svn rev #23403: branches/fast-negotiate/src/ clients/klist/ include/krb5/ lib/krb5/ ...
hartmans@MIT.EDU
hartmans at MIT.EDU
Wed Dec 2 11:15:48 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23403
Commit By: hartmans
Log Message:
ticket: 6206
Integrate Apple APIs for storing configuration parameters in a ccache.
* krb5_cc_get_config: get a config parameter from a ccache
* krb5_cc_set_config: set a configuration parameter in a ccache
* krb5_is_config_principal: should this principal be skipped during ccache iteration
* klist: skip config principals
Changed Files:
U branches/fast-negotiate/src/clients/klist/klist.c
U branches/fast-negotiate/src/include/krb5/krb5.hin
U branches/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c
U branches/fast-negotiate/src/lib/krb5/ccache/ccfns.c
U branches/fast-negotiate/src/lib/krb5/libkrb5.exports
Modified: branches/fast-negotiate/src/clients/klist/klist.c
===================================================================
--- branches/fast-negotiate/src/clients/klist/klist.c 2009-12-02 16:13:48 UTC (rev 23402)
+++ branches/fast-negotiate/src/clients/klist/klist.c 2009-12-02 16:15:48 UTC (rev 23403)
@@ -382,6 +382,8 @@
exit(1);
}
while (!(code = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) {
+ if (krb5_is_config_principal(kcontext, creds.server))
+ continue;
if (status_only) {
if (exit_status && creds.server->length == 2 &&
strcmp(creds.server->realm.data, princ->realm.data) == 0 &&
Modified: branches/fast-negotiate/src/include/krb5/krb5.hin
===================================================================
--- branches/fast-negotiate/src/include/krb5/krb5.hin 2009-12-02 16:13:48 UTC (rev 23402)
+++ branches/fast-negotiate/src/include/krb5/krb5.hin 2009-12-02 16:15:48 UTC (rev 23403)
@@ -1835,6 +1835,20 @@
krb5_error_code KRB5_CALLCONV
krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc);
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_config(krb5_context, krb5_ccache,
+ krb5_const_principal,
+ const char *, krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_config(krb5_context, krb5_ccache,
+ krb5_const_principal,
+ const char *, krb5_data *);
+
+krb5_boolean KRB5_CALLCONV
+krb5_is_config_principal(krb5_context,
+ krb5_const_principal);
+
/* krb5_free.c */
void KRB5_CALLCONV krb5_free_principal(krb5_context, krb5_principal );
void KRB5_CALLCONV krb5_free_authenticator(krb5_context,
Modified: branches/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c
===================================================================
--- branches/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c 2009-12-02 16:13:48 UTC (rev 23402)
+++ branches/fast-negotiate/src/lib/krb5/ccache/ccapi/stdcc.c 2009-12-02 16:15:48 UTC (rev 23403)
@@ -805,7 +805,7 @@
krb5_error_code KRB5_CALLCONV
krb5_stdccv3_remove (krb5_context context,
krb5_ccache id,
- krb5_flags flags,
+ krb5_flags whichfields,
krb5_creds *in_creds)
{
krb5_error_code err = 0;
@@ -836,7 +836,10 @@
credentials->data, &creds);
if (!err) {
- found = krb5_creds_compare (context, in_creds, &creds);
+ found = krb5int_cc_creds_match_request(context,
+ whichfields,
+ in_creds,
+ &creds);
krb5_free_cred_contents (context, &creds);
}
Modified: branches/fast-negotiate/src/lib/krb5/ccache/ccfns.c
===================================================================
--- branches/fast-negotiate/src/lib/krb5/ccache/ccfns.c 2009-12-02 16:13:48 UTC (rev 23402)
+++ branches/fast-negotiate/src/lib/krb5/ccache/ccfns.c 2009-12-02 16:15:48 UTC (rev 23403)
@@ -191,3 +191,161 @@
{
return ccache->ops->unlock(context, ccache);
}
+
+static const char conf_realm[] = "X-CACHECONF:";
+static const char conf_name[] = "krb5_ccache_conf_data";
+
+static krb5_error_code
+build_conf_principals (krb5_context context, krb5_ccache id,
+ krb5_const_principal principal,
+ const char *name, krb5_creds *cred)
+{
+ krb5_principal client;
+ krb5_error_code ret;
+ char *pname = NULL;
+
+ memset(cred, 0, sizeof(*cred));
+
+ ret = krb5_cc_get_principal(context, id, &client);
+ if (ret)
+ return ret;
+
+ if (principal) {
+ ret = krb5_unparse_name(context, principal, &pname);
+ if (ret)
+ return ret;
+ }
+
+ ret = krb5_build_principal(context, &cred->server,
+ sizeof(conf_realm) - 1, conf_realm,
+ conf_name, name, pname, (char *)NULL);
+ free(pname);
+ if (ret) {
+ krb5_free_principal(context, client);
+ return ret;
+ }
+ ret = krb5_copy_principal(context, client, &cred->client);
+ krb5_free_principal(context, client);
+ return ret;
+}
+
+/*!
