From 3cbfb6c05fb4778531271444858a605ed12ac6e2 Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Wed, 29 Oct 2008 20:39:47 +0000 Subject: [PATCH] Only prompt automatically from GUI apps Direct callers such as kinit need command line prompts. Do not automatically prompt (via krb5 or gssapi calls) unless the caller has loaded GUI libraries. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20937 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kim/lib/kim_library.c | 5 ++++ src/kim/lib/kim_library_private.h | 2 ++ src/kim/lib/mac/kim_os_library.c | 39 ++++++++++++++++++------------ src/lib/gssapi/krb5/acquire_cred.c | 30 +++++++++++++++++++---- src/lib/krb5/ccache/ccdefault.c | 3 ++- 5 files changed, 58 insertions(+), 21 deletions(-) diff --git a/src/kim/lib/kim_library.c b/src/kim/lib/kim_library.c index b4b4c39c1..0272aa7fd 100644 --- a/src/kim/lib/kim_library.c +++ b/src/kim/lib/kim_library.c @@ -244,6 +244,11 @@ kim_boolean kim_library_allow_automatic_prompting (void) kim_debug_printf ("KIM_NEVER_PROMPT is set."); allow_automatic_prompting = FALSE; } + + if (allow_automatic_prompting && !kim_os_library_caller_uses_gui ()) { + kim_debug_printf ("Caller is not using gui."); + allow_automatic_prompting = FALSE; + } if (allow_automatic_prompting) { /* Make sure there is at least 1 config file. We don't support DNS diff --git a/src/kim/lib/kim_library_private.h b/src/kim/lib/kim_library_private.h index 160fba3a5..146474b0e 100644 --- a/src/kim/lib/kim_library_private.h +++ b/src/kim/lib/kim_library_private.h @@ -32,6 +32,8 @@ kim_error kim_library_init (void); +kim_boolean kim_os_library_caller_uses_gui (void); + kim_ui_environment kim_os_library_get_ui_environment (void); kim_ui_environment kim_library_ui_environment (void); diff --git a/src/kim/lib/mac/kim_os_library.c b/src/kim/lib/mac/kim_os_library.c index 2c54b8fa8..f3b269084 100644 --- a/src/kim/lib/mac/kim_os_library.c +++ b/src/kim/lib/mac/kim_os_library.c @@ -94,6 +94,28 @@ kim_error kim_os_library_unlock_for_bundle_lookup (void) /* ------------------------------------------------------------------------ */ +kim_boolean kim_os_library_caller_uses_gui (void) +{ + kim_boolean caller_uses_gui = 0; + + /* Check for the HIToolbox (Carbon) or AppKit (Cocoa). + * If either is loaded, we are a GUI app! */ + CFBundleRef appKitBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.AppKit")); + CFBundleRef hiToolBoxBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.HIToolbox")); + + if (hiToolBoxBundle && CFBundleIsExecutableLoaded (hiToolBoxBundle)) { + caller_uses_gui = 1; /* Using Carbon */ + } + + if (appKitBundle && CFBundleIsExecutableLoaded (appKitBundle)) { + caller_uses_gui = 1; /* Using Cocoa */ + } + + return caller_uses_gui; +} + +/* ------------------------------------------------------------------------ */ + kim_ui_environment kim_os_library_get_ui_environment (void) { #ifdef KIM_BUILTIN_UI @@ -104,21 +126,8 @@ kim_ui_environment kim_os_library_get_ui_environment (void) NULL, &sattrs) == noErr) && (sattrs & sessionHasGraphicAccess)); - if (has_gui_access) { - /* Check for the HIToolbox (Carbon) or AppKit (Cocoa). - * If either is loaded, we are a GUI app! */ - CFBundleRef appKitBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.AppKit")); - CFBundleRef hiToolBoxBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.HIToolbox")); - - if (hiToolBoxBundle && CFBundleIsExecutableLoaded (hiToolBoxBundle)) { - /* Using Carbon */ - return KIM_UI_ENVIRONMENT_GUI; - } - - if (appKitBundle && CFBundleIsExecutableLoaded (appKitBundle)) { - /* Using Cocoa */ - return KIM_UI_ENVIRONMENT_GUI; - } + if (has_gui_access && kim_os_library_caller_uses_gui ()) { + return KIM_UI_ENVIRONMENT_GUI; } { diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index daf899223..02cefc2d7 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -82,6 +82,7 @@ #if defined(USE_KIM) #include +#include "kim_library_private.h" #elif defined(USE_LEASH) #ifdef _WIN64 #define LEASH_DLL "leashw64.dll" @@ -251,17 +252,36 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) kim_error err = KIM_NO_ERROR; kim_ccache kimccache = NULL; kim_identity identity = NULL; + kim_credential_state state; + krb5_principal desired_princ = (krb5_principal) desired_name; err = kim_identity_create_from_krb5_principal (&identity, context, - (krb5_principal) desired_name); + desired_princ); if (!err) { - err = kim_ccache_create_new_if_needed (&kimccache, - identity, - KIM_OPTIONS_DEFAULT); + err = kim_ccache_create_from_client_identity (&kimccache, identity); } - + + if (!err) { + err = kim_ccache_get_state (kimccache, &state); + } + + if (!err && state != kim_credentials_state_valid) { + if (state == kim_credentials_state_needs_validation) { + err = kim_ccache_validate (kimccache, KIM_OPTIONS_DEFAULT); + } else { + kim_ccache_free (&kimccache); + ccache = NULL; + } + } + + if (!kimccache && kim_library_allow_automatic_prompting ()) { + /* ccache does not already exist, create a new one */ + err = kim_ccache_create_new (&kimccache, identity, + KIM_OPTIONS_DEFAULT); + } + if (!err) { err = kim_ccache_get_krb5_ccache (kimccache, context, &ccache); } diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c index e5006de22..b2de461e1 100644 --- a/src/lib/krb5/ccache/ccdefault.c +++ b/src/lib/krb5/ccache/ccdefault.c @@ -31,6 +31,7 @@ #if defined(USE_KIM) #include +#include "kim_library_private.h" #elif defined(USE_LEASH) static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL; static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; @@ -78,7 +79,7 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) } #ifdef USE_KIM - { + if (kim_library_allow_automatic_prompting ()) { kim_error err = KIM_NO_ERROR; kim_ccache kimccache = NULL; kim_identity identity = KIM_IDENTITY_ANY; -- 2.26.2