From 95435446e6bfc3223d5946acde45b3ad806738ff Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Mon, 31 Oct 2005 19:23:19 +0000 Subject: [PATCH] * acquire_cred.c (acquire_init_cred): If a specific principal has been requested, attempt to acquire tickets and set the ccache name in the context to the ccache containing the tickets if obtained. (KFM/KFW) * ccdefault.c: (krb5int_cc_default) - add KFW support for multiple ccaches ticket: 3223 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17468 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 7 +++++ src/lib/gssapi/krb5/acquire_cred.c | 49 ++++++++++++++++++++++-------- src/lib/krb5/ccache/ChangeLog | 4 +++ src/lib/krb5/ccache/ccdefault.c | 18 ++++++----- 4 files changed, 58 insertions(+), 20 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 1a8eda6ec..ec6b1341f 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,10 @@ +2005-10-20 Alexandra Ellwood , Jeffrey Altman + + * acquire_cred.c (acquire_init_cred): + If a specific principal has been requested, attempt to acquire + tickets and set the ccache name in the context to the ccache + containing the tickets if obtained. (KFM/KFW) + 2005-10-20 Jeffrey Altman * gssapi_krb5.hin: add missing GSS_DLLIMP to exported symbols diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 5318b6d77..c293b2783 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -79,8 +79,11 @@ #include #endif -#ifdef USE_LOGIN_LIBRARY +#if defined(USE_LOGIN_LIBRARY) #include +#elif defined(USE_LEASH) +static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL; +static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; #endif k5_mutex_t gssint_krb5_keytab_lock = K5_MUTEX_PARTIAL_INITIALIZER; @@ -227,8 +230,9 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (GSS_ERROR(kg_sync_ccache_name(context, minor_status))) return(GSS_S_FAILURE); -#ifdef USE_LOGIN_LIBRARY +#if defined(USE_LOGIN_LIBRARY) || defined(USE_LEASH) if (desired_name != NULL) { +#if defined(USE_LOGIN_LIBRARY) char *ccache_name = NULL; KLPrincipal kl_desired_princ = NULL; @@ -253,18 +257,39 @@ acquire_init_cred(context, minor_status, desired_name, output_princ, cred) if (kl_desired_princ != NULL) { KLDisposePrincipal (kl_desired_princ); } if (ccache_name != NULL) { KLDisposeString (ccache_name); } - - } else { -#endif - /* open the default credential cache */ +#elif defined(USE_LEASH) + if ( hLeashDLL == INVALID_HANDLE_VALUE ) { + hLeashDLL = LoadLibrary("leashw32.dll"); + if ( hLeashDLL != INVALID_HANDLE_VALUE ) { + (FARPROC) pLeash_AcquireInitialTicketsIfNeeded = + GetProcAddress(hLeashDLL, "not_an_API_Leash_AcquireInitialTicketsIfNeeded"); + } + } + + if ( pLeash_AcquireInitialTicketsIfNeeded ) { + char ccname[256]=""; + pLeash_AcquireInitialTicketsIfNeeded(context, (krb5_principal) desired_name, ccname, sizeof(ccname)); + if (!ccname[0]) { + *minor_status = KRB5_CC_NOTFOUND; + return(GSS_S_CRED_UNAVAIL); + } + + if ((code = krb5_cc_resolve (context, ccname, &ccache))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } + } +#endif /* USE_LEASH */ + } else +#endif /* USE_LOGIN_LIBRARY || USE_LEASH */ + { + /* open the default credential cache */ - if ((code = krb5int_cc_default(context, &ccache))) { - *minor_status = code; - return(GSS_S_CRED_UNAVAIL); - } -#ifdef USE_LOGIN_LIBRARY + if ((code = krb5int_cc_default(context, &ccache))) { + *minor_status = code; + return(GSS_S_CRED_UNAVAIL); + } } -#endif /* turn off OPENCLOSE mode while extensive frobbing is going on */ diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 66627280b..e4b98a105 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,7 @@ +2005-10-27 Jeffrey Altman + * ccdefault.c: + (krb5int_cc_default) - add KFW support for multiple ccaches + 2005-10-20 Jeffrey Altman * cc_mslsa.c: diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c index 8a45a243b..3c363229a 100644 --- a/src/lib/krb5/ccache/ccdefault.c +++ b/src/lib/krb5/ccache/ccdefault.c @@ -29,20 +29,17 @@ #include "k5-int.h" -#ifdef USE_LOGIN_LIBRARY +#if defined(USE_LOGIN_LIBRARY) #include "KerberosLoginPrivate.h" -#else -#ifdef USE_LEASH -static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal) = NULL; +#elif defined(USE_LEASH) +static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL; static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; #endif -#endif krb5_error_code KRB5_CALLCONV krb5_cc_default(krb5_context context, krb5_ccache *ccache) { - krb5_error_code retval; krb5_os_context os_ctx; if (!context || context->magic != KV5M_CONTEXT) @@ -88,7 +85,6 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) } #else #ifdef USE_LEASH - if ( hLeashDLL == INVALID_HANDLE_VALUE ) { hLeashDLL = LoadLibrary("leashw32.dll"); if ( hLeashDLL != INVALID_HANDLE_VALUE ) { @@ -98,7 +94,13 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) } if ( pLeash_AcquireInitialTicketsIfNeeded ) { - pLeash_AcquireInitialTicketsIfNeeded(context, NULL); + char ccname[256]=""; + pLeash_AcquireInitialTicketsIfNeeded(context, NULL, ccname, sizeof(ccname)); + if (ccname[0]) { + if (strcmp (krb5_cc_default_name (context),ccname) != 0) { + krb5_cc_set_default_name (context, ccname); + } + } } #endif #endif -- 2.26.2