From: Alexandra Ellwood Date: Wed, 1 Oct 2008 19:34:06 +0000 (+0000) Subject: Finished KLL to KIM shim. X-Git-Tag: krb5-1.7-alpha1~375 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=00729527c88c65b8179b762a111bef16926d6a97;p=krb5.git Finished KLL to KIM shim. Switched krb5 code to using it. ticket: 6134 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 897787255..b3f2b3f21 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -45,8 +45,8 @@ #include #include "kadmin.h" -#if defined(USE_LOGIN_LIBRARY) -#include +#if defined(USE_KIM) +#include #endif /* special struct to convert flag names for principals @@ -219,11 +219,12 @@ char *kadmin_startup(argc, argv) memset((char *) ¶ms, 0, sizeof(params)); -#if defined(USE_LOGIN_LIBRARY) +#if defined(USE_KIM) /* Turn off all password prompting from the KLL */ - retval = __KLSetPromptMechanism (klPromptMechanism_None); + retval = kim_library_set_allow_automatic_prompting (0); if (retval) { - com_err(whoami, retval, "while calling __KLSetPromptMechanism()"); + com_err(whoami, retval, + "while calling kim_library_set_allow_automatic_prompting()"); exit(1); } #endif diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c index 2e457be89..43da3f29b 100644 --- a/src/kim/lib/kim_ccache.c +++ b/src/kim/lib/kim_ccache.c @@ -255,19 +255,42 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, kim_options in_options) { kim_error err = KIM_NO_ERROR; + kim_ccache ccache = NULL; if (!err && !out_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { - err = kim_ccache_create_from_client_identity (out_ccache, in_client_identity); + kim_credential_state state; - if (err) { - /* ccache does not already exist, create a new one */ - err = kim_ccache_create_new (out_ccache, in_client_identity, in_options); + err = kim_ccache_create_from_client_identity (&ccache, in_client_identity); + + if (!err) { + err = kim_ccache_get_state (ccache, &state); } + + if (!err && state != kim_credentials_state_valid) { + if (state == kim_credentials_state_needs_validation) { + err = kim_ccache_validate (ccache, in_options); + } else { + kim_ccache_free (&ccache); + ccache = NULL; + } + } + + if (!ccache) { + /* ccache does not already exist, create a new one */ + err = kim_ccache_create_new (&ccache, in_client_identity, in_options); + } } + if (!err) { + *out_ccache = ccache; + ccache = NULL; + } + + kim_ccache_free (&ccache); + return check_error (err); } diff --git a/src/kim/lib/mac/KerberosLogin.c b/src/kim/lib/mac/KerberosLogin.c index e5fa38468..b97128ccf 100644 --- a/src/kim/lib/mac/KerberosLogin.c +++ b/src/kim/lib/mac/KerberosLogin.c @@ -24,14 +24,87 @@ * or implied warranty. */ +#ifndef LEAN_CLIENT + #define KERBEROSLOGIN_DEPRECATED #include "CredentialsCache.h" #include "KerberosLogin.h" +#include "KerberosLoginPrivate.h" #include #include "kim_private.h" -#define kl_check_error(x) (x) +krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions); +KLTime __KLLoginOptionsGetStartTime (KLLoginOptions ioOptions); +char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions); + +/* ------------------------------------------------------------------------ */ + +static KLStatus kl_check_error_ (kim_error inError, const char *function, const char *file, int line) +{ + kim_error err = inError; + + switch (err) { + case ccNoError: + err = klNoErr; + break; + + case ccErrBadName: + err = klPrincipalDoesNotExistErr; + break; + + case ccErrCCacheNotFound: + err = klCacheDoesNotExistErr; + break; + + case ccErrCredentialsNotFound: + err = klNoCredentialsErr; + break; + + case KIM_OUT_OF_MEMORY_ERR: + case ccErrNoMem: + err = klMemFullErr; + break; + + case