+ * \param context a Keberos context
+ * \param principal principal to check if it a configuration principal
+ *
+ * \brief Return TRUE (non zero) if the principal is a configuration
+ * principal (generated part of krb5_cc_set_config()). Returns
+ * FALSE (zero) if not a configuration principal.
+ *
+ */
+
+krb5_boolean KRB5_CALLCONV
+krb5_is_config_principal (krb5_context context,
+ krb5_const_principal principal)
+{
+ const krb5_data *realm;
+
+ realm = krb5_princ_realm(context, principal);
+
+ if (realm->length != sizeof(conf_realm) - 1 ||
+ memcmp(realm->data, conf_realm, sizeof(conf_realm) - 1) != 0)
+ return FALSE;
+
+ if (principal->length == 0 ||
+ principal->data[0].length != (sizeof(conf_name) - 1) ||
+ memcmp(principal->data[0].data, conf_name, sizeof(conf_name) - 1) != 0)
+ return FALSE;
+
+ return TRUE;
+}
+
+/*!
+ * \param context a Keberos context
+ * \param id the credential cache to store the data for
+ * \param principal configuration for a specific principal, if
+ * NULL, global for the whole cache.
+ * \param key name under which the configuraion is stored.
+ * \param data data to store
+ *
+ * \brief Store some configuration for the credential cache in the
+ * cache. Existing configuration under the same key is
+ * over-written.
+ *
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_config (krb5_context context, krb5_ccache id,
+ krb5_const_principal principal,
+ const char *key, krb5_data *data)
+{
+ krb5_error_code ret;
+ krb5_creds cred;
+
+ ret = build_conf_principals(context, id, principal, key, &cred);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_remove_cred(context, id, 0, &cred);
+ if (ret && ret != KRB5_CC_NOTFOUND)
+ goto out;
+
+ cred.ticket.data = malloc(data->length);
+ if (cred.ticket.data == NULL) {
+ krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ return ENOMEM;
+ }
+ cred.ticket.length = data->length;
+ memcpy(cred.ticket.data, data->data, data->length);
+
+ ret = krb5_cc_store_cred(context, id, &cred);
+
+out:
+ krb5_free_cred_contents(context, &cred);
+ return ret;
+}
+
+/*!
+ * \param context a Keberos context
+ * \param id the credential cache to store the data for
+ * \param principal configuration for a specific principal, if
+ * NULL, global for the whole cache.
+ * \param key name under which the configuraion is stored.
+ * \param data data to fetched, free with krb5_data_free()
+ *
+ * \brief Get some configuration for the credential cache in the cache.
+ */
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_config (krb5_context context, krb5_ccache id,
+ krb5_const_principal principal,
+ const char *key, krb5_data *data)
+{
+ krb5_creds mcred, cred;
+ krb5_error_code ret;
+
+ memset(&cred, 0, sizeof(cred));
+ memset(data, 0, sizeof(*data));
+
+ ret = build_conf_principals(context, id, principal, key, &mcred);
+ if (ret)
+ goto out;
+
+ ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
+ if (ret)
+ goto out;
+
+ data->data = malloc(cred.ticket.length);
+ if (data->data == NULL) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ goto out;
+ }
+ data->length = cred.ticket.length;
+ memcpy(data->data, cred.ticket.data, data->length);
+
+out:
+ krb5_free_cred_contents(context, &cred);
+ krb5_free_cred_contents(context, &mcred);
+ return ret;
+}
Modified: branches/fast-negotiate/src/lib/krb5/libkrb5.exports
===================================================================
--- branches/fast-negotiate/src/lib/krb5/libkrb5.exports 2009-12-02 16:13:48 UTC (rev 23402)
+++ branches/fast-negotiate/src/lib/krb5/libkrb5.exports 2009-12-02 16:15:48 UTC (rev 23403)
@@ -171,6 +171,7 @@
krb5_cc_end_seq_get
krb5_cc_file_ops
krb5_cc_gen_new
+krb5_cc_get_config
krb5_cc_get_name
krb5_cc_get_principal
krb5_cc_get_type
@@ -182,6 +183,7 @@
krb5_cc_resolve
krb5_cc_retrieve_cred
krb5_cc_retrieve_cred_default
+krb5_cc_set_config
krb5_cc_set_default_name
krb5_cc_set_flags
krb5_cc_start_seq_get
@@ -371,6 +373,7 @@
krb5_init_keyblock
krb5_init_secure_context
krb5_internalize_opaque
+krb5_is_config_principal
krb5_is_permitted_enctype
krb5_is_referral_realm
krb5_is_thread_safe
More information about the cvs-krb5
mailing list