From 3a8bcf9a7b3ec9a10557047b9ad0382edcc09299 Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Fri, 26 Sep 2008 18:56:51 +0000 Subject: [PATCH] Added kim_credential_get_options and kim_ccache_get_options for KerberosAgent to use to create new favorite identities ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20760 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/kim/kim_ccache.h | 17 ++++++ src/include/kim/kim_credential.h | 17 ++++++ src/kim/lib/kim-lite.exports | 2 + src/kim/lib/kim.exports | 2 + src/kim/lib/kim_ccache.c | 25 ++++++++ src/kim/lib/kim_credential.c | 97 ++++++++++++++++++++++++++++++++ 6 files changed, 160 insertions(+) diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h index 73789eabb..efa9a6dce 100644 --- a/src/include/kim/kim_ccache.h +++ b/src/include/kim/kim_ccache.h @@ -247,6 +247,13 @@ extern "C" { * without resending secrets to the KDC (such as a password). If credentials are * not renewable, this function will return an error. * + * \li #kim_ccache_get_options() + * returns a kim_options object with the credential options of the credentials + * in the ccache. This function is intended to be used when adding + * an identity with existing credentials to the favorite identities list. + * By passing in the options returned by this call, future requests for the + * favorite identity will use the same credential options. + * * See \ref kim_ccache_reference and \ref kim_ccache_iterator_reference for * information on specific APIs. */ @@ -523,6 +530,16 @@ kim_error kim_ccache_get_expiration_time (kim_ccache in_ccache, kim_error kim_ccache_get_renewal_expiration_time (kim_ccache in_ccache, kim_time *out_renewal_expiration_time); +/*! + * \param kim_ccache a ccache object. + * \param out_options on exit, an options object reflecting the ticket + * options of the credentials in \a in_ccache. + * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. + * \brief Get a kim_options object based on a ccache's credential attributes. + */ +kim_error kim_ccache_get_options (kim_ccache in_ccache, + kim_options *out_options); + /*! * \param io_ccache a ccache object which will be set to the default ccache. * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. diff --git a/src/include/kim/kim_credential.h b/src/include/kim/kim_credential.h index 678c2a314..222d1e760 100644 --- a/src/include/kim/kim_credential.h +++ b/src/include/kim/kim_credential.h @@ -258,6 +258,13 @@ typedef int kim_credential_state; * without resending secrets to the KDC (such as a password). If credentials are * not renewable, this function will return a renewal expiration time of 0. * + * \li #kim_credential_get_options() + * returns a kim_options object with the credential options of the + * credential. This function is intended to be used when adding + * an identity with existing credentials to the favorite identities list. + * By passing in the options returned by this call, future requests for the + * favorite identity will use the same credential options. + * * * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for * information on specific APIs. @@ -445,6 +452,16 @@ kim_error kim_credential_get_expiration_time (kim_credential in_credential, kim_error kim_credential_get_renewal_expiration_time (kim_credential in_credential, kim_time *out_renewal_expiration_time); +/*! + * \param in_credential a credential object. + * \param out_options on exit, an options object reflecting the ticket + * options of \a in_credential. + * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. + * \brief Get a kim_options object based on a credential's attributes. + */ +kim_error kim_credential_get_options (kim_credential in_credential, + kim_options *out_options); + /*! * \param in_credential a credential object. * \param in_client_identity a client identity. diff --git a/src/kim/lib/kim-lite.exports b/src/kim/lib/kim-lite.exports index 969ad8383..b548cfc24 100644 --- a/src/kim/lib/kim-lite.exports +++ b/src/kim/lib/kim-lite.exports @@ -87,6 +87,7 @@ kim_credential_get_state kim_credential_get_start_time kim_credential_get_expiration_time kim_credential_get_renewal_expiration_time +kim_credential_get_options kim_credential_store kim_credential_renew kim_credential_validate @@ -115,6 +116,7 @@ kim_ccache_get_state kim_ccache_get_start_time