svn rev #23413: branches/fast-negotiate/src/ include/ include/krb5/ lib/krb5/ ...
hartmans@MIT.EDU
hartmans at MIT.EDU
Wed Dec 2 11:16:22 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23413
Commit By: hartmans
Log Message:
Add
krb5_get_init_creds_opt_{set_fast_flags|get_fast_flags|set_out_ccache}
Changed Files:
U branches/fast-negotiate/src/include/k5-int.h
U branches/fast-negotiate/src/include/krb5/krb5.hin
U branches/fast-negotiate/src/lib/krb5/krb/gic_opt.c
U branches/fast-negotiate/src/lib/krb5/libkrb5.exports
Modified: branches/fast-negotiate/src/include/k5-int.h
===================================================================
--- branches/fast-negotiate/src/include/k5-int.h 2009-12-02 16:16:19 UTC (rev 23412)
+++ branches/fast-negotiate/src/include/k5-int.h 2009-12-02 16:16:22 UTC (rev 23413)
@@ -1185,6 +1185,8 @@
int num_preauth_data;
krb5_gic_opt_pa_data *preauth_data;
char * fast_ccache_name;
+ krb5_ccache out_ccache;
+ krb5_flags fast_flags;
} krb5_gic_opt_private;
/*
Modified: branches/fast-negotiate/src/include/krb5/krb5.hin
===================================================================
--- branches/fast-negotiate/src/include/krb5/krb5.hin 2009-12-02 16:16:19 UTC (rev 23412)
+++ branches/fast-negotiate/src/include/krb5/krb5.hin 2009-12-02 16:16:22 UTC (rev 23413)
@@ -2273,16 +2273,35 @@
krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context,
+/**This API sets a ccache name that will contain some TGT on calls to
+ get_init_creds functions. If set, this ccache will be used for FAST
+ (draft-ietf-krb-wg-preauth-framework) to protect the AS-REQ from
+ observation and active attack. If the fast_ccache_name is set, then FAST
+ may be required by the client library. In this and future versions, FAST
+ will be used if available; krb5_get_init_creds_opt_set_fast_flags() may be
+ used to require that the request fail is FAST is unavailable. In MIT
+ Kerberos 1.7 setting the fast ccache at all required that FAST be present
+ or the request would fail.*/
krb5_get_init_creds_opt *opt,
const char *fast_ccache_name);
-/* This API sets a ccache name that will contain some TGT on
- calls to get_init_creds functions. If set, this ccache will
- be used for FAST (draft-ietf-krb-wg-preauth-framework) to
- protect the AS-REQ from observation and active attack. If
- the fast_ccache_name is set, then FAST may be required by the
- client library. In this version FAST is required.*/
+/**Set a ccache where resulting credentials will be stored. If set, then the
+ * krb5_get_init_creds family of APIs will write out credentials to the given
+ * ccache. Setting an output ccache is desirable both because it simplifies
+ * calling code and because it permits the krb5_get_init_creds APIs to write
+ * out configuration information about the realm to the ccache.
+ */
krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_out_ccache
+(krb5_context context, krb5_get_init_creds_opt *opt, krb5_ccache ccache);
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_flags
+(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags flags);
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_fast_flags
+(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags *out_flags);
+
+krb5_error_code KRB5_CALLCONV
krb5_get_init_creds_password(krb5_context context, krb5_creds *creds,
krb5_principal client, char *password,
krb5_prompter_fct prompter, void *data,
Modified: branches/fast-negotiate/src/lib/krb5/krb/gic_opt.c
===================================================================
--- branches/fast-negotiate/src/lib/krb5/krb/gic_opt.c 2009-12-02 16:16:19 UTC (rev 23412)
+++ branches/fast-negotiate/src/lib/krb5/krb/gic_opt.c 2009-12-02 16:16:22 UTC (rev 23413)
@@ -149,6 +149,8 @@
free_gic_opt_ext_preauth_data(context, opte);
if (opte->opt_private->fast_ccache_name)
free(opte->opt_private->fast_ccache_name);
+ if (opte->opt_private->out_ccache)
+ krb5_cc_close(context, opte->opt_private->out_ccache);
free(opte->opt_private);
opte->opt_private = NULL;
return 0;
@@ -486,3 +488,56 @@
retval = ENOMEM;
return retval;
}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_out_ccache
+(krb5_context context, krb5_get_init_creds_opt *opt, krb5_ccache ccache)
+{
+ krb5_error_code retval = 0;
+ krb5_gic_opt_ext *opte;
+
+ retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_out_ccache");
+ if (retval)
+ return retval;
+ if (opte->opt_private->out_ccache) {
+ krb5_cc_close(context, opte->opt_private->out_ccache);
+ opte->opt_private->out_ccache = NULL;
+ }
+ retval = krb5_cc_resolve(context, krb5_cc_get_name(context, ccache),
+ &opte->opt_private->out_ccache);
+ return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_flags
+(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags flags)
+{
+ krb5_error_code retval = 0;
+ krb5_gic_opt_ext *opte;
+
+ retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_set_fast_flags");
+ if (retval)
+ return retval;
+ opte->opt_private->fast_flags = flags;
+ return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_fast_flags
+(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags *out_flags)
+{
+ krb5_error_code retval = 0;
+ krb5_gic_opt_ext *opte;
+ if (out_flags == NULL)
+ return EINVAL;
+ *out_flags = 0;
+ retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
+ "krb5_get_init_creds_opt_get_fast_flags");
+ if (retval)
+ return retval;
+ *out_flags = opte->opt_private->fast_flags;
+ return retval;
+}
+
Modified: branches/fast-negotiate/src/lib/krb5/libkrb5.exports
===================================================================
--- branches/fast-negotiate/src/lib/krb5/libkrb5.exports 2009-12-02 16:16:19 UTC (rev 23412)
+++ branches/fast-negotiate/src/lib/krb5/libkrb5.exports 2009-12-02 16:16:22 UTC (rev 23413)
@@ -333,6 +333,7 @@
krb5_get_init_creds_opt_alloc
krb5_get_init_creds_opt_free
krb5_get_init_creds_opt_free_pa
+krb5_get_init_creds_opt_get_fast_flags
krb5_get_init_creds_opt_get_pa
krb5_get_init_creds_opt_init
krb5_get_init_creds_opt_set_address_list
@@ -340,7 +341,9 @@
krb5_get_init_creds_opt_set_change_password_prompt
krb5_get_init_creds_opt_set_etype_list
krb5_get_init_creds_opt_set_fast_ccache_name
+krb5_get_init_creds_opt_set_fast_flags
krb5_get_init_creds_opt_set_forwardable
+krb5_get_init_creds_opt_set_out_ccache
krb5_get_init_creds_opt_set_pa
krb5_get_init_creds_opt_set_preauth_list
krb5_get_init_creds_opt_set_proxiable
More information about the cvs-krb5
mailing list