From fece1c9a779cc96dece0c92e7447b4503f23473d Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Thu, 9 Oct 2008 02:35:38 +0000 Subject: [PATCH] KL APIs which take a NULL principal return klParameterErr Fixed by making kim_ccache_create_from_client_identity take KIM_IDENTITY_ANY (at which point it returns the system default ccache). ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20850 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/kim/kim_ccache.h | 45 ++++++++------- src/kim/lib/kim_ccache.c | 99 ++++++++++++++++++++------------ src/kim/lib/kim_ccache_private.h | 5 ++ src/kim/lib/mac/KerberosLogin.c | 41 +++++-------- 4 files changed, 105 insertions(+), 85 deletions(-) diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h index d18a5aae4..709c69814 100644 --- a/src/include/kim/kim_ccache.h +++ b/src/include/kim/kim_ccache.h @@ -307,8 +307,8 @@ void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator); * \brief Acquire a new initial credential and store it in a ccache. */ kim_error kim_ccache_create_new (kim_ccache *out_ccache, - kim_identity in_client_identity, - kim_options in_options); + kim_identity in_client_identity, + kim_options in_options); /*! * \param out_ccache on exit, a ccache object for a ccache containing a newly acquired @@ -322,18 +322,21 @@ kim_error kim_ccache_create_new (kim_ccache *out_ccache, * unavailable, acquire and store a new initial credential. */ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, - kim_identity in_client_identity, - kim_options in_options); + kim_identity in_client_identity, + kim_options in_options); /*! * \param out_ccache on exit, a ccache object for a ccache containing a TGT * credential. Must be freed with kim_ccache_free(). - * \param in_client_identity a client identity to obtain a credential for. + * \param in_client_identity a client identity to find a ccache for. If + * \a in_client_identity is #KIM_IDENTITY_ANY, this + * function returns the default ccache + * (ie: is equivalent to #kim_ccache_create_from_default()). * \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure. * \brief Find a ccache for a client identity in the cache collection. */ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, - kim_identity in_client_identity); + kim_identity in_client_identity); /*! * \param out_ccache on exit, a new ccache object containing an initial credential @@ -347,9 +350,9 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, * \brief Acquire a new initial credential from a keytab and store it in a ccache. */ kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache, - kim_identity in_identity, - kim_options in_options, - kim_string in_keytab); + kim_identity in_identity, + kim_options in_options, + kim_string in_keytab); /*! * \param out_ccache on exit, a ccache object for the default ccache. @@ -381,8 +384,8 @@ kim_error kim_ccache_create_from_display_name (kim_ccache *out_ccache, * \brief Get a ccache for a ccache type and name. */ kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache, - kim_string in_type, - kim_string in_name); + kim_string in_type, + kim_string in_name); /*! * \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache. @@ -393,8 +396,8 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache, * \brief Get a ccache for a krb5 ccache. */ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache, - krb5_context in_krb5_context, - krb5_ccache in_krb5_ccache); + krb5_context in_krb5_context, + krb5_ccache in_krb5_ccache); /*! * \param out_ccache on exit, the new ccache object which is a copy of in_ccache. @@ -404,7 +407,7 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache, * \brief Copy a ccache. */ kim_error kim_ccache_copy (kim_ccache *out_ccache, - kim_ccache in_ccache); + kim_ccache in_ccache); /*! * \param in_ccache a ccache object. @@ -438,7 +441,7 @@ kim_error kim_ccache_get_krb5_ccache (kim_ccache in_ccache, * \brief Get the name of a ccache. */ kim_error kim_ccache_get_name (kim_ccache in_ccache, - kim_string *out_name); + kim_string *out_name); /*! * \param in_ccache a ccache object. @@ -447,7 +450,7 @@ kim_error kim_ccache_get_name (kim_ccache in_ccache, * \brief Get the type of a ccache. */ kim_error kim_ccache_get_type (kim_ccache in_ccache, - kim_string *out_type); + kim_string *out_type); /*! * \param in_ccache a ccache object. @@ -563,9 +566,9 @@ kim_error kim_ccache_set_default (kim_ccache io_ccache); * \brief Verify the TGT in a ccache. */ kim_error kim_ccache_verify (kim_ccache in_ccache, - kim_identity in_service_identity, - kim_string in_keytab, - kim_boolean in_fail_if_no_service_key); + kim_identity in_service_identity, + kim_string in_keytab, + kim_boolean in_fail_if_no_service_key); /*! * \param in_ccache a ccache object containing a TGT to be renewed. @@ -574,7 +577,7 @@ kim_error kim_ccache_verify (kim_ccache in_ccache, * \brief Renew the TGT in a ccache. */ kim_error kim_ccache_renew (kim_ccache in_ccache, - kim_options in_options); + kim_options in_options); /*! * \param in_ccache a ccache object containing a TGT to be validated. @@ -583,7 +586,7 @@ kim_error kim_ccache_renew (kim_ccache in_ccache, * \brief Validate the TGT in a ccache. */ kim_error kim_ccache_validate (kim_ccache in_ccache, - kim_options in_options); + kim_options in_options); /*! * \param io_ccache a ccache object to be destroyed. Set to NULL on exit. diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c index 43da3f29b..26e926d3b 100644 --- a/src/kim/lib/kim_ccache.c +++ b/src/kim/lib/kim_ccache.c @@ -253,6 +253,19 @@ kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache, kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options) +{ + return check_error (kim_ccache_create_new_if_needed_with_password (out_ccache, + in_client_identity, + in_options, + NULL)); +} + +/* ------------------------------------------------------------------------ */ + +kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccache, + kim_identity