccache for.  If 
+ *                            \a in_client_identity is #KIM_IDENTITY_ANY, this  
+ *                            function returns the default ccache
+ *                            (ie: is equivalent to #kim_ccache_create_from_default()).
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \brief Find a ccache for a client identity in the cache collection.
  */
 kim_error kim_ccache_create_from_client_identity (kim_ccache   *out_ccache,
-                                                    kim_identity  in_client_identity);
+                                                  kim_identity  in_client_identity);
 
 /*!
  * \param out_ccache      on exit, a new ccache object containing an initial credential 
@@ -347,9 +350,9 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache   *out_ccache,
  * \brief Acquire a new initial credential from a keytab and store it in a ccache.
  */
 kim_error kim_ccache_create_from_keytab (kim_ccache    *out_ccache,
-                                           kim_identity   in_identity,
-                                           kim_options    in_options,
-                                           kim_string     in_keytab);
+                                         kim_identity   in_identity,
+                                         kim_options    in_options,
+                                         kim_string     in_keytab);
 
 /*!
  * \param out_ccache on exit, a ccache object for the default ccache.  
@@ -381,8 +384,8 @@ kim_error kim_ccache_create_from_display_name (kim_ccache  *out_ccache,
  * \brief Get a ccache for a ccache type and name.
  */
 kim_error kim_ccache_create_from_type_and_name (kim_ccache  *out_ccache,
-                                                  kim_string   in_type,
-                                                  kim_string   in_name);
+                                                kim_string   in_type,
+                                                kim_string   in_name);
 
 /*!
  * \param out_ccache      on exit, a new ccache object which is a copy of in_krb5_ccache.  
@@ -393,8 +396,8 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache  *out_ccache,
  * \brief Get a ccache for a krb5 ccache.
  */
 kim_error kim_ccache_create_from_krb5_ccache (kim_ccache  *out_ccache,
-                                                krb5_context   in_krb5_context,
-                                                krb5_ccache    in_krb5_ccache);
+                                              krb5_context in_krb5_context,
+                                              krb5_ccache  in_krb5_ccache);
 
 /*!
  * \param out_ccache on exit, the new ccache object which is a copy of in_ccache.  
@@ -404,7 +407,7 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache  *out_ccache,
  * \brief Copy a ccache.
  */
 kim_error kim_ccache_copy (kim_ccache  *out_ccache,
-                             kim_ccache   in_ccache);
+                           kim_ccache   in_ccache);
 
 /*!
  * \param in_ccache             a ccache object.
@@ -438,7 +441,7 @@ kim_error kim_ccache_get_krb5_ccache (kim_ccache  in_ccache,
  * \brief Get the name of a ccache.
  */
 kim_error kim_ccache_get_name (kim_ccache  in_ccache,
-                                 kim_string *out_name);
+                               kim_string *out_name);
 
 /*!
  * \param in_ccache  a ccache object. 
@@ -447,7 +450,7 @@ kim_error kim_ccache_get_name (kim_ccache  in_ccache,
  * \brief Get the type of a ccache.
  */
 kim_error kim_ccache_get_type (kim_ccache  in_ccache,
-                                 kim_string *out_type);
+                               kim_string *out_type);
 
 /*!
  * \param in_ccache        a ccache object. 
@@ -563,9 +566,9 @@ kim_error kim_ccache_set_default (kim_ccache io_ccache);
  * \brief Verify the TGT in a ccache.
  */
 kim_error kim_ccache_verify (kim_ccache   in_ccache,
-                               kim_identity in_service_identity,
-                               kim_string   in_keytab,
-                               kim_boolean  in_fail_if_no_service_key);
+                             kim_identity in_service_identity,
+                             kim_string   in_keytab,
+                             kim_boolean  in_fail_if_no_service_key);
 
 /*!
  * \param in_ccache  a ccache object containing a TGT to be renewed. 
@@ -574,7 +577,7 @@ kim_error kim_ccache_verify (kim_ccache   in_ccache,
  * \brief Renew the TGT in a ccache.
  */
 kim_error kim_ccache_renew (kim_ccache  in_ccache,
-                              kim_options in_options);
+                            kim_options in_options);
 
