Using KfM's credentials cache with Krb5 1.3 on OS X 10.2.6
chas williams
chas at cmf.nrl.navy.mil
Thu Jul 24 14:24:08 EDT 2003
its not perfect, but this is what i have been using (it tooks a bit to
port to the 1.3 build, i was using 1.2). USE_CCAPI should probably
get globally defined but that enables too much code (i think). also,
logins from remote users wont use the ccapi (since telnetd et al choose
to use FILE:) but i imagine you could make it use a name like API:p<pid>
easily enough.
i also have a couple changes in there that fix --enable-shared.
diff -u -r krb5-1.3.orig/src/config/shlib.conf krb5-1.3/src/config/shlib.conf
--- krb5-1.3.orig/src/config/shlib.conf Mon Mar 3 02:09:45 2003
+++ krb5-1.3/src/config/shlib.conf Thu Jul 24 13:56:10 2003
@@ -212,7 +212,8 @@
SHLIBSEXT='.$(LIBMAJOR).dylib'
SHLIB_EXPFLAGS='$(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
SHLIBEXT=.dylib
- LDCOMBINE='$(CC) -undefined warning -dynamiclib -compatibility_version $(LIBMAJOR) -current_version $(LIBMAJOR).$(LIBMINOR) -install_name "$(KRB5_LIBDIR)/lib$(LIB)$(SHLIBVEXT)" $(CFLAGS) $(LDFLAGS)'
+ LDCOMBINE='libtool -dynamic -undefined error -compatibility_version $(LIBMAJOR) -current_version $(LIBMAJOR).$(LIBMINOR) -install_name "$(KRB5_LIBDIR)/lib$(LIB)$(SHLIBVEXT)" $(SHLIB_EXPDEPS)'
+ LDCOMBINE_TAIL='-lcc_dynamic -lSystem'
CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) -dynamic $(CFLAGS) $(LDFLAGS)'
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
RUN_ENV='DYLD_LIBRARY_PATH=`echo $(PROG_LIBPATH) | sed -e "s/-L//g" -e "s/ /:/g"`; export DYLD_LIBRARY_PATH;'
diff -u -r krb5-1.3.orig/src/lib/crypto/Makefile.in krb5-1.3/src/lib/crypto/Makefile.in
--- krb5-1.3.orig/src/lib/crypto/Makefile.in Mon Jun 9 17:57:20 2003
+++ krb5-1.3/src/lib/crypto/Makefile.in Thu Jul 24 13:56:54 2003
@@ -154,6 +154,7 @@
SHLIB_LIBS=
SHLIB_LDFLAGS= $(LDFLAGS) @SHLIB_RPATH_DIRS@
SHLIB_LIBDIRS= @SHLIB_LIBDIRS@
+SHLIB_EXPDEPS = $(COM_ERR_DEPLIB)
##DOS##LIBOBJS = $(OBJS)
diff -u -r krb5-1.3.orig/src/lib/krb5/Makefile.in krb5-1.3/src/lib/krb5/Makefile.in
--- krb5-1.3.orig/src/lib/krb5/Makefile.in Mon Jun 9 17:57:34 2003
+++ krb5-1.3/src/lib/krb5/Makefile.in Wed Jul 23 22:40:37 2003
@@ -24,6 +24,7 @@
error_tables/OBJS.ST \
asn.1/OBJS.ST \
ccache/OBJS.ST \
+ ccache/ccapi/OBJS.ST \
keytab/OBJS.ST \
krb/OBJS.ST \
rcache/OBJS.ST \
@@ -35,6 +36,7 @@
error_tables/OBJS.ST \
asn.1/OBJS.ST \
ccache/OBJS.ST \
+ ccache/ccapi/OBJS.ST \
keytab/OBJS.ST \
krb/OBJS.ST \
rcache/OBJS.ST \
diff -u -r krb5-1.3.orig/src/lib/krb5/ccache/Makefile.in krb5-1.3/src/lib/krb5/ccache/Makefile.in
--- krb5-1.3.orig/src/lib/krb5/ccache/Makefile.in Mon Jun 9 17:57:35 2003
+++ krb5-1.3/src/lib/krb5/ccache/Makefile.in Thu Jul 24 12:03:29 2003
@@ -2,13 +2,14 @@
myfulldir=lib/krb5/ccache
mydir=ccache
BUILDTOP=$(REL)..$(S)..$(S)..