ccErrBadCredentialsVersion: + err = klInvalidVersionErr; + break; + + case KIM_NULL_PARAMETER_ERR: + case ccErrBadParam: + case ccIteratorEnd: + case ccErrInvalidContext: + case ccErrInvalidCCache: + case ccErrInvalidString: + case ccErrInvalidCredentials: + case ccErrInvalidCCacheIterator: + case ccErrInvalidCredentialsIterator: + case ccErrInvalidLock: + case ccErrBadAPIVersion: + case ccErrContextLocked: + case ccErrContextUnlocked: + case ccErrCCacheLocked: + case ccErrCCacheUnlocked: + case ccErrBadLockType: + case ccErrNeverDefault: + err = klParameterErr; + break; + + case KIM_USER_CANCELED_ERR: + case KRB5_LIBOS_PWDINTR: + err = klUserCanceledErr; + break; + } + + if (err) { + kim_debug_printf ("%s() remapped %d to %d ('%s') at %s: %d", + function, inError, err, kim_error_message (err), + file, line); + } + + return err; +} +#define kl_check_error(err) kl_check_error_(err, __FUNCTION__, __FILE__, __LINE__) /* ------------------------------------------------------------------------ */ @@ -1051,7 +1124,7 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption inOption, kim_string_free (&new_identity_string); kim_identity_free (&old_identity); kim_identity_free (&new_identity); - + } else if (!err && inOption == loginOption_LoginInstance) { /* Ignored */ @@ -1536,11 +1609,192 @@ KLStatus KLDisposeLoginOptions(KLLoginOptions ioOptions) /* ------------------------------------------------------------------------ */ - -/* Misc function */ - KLStatus KLDisposeString (char *inStringToDispose) { kim_string_free ((kim_string *)&inStringToDispose); return klNoErr; } + +#pragma mark - + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLSetApplicationPrompter (KLPrompterProcPtr inPrompter) +{ + /* Deprecated */ + return klNoErr; +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLSetHomeDirectoryAccess (KLBoolean inAllowHomeDirectoryAccess) +{ + return kl_check_error (kim_library_set_allow_home_directory_access (inAllowHomeDirectoryAccess)); +} + +/* ------------------------------------------------------------------------ */ + +KLBoolean __KLAllowHomeDirectoryAccess (void) +{ + return kim_library_allow_home_directory_access (); +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting) +{ + return kl_check_error (kim_library_set_allow_automatic_prompting (inAllowAutomaticPrompting)); +} + +/* ------------------------------------------------------------------------ */ + +KLBoolean __KLAllowAutomaticPrompting (void) +{ + return kl_check_error (kim_library_allow_automatic_prompting ()); +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLSetPromptMechanism (KLPromptMechanism inPromptMechanism) +{ + kim_error err = KIM_NO_ERROR; + + if (inPromptMechanism == klPromptMechanism_None) { + err = kim_library_set_allow_automatic_prompting (0); + } else { + err = kim_library_set_allow_automatic_prompting (1); + } + + return kl_check_error (err); +} + +/* ------------------------------------------------------------------------ */ + +KLPromptMechanism __KLPromptMechanism (void) +{ + kim_ui_environment environment = kim_library_ui_environment (); + + if (environment == KIM_UI_ENVIRONMENT_GUI) { + return klPromptMechanism_GUI; + } else if (environment == KIM_UI_ENVIRONMENT_CLI) { + return klPromptMechanism_CLI; + } + return klPromptMechanism_None; +} + +/* ------------------------------------------------------------------------ */ + +KLBoolean __KLAllowRememberPassword (void) +{ + return kl_check_error (kim_os_identity_allow_save_password ()); +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLCreatePrincipalFromTriplet (const char *inName, + const char *inInstance, + const