 /*!
  * \param in_ccache  a ccache object containing a TGT to be validated. 
@@ -583,7 +586,7 @@ kim_error kim_ccache_renew (kim_ccache  in_ccache,
  * \brief Validate the TGT in a ccache.
  */
 kim_error kim_ccache_validate (kim_ccache  in_ccache,
-                                 kim_options in_options);
+                               kim_options in_options);
 
 /*!
  * \param io_ccache  a ccache object to be destroyed.  Set to NULL on exit.
index 43da3f29b51a7931993b249d65bfaa7f2039be85..26e926d3b79dc21033672b2b3c00f3eb6187bc05 100644 (file)
@@ -253,6 +253,19 @@ kim_error kim_ccache_create_new_with_password (kim_ccache   *out_ccache,
 kim_error kim_ccache_create_new_if_needed (kim_ccache   *out_ccache,
                                            kim_identity  in_client_identity,
                                            kim_options   in_options)
+{
+    return check_error (kim_ccache_create_new_if_needed_with_password (out_ccache,
+                                                                       in_client_identity,
+                                                                       in_options,
+                                                                       NULL));
+}
+
+/* ------------------------------------------------------------------------ */
+
+kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache   *out_ccache,
+                                                         kim_identity  in_client_identity,
+                                                         kim_options   in_options,
+                                                         kim_string    in_password)
 {
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
@@ -263,7 +276,8 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache   *out_ccache,
     if (!err) {
         kim_credential_state state;
         
-        err = kim_ccache_create_from_client_identity (&ccache, in_client_identity);
+        err = kim_ccache_create_from_client_identity (&ccache, 
+                                                      in_client_identity);
         
         if (!err) {
             err = kim_ccache_get_state (ccache, &state);
@@ -280,7 +294,10 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache   *out_ccache,
         
         if (!ccache) {
             /* ccache does not already exist, create a new one */
-            err = kim_ccache_create_new (&ccache, in_client_identity, in_options);
+            err = kim_ccache_create_new_with_password (&ccache, 
+                                                       in_client_identity, 
+                                                       in_options, 
+                                                       in_password);
         }        
     }
     
@@ -300,56 +317,62 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache   *out_ccache,
                                                   kim_identity  in_client_identity)
 {
     kim_error err = KIM_NO_ERROR;
-    kim_ccache_iterator iterator = NULL;
-    kim_boolean found = FALSE;
     
-    if (!err && !out_ccache        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
-    if (!err) {
+    if (!err && in_client_identity) {
+        kim_ccache_iterator iterator = NULL;
+        kim_boolean found = FALSE;
+
         err = kim_ccache_iterator_create (&iterator);
-    }
-    
-    while (!err && !found) {
-        kim_ccache ccache = NULL;
-        kim_identity identity = NULL;
-        kim_comparison comparison;
         
-        err = kim_ccache_iterator_next (iterator, &ccache);
-        
-        if (!err && !ccache) {
-            kim_string string = NULL;
+        while (!err && !found) {
+            kim_ccache ccache = NULL;
+            kim_identity identity = NULL;
+            kim_comparison comparison;
+            
+            err = kim_ccache_iterator_next (iterator, &ccache);
+            
+            if (!err && !ccache) {
+                kim_string string = NULL;
+                
+                err = kim_identity_get_display_string (in_client_identity, 
+                                                       &string);
+                
+                if (!err) {
+                    err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR, 
+                                                          string);
+                }
+                
+                kim_string_free (&string);
+            }
             
-            err = kim_identity_get_display_string (in_client_identity, &string);
+            if (!err) {
+                err = kim_ccache_get_client_identity (ccache, &identity);
+            }
             
             if (!err) {
-                err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR
-                                                      string);
+                err = kim_identity_compare (in_client_identity, identity
+                                            &comparison);
             }
             
-            kim_string_free (&string);
-        }
-        
-        if (!err) {
-            err = kim_ccache_get_client_identity (ccache, &identity);
-        }
-        
-        if (!err) {
-            err = kim_identity_compare (in_client_identity, identity, &comparison);
+            if (!err && kim_comparison_is_equal_to (comparison)) {
+                found = 1;
+                *out_ccache = ccache;
+                ccache = NULL;
+            }
+            
+            kim_identity_free (&identity);
+            kim_ccache_free (&ccache);
         }
         
