krb5 commit: Add krb5_cccol_have_content API
Greg Hudson
ghudson at MIT.EDU
Fri Jun 15 00:16:01 EDT 2012
https://github.com/krb5/krb5/commit/85afc74759792cfd3ed53daa7f42bce11ca4c536
commit 85afc74759792cfd3ed53daa7f42bce11ca4c536
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jun 14 13:53:09 2012 -0400
Add krb5_cccol_have_content API
Add a new API to determine whether any krb5 credentials are available
in the ccache collection. Add tests to t_cccol.py.
ticket: 7173 (new)
doc/rst_source/krb_appldev/refs/api/index.rst | 1 +
src/include/krb5/krb5.hin | 11 ++++++++
src/lib/krb5/ccache/cccursor.c | 35 +++++++++++++++++++++++++
src/lib/krb5/ccache/t_cccol.py | 7 +++++
src/lib/krb5/ccache/t_cccursor.c | 9 +++++-
src/lib/krb5/libkrb5.exports | 1 +
src/lib/krb5_32.def | 1 +
7 files changed, 63 insertions(+), 2 deletions(-)
diff --git a/doc/rst_source/krb_appldev/refs/api/index.rst b/doc/rst_source/krb_appldev/refs/api/index.rst
index 67e32cf..c61f2a0 100644
--- a/doc/rst_source/krb_appldev/refs/api/index.rst
+++ b/doc/rst_source/krb_appldev/refs/api/index.rst
@@ -160,6 +160,7 @@ Rarely used public interfaces
krb5_cccol_cursor_free.rst
krb5_cccol_cursor_new.rst
krb5_cccol_cursor_next.rst
+ krb5_cccol_have_content.rst
krb5_cccol_last_change_time.rst
krb5_cccol_lock.rst
krb5_cccol_unlock.rst
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index ca5ccbd..67d67e2 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -2632,6 +2632,17 @@ krb5_error_code KRB5_CALLCONV
krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor);
/**
+ * Check if the credential cache collection contains any credentials.
+ *
+ * @param [in] context Library context
+ *
+ * @retval 0 Credentials are available in the collection
+ * @retval KRB5_CC_NOTFOUND The collection contains no credentials
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_have_content(krb5_context context);
+
+/**
* Return a timestamp of the last modification of any known credential cache.
*
* @param [in] context Library context
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
index 9f366ce..2b1893a 100644
--- a/src/lib/krb5/ccache/cccursor.c
+++ b/src/lib/krb5/ccache/cccursor.c
@@ -218,3 +218,38 @@ krb5_cc_cache_match(krb5_context context, krb5_principal client,
*cache_out = cache;
return ret;
}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_have_content(krb5_context context)
+{
+ krb5_cccol_cursor col_cursor;
+ krb5_cc_cursor cache_cursor;
+ krb5_ccache cache;
+ krb5_creds creds;
+ krb5_boolean found = FALSE;
+
+ if (krb5_cccol_cursor_new(context, &col_cursor))
+ goto no_entries;
+
+ while (!found && !krb5_cccol_cursor_next(context, col_cursor, &cache) &&
+ cache != NULL) {
+ if (krb5_cc_start_seq_get(context, cache, &cache_cursor))
+ continue;
+ while (!found &&
+ !krb5_cc_next_cred(context, cache, &cache_cursor, &creds)) {
+ if (!krb5_is_config_principal(context, creds.client))
+ found = TRUE;
+ krb5_free_cred_contents(context, &creds);
+ }
+ krb5_cc_end_seq_get(context, cache, &cache_cursor);
+ krb5_cc_close(context, cache);
+ }
+ krb5_cccol_cursor_free(context, &col_cursor);
+ if (found)
+ return 0;
+
+no_entries:
+ krb5_set_error_message(context, KRB5_CC_NOTFOUND,
+ _("No Kerberos credentials available"));
+ return KRB5_CC_NOTFOUND;
+}
diff --git a/src/lib/krb5/ccache/t_cccol.py b/src/lib/krb5/ccache/t_cccol.py
index 4c4d239..2b2c845 100644
--- a/src/lib/krb5/ccache/t_cccol.py
+++ b/src/lib/krb5/ccache/t_cccol.py
@@ -37,8 +37,15 @@ mbar = 'MEMORY:bar'
cursor_test('filemem', [fccname, mfoo, mbar], [fccname, mfoo, mbar])
cursor_test('dirmem', [dccname, mfoo], [duser, dalice, dbob, mfoo])
+# Test krb5_cccol_have_content.
+realm.run_as_client(['./t_cccursor', dccname, 'CONTENT'])
+realm.run_as_client(['./t_cccursor', fccname, 'CONTENT'])
+realm.run_as_client(['./t_cccursor', realm.ccache, 'CONTENT'])
+realm.run_as_client(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1)
+
# Make sure FILE doesn't yield a nonexistent default cache.
realm.run_as_client([kdestroy])
cursor_test('noexist', [], [])
+realm.run_as_client(['./t_cccursor', fccname, 'CONTENT'], expected_code=1)
success('Renewing credentials')
diff --git a/src/lib/krb5/ccache/t_cccursor.c b/src/lib/krb5/ccache/t_cccursor.c
index a0c7586..dc5fa5b 100644
--- a/src/lib/krb5/ccache/t_cccursor.c
+++ b/src/lib/krb5/ccache/t_cccursor.c
@@ -28,7 +28,9 @@
* Displays a list of caches returned by the cccol cursor. The first argument,
* if given, is set to the default cache name for the context before iterating.
* Any remaining argments are resolved as caches and kept open during the
- * iteration.
+ * iteration. If the argument "CONTENT" is given as one of the cache names,
+ * immediately exit with status 0 if the collection contains credentials and 1
+ * if it does not.
*/
#include "k5-int.h"
@@ -48,8 +50,11 @@ main(int argc, char **argv)
if (argc > 2) {
assert(argc < 60);
- for (i = 2; i < argc; i++)
+ for (i = 2; i < argc; i++) {
+ if (strcmp(argv[i], "CONTENT") == 0)
+ return (krb5_cccol_have_content(ctx) != 0);
assert(krb5_cc_resolve(ctx, argv[i], &hold[i - 2]) == 0);
+ }
}
assert(krb5_cccol_cursor_new(ctx, &cursor) == 0);
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 53b5082..0af5150 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -212,6 +212,7 @@ krb5_cc_switch
krb5_cccol_cursor_free
krb5_cccol_cursor_new
krb5_cccol_cursor_next
+krb5_cccol_have_content
krb5_change_cache
krb5_change_password
krb5_check_clockskew
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
index 54fd081..08653ed 100644
--- a/src/lib/krb5_32.def
+++ b/src/lib/krb5_32.def
@@ -428,3 +428,4 @@ EXPORTS
; new in 1.11 (note that 399-400 are used above)
krb5_chpw_message @398
krb5_kt_have_content @401
+ krb5_cccol_have_content @402
More information about the cvs-krb5
mailing list