kim_ccache_get_expiration_time kim_ccache_get_renewal_expiration_time +kim_ccache_get_options kim_ccache_set_default kim_ccache_renew kim_ccache_validate diff --git a/src/kim/lib/kim.exports b/src/kim/lib/kim.exports index 6381cbd81..a41f48109 100644 --- a/src/kim/lib/kim.exports +++ b/src/kim/lib/kim.exports @@ -88,6 +88,7 @@ kim_credential_get_state kim_credential_get_start_time kim_credential_get_expiration_time kim_credential_get_renewal_expiration_time +kim_credential_get_options kim_credential_store kim_credential_verify kim_credential_renew @@ -118,6 +119,7 @@ kim_ccache_get_state kim_ccache_get_start_time kim_ccache_get_expiration_time kim_ccache_get_renewal_expiration_time +kim_ccache_get_options kim_ccache_set_default kim_ccache_verify kim_ccache_renew diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c index 16ba381cd..152095d54 100644 --- a/src/kim/lib/kim_ccache.c +++ b/src/kim/lib/kim_ccache.c @@ -923,6 +923,31 @@ kim_error kim_ccache_get_renewal_expiration_time (kim_ccache in_ccache, return check_error (err); } +/* ------------------------------------------------------------------------ */ + +kim_error kim_ccache_get_options (kim_ccache in_ccache, + kim_options *out_options) +{ + kim_error err = KIM_NO_ERROR; + kim_credential credential = NULL; + + if (!err && !in_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); } + + if (!err) { + err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL, + &credential); + } + + if (!err) { + err = kim_credential_get_options (credential, out_options); + } + + kim_credential_free (&credential); + + return check_error (err); +} + #pragma mark - /* ------------------------------------------------------------------------ */ diff --git a/src/kim/lib/kim_credential.c b/src/kim/lib/kim_credential.c index b03cba183..61fbafa48 100644 --- a/src/kim/lib/kim_credential.c +++ b/src/kim/lib/kim_credential.c @@ -854,6 +854,103 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential in_credent /* ------------------------------------------------------------------------ */ +kim_error kim_credential_get_options (kim_credential in_credential, + kim_options *out_options) +{ + kim_error err = KIM_NO_ERROR; + kim_options options = NULL; + krb5_creds *creds = NULL; + + if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + + if (!err) { + creds = in_credential->creds; + + err = kim_options_create (&options); + } + + if (!err) { + err = kim_options_set_start_time (options, creds->times.starttime); + } + + if (!err) { + kim_lifetime lifetime = (creds->times.endtime - + (creds->times.starttime ? + creds->times.starttime : + creds->times.authtime)); + + err = kim_options_set_lifetime (options, lifetime); + } + + if (!err) { + kim_boolean renewable = (creds->ticket_flags & TKT_FLG_RENEWABLE); + + err = kim_options_set_renewable (options, renewable); + } + + if (!err) { + kim_lifetime rlifetime = (creds->ticket_flags & TKT_FLG_RENEWABLE ? + creds->times.renew_till : 0); + + err = kim_options_set_lifetime (options, rlifetime); + } + + if (!err) { + kim_boolean forwardable = (creds->ticket_flags & TKT_FLG_FORWARDABLE); + + err = kim_options_set_forwardable (options, forwardable); + } + + if (!err) { + kim_boolean proxiable = (creds->ticket_flags & TKT_FLG_PROXIABLE); + + err = kim_options_set_proxiable (options, proxiable); + } + + if (!err) { + kim_boolean addressless = (!creds->addresses || !creds->addresses[0]); + + err = kim_options_set_addressless (options, addressless); + } + + if (!err) { + kim_boolean is_tgt = 0; + kim_string service = NULL; /* tgt service */ + + err = kim_credential_is_tgt (in_credential, &is_tgt); + + if (!err && !is_tgt) { + kim_identity identity = NULL; + + err = kim_credential_get_service_identity (in_credential, &identity); + + if (!err) { + err = kim_identity_get_string (identity, &service); + } + + kim_identity_free (&identity); + } + + if (!err) { + err = kim_options_set_service_name (options, service); + } + + kim_string_free (&service); + } + + if (!err) { + *out_options = options; + options = NULL; + } + + kim_options_free (&options); + + return check_error (err); +} + +/* ------------------------------------------------------------------------ */ + kim_error kim_credential_store (kim_credential in_credential, kim_identity in_client_identity, kim_ccache *out_ccache) -- 2.26.2