-        if (!err && kim_comparison_is_equal_to (comparison)) {
-            found = 1;
-            *out_ccache = ccache;
-            ccache = NULL;
-        }
+        kim_ccache_iterator_free (&iterator);
         
-        kim_identity_free (&identity);
-        kim_ccache_free (&ccache);
+    } else if (!err) {
+        /* in_client_identity is NULL, get default ccache */
+        err = kim_ccache_create_from_default (out_ccache);
     }
     
-    kim_ccache_iterator_free (&iterator);
-    
     return check_error (err);
 }
 
index 42f048455bd6b947da034ef6b4ebd602b8a5089e..6e1d7a12e34c1a16a239cb7fdc52f8ad62076311 100644 (file)
 
 #include <kim/kim.h>
 
+kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache   *out_ccache,
+                                                         kim_identity  in_client_identity,
+                                                         kim_options   in_options,
+                                                         kim_string    in_password);
+
 kim_error kim_ccache_create_new_with_password (kim_ccache   *out_ccache,
                                                kim_identity  in_client_identity,
                                                kim_options   in_options,
index e8d7b577e4979c032f61d6aaeea8020b7409caa6..47bb1425345234c3fdd80b5005a5596b9d833e37 100644 (file)
@@ -203,13 +203,9 @@ KLStatus KLAcquireInitialTickets (KLPrincipal      inPrincipal,
     kim_identity identity = NULL;
     
     if (!err) {
-        err = kim_ccache_create_from_client_identity (&ccache, 
-                                                      inPrincipal);
-        
-        if (err) {
-            /* ccache does not already exist, create a new one */
-            err = kim_ccache_create_new (&ccache, inPrincipal, inLoginOptions);
-        }
+        err = kim_ccache_create_new_if_needed (&ccache, 
+                                               inPrincipal,
+                                               inLoginOptions);
     }
     
     if (!err && outPrincipal) {
@@ -285,7 +281,9 @@ KLStatus KLDestroyTickets (KLPrincipal inPrincipal)
     kim_error err = KIM_NO_ERROR;
     kim_ccache ccache = NULL;
     
-    err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
+    if (!err) {
+        err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
+    }
     
     if (!err) {
         err = kim_ccache_destroy (&ccache);
@@ -303,9 +301,6 @@ KLStatus KLChangePassword (KLPrincipal inPrincipal)
 
 /* ------------------------------------------------------------------------ */
 
-
-/* Kerberos Login dialog low level functions */
-
 KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal      inPrincipal,
                                               KLLoginOptions   inLoginOptions,
                                               const char      *inPassword,
@@ -315,16 +310,10 @@ KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal      inPrincipal,
     kim_ccache ccache = NULL;
     
     if (!err) {
-        err = kim_ccache_create_from_client_identity (&ccache, 
-                                                      inPrincipal);
-        
-        if (err) {
-            /* ccache does not already exist, create a new one */
-            err = kim_ccache_create_new_with_password (&ccache, 
-                                                       inPrincipal,
-                                                       inLoginOptions,
-                                                       inPassword);
-        }
+        err = kim_ccache_create_new_if_needed_with_password (&ccache, 
+                                                             inPrincipal,
+                                                             inLoginOptions,
+                                                             inPassword);
     }
     
     if (!err && outCredCacheName) {
@@ -676,11 +665,7 @@ KLStatus KLCacheHasValidTickets (KLPrincipal         inPrincipal,
     if (!outFoundValidTickets) { err = kl_check_error (klParameterErr); }
     
     if (!err) {
-        if (inPrincipal) {
-            err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
-        } else {
-            err = kim_ccache_create_from_default (&ccache);
-        }
+        err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
     }
     
     if (!err) {
@@ -689,6 +674,10 @@ KLStatus KLCacheHasValidTickets (KLPrincipal         inPrincipal,
     
     if (!err && outPrincipal) {
         err = kim_ccache_get_client_identity (ccache, &identity);
+        if (err) {
+            err = KIM_NO_ERROR;
+            identity = NULL;
+        } 
     }
     
     if (!err && outCredCacheName) {