char *inRealm, + KLKerberosVersion inKerberosVersion, + KLPrincipal *outPrincipal) +{ + return kl_check_error (kim_identity_create_from_components (outPrincipal, + inRealm, + inName, + inInstance, + NULL)); +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLGetTripletFromPrincipal (KLPrincipal inPrincipal, + KLKerberosVersion inKerberosVersion, + char **outName, + char **outInstance, + char **outRealm) +{ + return KLGetTripletFromPrincipal (inPrincipal, + outName, outInstance, outRealm); +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal inPrincipal, + KLPrincipal *outPrincipal) +{ + return KLCreatePrincipalFromKerberos5Principal (inPrincipal, outPrincipal); + +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal inPrincipal, + krb5_context inContext, + krb5_principal *outKrb5Principal) +{ + return kl_check_error (kim_identity_get_krb5_principal (inPrincipal, + inContext, + outKrb5Principal)); +} + +/* ------------------------------------------------------------------------ */ + +KLBoolean __KLPrincipalIsTicketGrantingService (KLPrincipal inPrincipal) +{ + kim_boolean is_tgt = FALSE; + kim_error err = kim_identity_is_tgt_service (inPrincipal, &is_tgt); + + return !err ? is_tgt : FALSE; +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLGetKeychainPasswordForPrincipal (KLPrincipal inPrincipal, + char **outPassword) +{ + return kl_check_error (kim_os_identity_get_saved_password (inPrincipal, + (kim_string *) outPassword)); +} + + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLPrincipalSetKeychainPassword (KLPrincipal inPrincipal, + const char *inPassword) +{ + return kl_check_error (kim_os_identity_set_saved_password (inPrincipal, + inPassword)); +} + +/* ------------------------------------------------------------------------ */ + +KLStatus __KLRemoveKeychainPasswordForPrincipal (KLPrincipal inPrincipal) +{ + return kl_check_error (kim_os_identity_remove_saved_password (inPrincipal)); +} + +#pragma mark - + +// --------------------------------------------------------------------------- + +krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions) +{ + return kim_options_init_cred_options (ioOptions); +} + +// --------------------------------------------------------------------------- + +KLTime __KLLoginOptionsGetStartTime (KLLoginOptions ioOptions) +{ + return kim_options_start_time (ioOptions); +} + +// --------------------------------------------------------------------------- + +char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions) +{ + return kim_options_service_name (ioOptions); +} + + + +#endif /* LEAN_CLIENT */ diff --git a/src/kim/lib/mac/KerberosLogin.exports b/src/kim/lib/mac/KerberosLogin.exports new file mode 100644 index 000000000..9fd85f41f --- /dev/null +++ b/src/kim/lib/mac/KerberosLogin.exports @@ -0,0 +1,107 @@ + +# Public API: + +KLAcquireTickets +KLAcquireNewTickets +KLAcquireTicketsWithPassword +KLAcquireNewTicketsWithPassword + +KLAcquireInitialTickets +KLAcquireNewInitialTickets +KLAcquireInitialTicketsWithPassword +KLAcquireNewInitialTicketsWithPassword +KLAcquireNewInitialTicketCredentialsWithPassword +KLStoreNewInitialTicketCredentials + +KLVerifyInitialTickets +KLVerifyInitialTicketCredentials +KLAcquireNewInitialTicketsWithKeytab + +KLChangePassword +KLChangePasswordWithPasswords +KLRenewInitialTickets +KLValidateInitialTickets +KLDestroyTickets + +KLLastChangedTime +KLCacheHasValidTickets +KLTicketStartTime +KLTicketExpirationTime +KLSetSystemDefaultCache + +KLHandleError +KLGetErrorString + +KLCancelAllDialogs + +KLSetApplicationOptions +KLGetApplicationOptions + +KLSetIdleCallback +KLGetIdleCallback + +KLGetDefaultLoginOption +KLSetDefaultLoginOption + +KLFindKerberosRealmByName +KLGetKerberosRealm +KLSetKerberosRealm +KLRemoveKerberosRealm +KLInsertKerberosRealm +KLRemoveAllKerberosRealms +KLCountKerberosRealms +KLGetKerberosDefaultRealm +KLGetKerberosDefaultRealmByName +KLSetKerberosDefaultRealm +KLSetKerberosDefaultRealmByName + +KLCreatePrincipalFromTriplet +KLCreatePrincipalFromString +KLGetTripletFromPrincipal +KLGetStringFromPrincipal +KLGetDisplayStringFromPrincipal +KLComparePrincipal +KLDisposePrincipal + +KLCreateLoginOptions +KLLoginOptionsSetTicketLifetime +KLLoginOptionsSetForwardable +KLLoginOptionsSetProxiable +KLLoginOptionsSetRenewableLifetime +KLLoginOptionsSetAddressless +KLLoginOptionsSetTicketStartTime +KLLoginOptionsSetServiceName +KLDisposeLoginOptions + +KLDisposeString + +# Private APIs being used by external callers: + +#__KLChangePasswordWithPasswordsCompat +#__KLAcquireInitialTicketsForCache +#__KLPrompter + +__KLSetApplicationPrompter + +__KLSetHomeDirectoryAccess +__KLAllowHomeDirectoryAccess + +__KLSetAutomaticPrompting +__KLAllowAutomaticPrompting +__KLSetPromptMechanism +__KLPromptMechanism +__KLAllowRememberPassword + +__KLCreatePrincipalFromTriplet +__KLGetTripletFromPrincipal +__KLCreatePrincipalFromKerberos5Principal +__KLGetKerberos5PrincipalFromPrincipal +__KLPrincipalIsTicketGrantingService + +__KLGetKeychainPasswordForPrincipal +__KLPrincipalSetKeychainPassword +__KLRemoveKeychainPasswordForPrincipal + +__KLLoginOptionsGetKerberos5Options +__KLLoginOptionsGetStartTime +__KLLoginOptionsGetServiceName diff --git a/src/kim/lib/mac/KerberosLoginPrivate.h b/src/kim/lib/mac/KerberosLoginPrivate.h new file mode 100644 index 000000000..52e10fcd1 --- /dev/null +++ b/src/kim/lib/mac/KerberosLoginPrivate.h @@ -0,0 +1,123 @@ +/* +* Copyright 1998-2008 Massachusetts Institute of Technology. +* All Rights Reserved. +* +* Export of this software from the United States of America may +* require a specific license from the United States Government. +* It is the responsibility of any person or organization contemplating +* export to obtain such a license before exporting. +* +* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +* distribute this software and its documentation for any purpose and +* without fee is hereby granted, provided that the above copyright +* notice appear in all copies and that both that copyright notice and +* this permission notice appear in supporting documentation, and that +* the name of M.I.T. not be used in advertising or publicity pertaining +* to distribution of the software without specific, written prior +* permission. Furthermore if you modify this software you must label +* your software as modified software and not distribute it in such a +* fashion that it might be confused with the original M.I.T. software. +* M.I.T. makes no representations about the suitability of +* this software for any purpose. It is provided "as is" without express +* or implied warranty. +*/ + +#ifndef __KERBEROSLOGINPRIVATE__ +#define __KERBEROSLOGINPRIVATE__ + +#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__)) +# include +# if TARGET_RT_MAC_CFM +# error "Use KfM 4.0 SDK headers for CFM compilation." +# endif +#endif + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +enum { + klPromptMechanism_Autodetect = 0, + klPromptMechanism_GUI = 1, + klPromptMechanism_CLI = 2, + klPromptMechanism_None = 0xFFFFFFFF +}; +typedef uint32_t KLPromptMechanism; + +/*************/ +/*** Types ***/ +/*************/ + +#ifdef KERBEROSLOGIN_DEPRECATED + +typedef krb5_error_code (*KLPrompterProcPtr) (krb5_context context, + void *data, + const char *name, + const char *banner, + int num_prompts, + krb5_prompt prompts[]); +KLStatus __KLSetApplicationPrompter (KLPrompterProcPtr inPrompter); + +#endif /* KERBEROSLOGIN_DEPRECATED */ + +/*****************/ +/*** Functions ***/ +/*****************/ + +KLStatus __KLSetHomeDirectoryAccess (KLBoolean inAllowHomeDirectoryAccess); +KLBoolean __KLAllowHomeDirectoryAccess (void); + +KLStatus __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting); +KLBoolean __KLAllowAutomaticPrompting (void); + +KLBoolean __KLAllowRememberPassword (void); + +KLStatus __KLSetPromptMechanism (KLPromptMechanism inPromptMechanism); +KLPromptMechanism __KLPromptMechanism (void); + +KLStatus __KLCreatePrincipalFromTriplet (const char *inName, + const char *inInstance, + const char *inRealm, + KLKerberosVersion inKerberosVersion, + KLPrincipal *outPrincipal); + +KLStatus __KLGetTripletFromPrincipal (KLPrincipal inPrincipal, + KLKerberosVersion inKerberosVersion, + char **outName, + char **outInstance, + char **outRealm); + +KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal inPrincipal, + KLPrincipal *outPrincipal); + +KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal inPrincipal, + krb5_context inContext, + krb5_principal *outKrb5Principal); + +KLStatus __KLGetRealmFromPrincipal (KLPrincipal inPrincipal, char **outRealm); + +KLBoolean __KLPrincipalIsTicketGrantingService (KLPrincipal inPrincipal); + +KLStatus __KLGetKeychainPasswordForPrincipal (KLPrincipal inPrincipal, + char **outPassword); + +KLStatus __KLPrincipalSetKeychainPassword (KLPrincipal inPrincipal, + const char *inPassword); + +KLStatus __KLRemoveKeychainPasswordForPrincipal (KLPrincipal inPrincipal); + +#if TARGET_OS_MAC +# if defined(__MWERKS__) +# pragma import reset +# endif +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __KERBEROSLOGINPRIVATE__ */ + diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 55d19fd5a..a36dfe060 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -79,8 +79,8 @@ #include #endif -#if defined(USE_LOGIN_LIBRARY) -#include +#if defined(USE_KIM) +#include #elif defined(USE_LEASH) #ifdef _WIN64 #define LEASH_DLL "leashw64.dll" @@ -244,32 +244,35 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) return(GSS_S_FAILURE); } -#if defined(USE_LOGIN_LIBRARY) || defined(USE_LEASH) +#if defined(USE_KIM) || defined(USE_LEASH) if (desired_name && !caller_provided_ccache_name) { -#if defined(USE_LOGIN_LIBRARY) - KLStatus err = klNoErr; - char *ccache_name = NULL; - KLPrincipal kl_desired_princ = NULL; - - err = __KLCreatePrincipalFromKerberos5Principal ((krb5_principal) desired_name, - &kl_desired_princ); +#if defined(USE_KIM) + kim_error err = KIM_NO_ERROR; + kim_ccache kimccache = NULL; + kim_identity identity = NULL; + + err = kim_identity_create_from_krb5_principal (&identity, + context, + (krb5_principal) desired_name); if (!err) { - err = KLAcquireInitialTickets (kl_desired_princ, NULL, NULL, &ccache_name); + err = kim_ccache_create_new_if_needed (&kimccache, + identity, + KIM_OPTIONS_DEFAULT); } - + if (!err) { - err = krb5_cc_resolve (context, ccache_name, &ccache); + err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache); } + kim_ccache_free (&kimccache); + kim_identity_free (&identity); + if (err) { *minor_status = err; return(GSS_S_CRED_UNAVAIL); } - if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); } - if (ccache_name != NULL) { KLDisposeString (ccache_name); } - #elif defined(USE_LEASH) if ( hLeashDLL == INVALID_HANDLE_VALUE ) { hLeashDLL = LoadLibrary(LEASH_DLL); @@ -301,7 +304,7 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) } #endif /* USE_LEASH */ } else -#endif /* USE_LOGIN_LIBRARY || USE_LEASH */ +#endif /* USE_KIM || USE_LEASH */ { /* open the default credential cache */ diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c index d6a2597db..e5006de22 100644 --- a/src/lib/krb5/ccache/ccdefault.c +++ b/src/lib/krb5/ccache/ccdefault.c @@ -29,8 +29,8 @@ #include "k5-int.h" -#if defined(USE_LOGIN_LIBRARY) -#include "KerberosLoginPrivate.h" +#if defined(USE_KIM) +#include #elif defined(USE_LEASH) static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL; static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; @@ -77,25 +77,43 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) return KV5M_CONTEXT; } -#ifdef USE_LOGIN_LIBRARY +#ifdef USE_KIM { - /* make sure the default cache has tix before you open it */ - KLStatus err = klNoErr; - char *outCacheName = NULL; + kim_error err = KIM_NO_ERROR; + kim_ccache kimccache = NULL; + kim_identity identity = KIM_IDENTITY_ANY; + kim_credential_state state; + kim_string name = NULL; - /* Try to make sure a krb5 tgt is in the cache */ - err = __KLInternalAcquireInitialTicketsForCache (krb5_cc_default_name (context), kerberosVersion_V5, - NULL, NULL, &outCacheName); - if (err == klNoErr) { - /* This function tries to get tickets and put them in the specified - cache, however, if the cache does not exist, it may choose to put - them elsewhere (ie: the system default) so we set that here */ - const char * ccdefname = krb5_cc_default_name (context); - if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) { - krb5_cc_set_default_name (context, outCacheName); - } - KLDisposeString (outCacheName); + err = kim_ccache_create_from_display_name (&kimccache, + krb5_cc_default_name (context)); + + if (!err) { + err = kim_ccache_get_client_identity (kimccache, &identity); + } + + if (!err) { + err = kim_ccache_get_state (kimccache, &state); + } + + if (err || state != kim_credentials_state_valid) { + /* Either the ccache is does not exist or is invalid. Get new + * tickets. Use the identity in the ccache if there was one. */ + kim_ccache_free (&kimccache); + err = kim_ccache_create_new (&kimccache, + identity, KIM_OPTIONS_DEFAULT); } + + if (!err) { + err = kim_ccache_get_display_name (kimccache, &name); + } + + if (!err) { + krb5_cc_set_default_name (context, name); + } + + kim_string_free (&name); + kim_ccache_free (&kimccache); } #else #ifdef USE_LEASH diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 094eb79f5..bd5cbd195 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -186,7 +186,7 @@ krb5_get_init_creds_password(krb5_context context, use_master = 0; } -#ifdef USE_LOGIN_LIBRARY +#ifdef USE_KIM if (ret == KRB5KDC_ERR_KEY_EXP) goto cleanup; /* Login library will deal appropriately with this error */ #endif diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index 06a5b6bfa..5011d548c 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -32,8 +32,8 @@ #include "os-proto.h" #include "prof_int.h" /* XXX for profile_copy, not public yet */ -#ifdef USE_LOGIN_LIBRARY -#include "KerberosLoginPrivate.h" +#ifdef USE_KIM +#include "kim/kim_library.h" #endif #if defined(_WIN32) @@ -240,10 +240,10 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) unsigned int ent_len; const char *s, *t; -#ifdef USE_LOGIN_LIBRARY - /* If __KLAllowHomeDirectoryAccess() == FALSE, we are probably +#ifdef USE_KIM + /* If kim_library_allow_home_directory_access() == FALSE, we are probably trying to authenticate to a fileserver for the user's homedir. */ - if (!__KLAllowHomeDirectoryAccess ()) + if (!kim_library_allow_home_directory_access ()) secure = 1; #endif if (secure) {