in_client_identity, + kim_options in_options, + kim_string in_password) { kim_error err = KIM_NO_ERROR; kim_ccache ccache = NULL; @@ -263,7 +276,8 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, if (!err) { kim_credential_state state; - err = kim_ccache_create_from_client_identity (&ccache, in_client_identity); + err = kim_ccache_create_from_client_identity (&ccache, + in_client_identity); if (!err) { err = kim_ccache_get_state (ccache, &state); @@ -280,7 +294,10 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache, if (!ccache) { /* ccache does not already exist, create a new one */ - err = kim_ccache_create_new (&ccache, in_client_identity, in_options); + err = kim_ccache_create_new_with_password (&ccache, + in_client_identity, + in_options, + in_password); } } @@ -300,56 +317,62 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache, kim_identity in_client_identity) { kim_error err = KIM_NO_ERROR; - kim_ccache_iterator iterator = NULL; - kim_boolean found = FALSE; - if (!err && !out_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err) { + if (!err && in_client_identity) { + kim_ccache_iterator iterator = NULL; + kim_boolean found = FALSE; + err = kim_ccache_iterator_create (&iterator); - } - - while (!err && !found) { - kim_ccache ccache = NULL; - kim_identity identity = NULL; - kim_comparison comparison; - err = kim_ccache_iterator_next (iterator, &ccache); - - if (!err && !ccache) { - kim_string string = NULL; + while (!err && !found) { + kim_ccache ccache = NULL; + kim_identity identity = NULL; + kim_comparison comparison; + + err = kim_ccache_iterator_next (iterator, &ccache); + + if (!err && !ccache) { + kim_string string = NULL; + + err = kim_identity_get_display_string (in_client_identity, + &string); + + if (!err) { + err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR, + string); + } + + kim_string_free (&string); + } - err = kim_identity_get_display_string (in_client_identity, &string); + if (!err) { + err = kim_ccache_get_client_identity (ccache, &identity); + } if (!err) { - err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR, - string); + err = kim_identity_compare (in_client_identity, identity, + &comparison); } - kim_string_free (&string); - } - - if (!err) { - err = kim_ccache_get_client_identity (ccache, &identity); - } - - if (!err) { - err = kim_identity_compare (in_client_identity, identity, &comparison); + if (!err && kim_comparison_is_equal_to (comparison)) { + found = 1; + *out_ccache = ccache; + ccache = NULL; + } + + kim_identity_free (&identity); + kim_ccache_free (&ccache); } - if (!err && kim_comparison_is_equal_to (comparison)) { - found = 1; - *out_ccache = ccache; - ccache = NULL; - } + kim_ccache_iterator_free (&iterator); - kim_identity_free (&identity); - kim_ccache_free (&ccache); + } else if (!err) { + /* in_client_identity is NULL, get default ccache */ + err = kim_ccache_create_from_default (out_ccache); } - kim_ccache_iterator_free (&iterator); - return check_error (err); } diff --git a/src/kim/lib/kim_ccache_private.h b/src/kim/lib/kim_ccache_private.h index 42f048455..6e1d7a12e 100644 --- a/src/kim/lib/kim_ccache_private.h +++ b/src/kim/lib/kim_ccache_private.h @@ -29,6 +29,11 @@ #include +kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccache, + kim_identity in_client_identity, + kim_options in_options, + kim_string in_password); + kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache, kim_identity in_client_identity, kim_options in_options, diff --git a/src/kim/lib/mac/KerberosLogin.c b/src/kim/lib/mac/KerberosLogin.c index e8d7b577e..47bb14253 100644 --- a/src/kim/lib/mac/KerberosLogin.c +++ b/src/kim/lib/mac/KerberosLogin.c @@ -203,13 +203,9 @@ KLStatus KLAcquireInitialTickets (KLPrincipal inPrincipal, kim_identity identity = NULL; if (!err) { - err = kim_ccache_create_from_client_identity (&ccache, - inPrincipal); - - if (err) { - /* ccache does not already exist, create a new one */ - err = kim_ccache_create_new (&ccache, inPrincipal, inLoginOptions); - } + err = kim_ccache_create_new_if_needed (&ccache, + inPrincipal, + inLoginOptions); } if (!err && outPrincipal) { @@ -285,7 +281,9 @@ KLStatus KLDestroyTickets (KLPrincipal inPrincipal) kim_error err = KIM_NO_ERROR; kim_ccache ccache = NULL; - err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); + if (!err) { + err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); + } if (!err) { err = kim_ccache_destroy (&ccache); @@ -303,9 +301,6 @@ KLStatus KLChangePassword (KLPrincipal inPrincipal) /* ------------------------------------------------------------------------ */ - -/* Kerberos Login dialog low level functions */ - KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal, KLLoginOptions inLoginOptions, const char *inPassword, @@ -315,16 +310,10 @@ KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal, kim_ccache ccache = NULL; if (!err) { - err = kim_ccache_create_from_client_identity (&ccache, - inPrincipal); - - if (err) { - /* ccache does not already exist, create a new one */ - err = kim_ccache_create_new_with_password (&ccache, - inPrincipal, - inLoginOptions, - inPassword); - } + err = kim_ccache_create_new_if_needed_with_password (&ccache, + inPrincipal, + inLoginOptions, + inPassword); } if (!err && outCredCacheName) { @@ -676,11 +665,7 @@ KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal, if (!outFoundValidTickets) { err = kl_check_error (klParameterErr); } if (!err) { - if (inPrincipal) { - err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); - } else { - err = kim_ccache_create_from_default (&ccache); - } + err = kim_ccache_create_from_client_identity (&ccache, inPrincipal); } if (!err) { @@ -689,6 +674,10 @@ KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal, if (!err && outPrincipal) { err = kim_ccache_get_client_identity (ccache, &identity); + if (err) { + err = KIM_NO_ERROR; + identity = NULL; + } } if (!err && outCredCacheName) { -- 2.26.2