-LOCAL_SUBDIRS =
+LOCAL_SUBDIRS = ccapi
+DEFINES=-DUSE_CCAPI
RUN_SETUP = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-LOCALINCLUDES = -I$(srcdir)$(S)ccapi $(WIN_INCLUDES)
+LOCALINCLUDES = -I$(srcdir)$(S)ccapi $(WIN_INCLUDES) -I/System/Library/Frameworks/Kerberos.framework/Headers
##DOS##WIN_INCLUDES = -I$(SRCTOP)\windows\lib
diff -u -r krb5-1.3.orig/src/lib/krb5/ccache/ccapi/Makefile.in krb5-1.3/src/lib/krb5/ccache/ccapi/Makefile.in
--- krb5-1.3.orig/src/lib/krb5/ccache/ccapi/Makefile.in Thu Aug 29 05:10:22 2002
+++ krb5-1.3/src/lib/krb5/ccache/ccapi/Makefile.in Thu Jul 24 12:03:16 2003
@@ -2,7 +2,8 @@
myfulldir=lib/krb5/ccache/ccapi
mydir=ccache/ccapi
BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
-LOCALINCLUDES = $(WIN_INCLUDES)
+LOCALINCLUDES = $(WIN_INCLUDES) -I/System/Library/Frameworks/Kerberos.framework/Headers
+DEFINES=-DUSE_CCAPI
##DOS##WIN_INCLUDES = -I$(SRCTOP)\windows\lib
@@ -23,4 +24,7 @@
##DOS##LIBOBJS = $(OBJS)
all-unix:: all-libobjs
+
clean-unix:: clean-libobjs
+
+# @libobj_frag@
diff -u -r krb5-1.3.orig/src/lib/krb5/ccache/ccapi/ccapi_glue.c krb5-1.3/src/lib/krb5/ccache/ccapi/ccapi_glue.c
--- krb5-1.3.orig/src/lib/krb5/ccache/ccapi/ccapi_glue.c Thu Jul 24 14:22:29 2003
+++ krb5-1.3/src/lib/krb5/ccache/ccapi/ccapi_glue.c Thu Jul 24 14:21:42 2003
@@ -0,0 +1,305 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+#include <sys/param.h>
+#include <mach-o/dyld.h>
+
+static void *
+__loadKerberos(void) {
+ static const void *image = NULL;
+ if (NULL == image) {
+ const char *framework = "/System/Library/Frameworks/Kerberos.framework/Kerberos";
+ struct stat statbuf;
+ const char *suffix = getenv("DYLD_IMAGE_SUFFIX");
+ char path[MAXPATHLEN];
+
+ strcpy(path, framework);
+ if (suffix) strcat(path, suffix);
+ if (0 <= stat(path, &statbuf))
+ image = NSAddImage(path, NSADDIMAGE_OPTION_NONE);
+ else
+ image = NSAddImage(framework, NSADDIMAGE_OPTION_NONE);
+ }
+ return (void *)image;
+}
+
+cc_int32 _cc_initialize (
+ cc_context_t* outContext,
+ cc_int32 inVersion,
+ cc_int32* outSupportedVersion,
+ char const** outVendor)
+{
+ static cc_int32 (*dyfunc)(
+ cc_context_t* outContext,
+ cc_int32 inVersion,
+ cc_int32* outSupportedVersion,
+ char const** outVendor) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_initialize", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(outContext, inVersion, outSupportedVersion, outVendor) : CC_NOT_SUPP;
+}
+#define cc_initialize _cc_initialize
+
+cc_int32 _cc_shutdown (
+ apiCB** ioContext)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB** ioContext) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_shutdown", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(ioContext) : CC_NOT_SUPP;
+}
+#define cc_shutdown _cc_shutdown
+
+cc_int32 _cc_get_change_time (
+ apiCB* inContext,
+ cc_time_t* outTime)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ cc_time_t* outTime) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_get_change_time", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, outTime) : CC_NOT_SUPP;
+}
+#define cc_get_change_time _cc_get_change_time
+
+cc_int32 _cc_open (
+ apiCB* inContext,
+ const char* inName,
+ cc_int32 inVersion,
+ cc_uint32 inFlags,
+ ccache_p** outCCache)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ const char* inName,
+ cc_int32 inVersion,
+ cc_uint32 inFlags,
+ ccache_p** outCCache) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_open", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, inName, inVersion, inFlags, outCCache) : CC_NOT_SUPP;
+}
+#define cc_open _cc_open
+
+cc_int32 _cc_create (
+ apiCB* inContext,
+ const char* inName,
+ const char* inPrincipal,
+ cc_int32 inVersion,
+ cc_uint32 inFlags,
+ ccache_p** outCCache)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ const char* inName,
+ const char* inPrincipal,
+ cc_int32 inVersion,
+ cc_uint32 inFlags,
+ ccache_p** outCCache) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_create", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, inName, inPrincipal, inVersion, inFlags, outCCache) : CC_NOT_SUPP;
+}
+#define cc_create _cc_create
+
+cc_int32 _cc_close (
+ apiCB* inContext,
+ ccache_p** ioCCache)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ ccache_p** ioCCache) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_close", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, ioCCache) : CC_NOT_SUPP;
+}
+#define cc_close _cc_close
+
+cc_int32 _cc_destroy (
+ apiCB* inContext,
+ ccache_p** ioCCache)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ ccache_p** ioCCache) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_destroy", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, ioCCache) : CC_NOT_SUPP;
+}
+#define cc_destroy _cc_destroy
+
+cc_int32 _cc_get_principal (
+ apiCB* inContext,
+ ccache_p* inCCache,
+ char** outPrincipal)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ ccache_p* inCCache,
+ char** outPrincipal) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_get_principal", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, inCCache, outPrincipal) : CC_NOT_SUPP;
+}
+#define cc_get_principal _cc_get_principal
+
+cc_int32 _cc_store (
+ apiCB* inContext,
+ ccache_p* inCCache,
+ cred_union inCredentials)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ ccache_p* inCCache,
+ cred_union inCredentials) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_store", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, inCCache, inCredentials) : CC_NOT_SUPP;
+}
+#define cc_store _cc_store
+
+cc_int32 _cc_remove_cred (
+ apiCB* inContext,
+ ccache_p* inCCache,
+ cred_union inCredentials)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ ccache_p* inCCache,
+ cred_union inCredentials) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_remove_cred", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, inCCache, inCredentials) : CC_NOT_SUPP;
+}
+#define cc_remove_cred _cc_remove_cred
+
+cc_int32 _cc_seq_fetch_creds_begin (
+ apiCB* inContext,
+ const ccache_p* inCCache,
+ ccache_cit** outIterator)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ const ccache_p* inCCache,
+ ccache_cit** outIterator) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_seq_fetch_creds_begin", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, inCCache, outIterator) : CC_NOT_SUPP;
+}
+#define cc_seq_fetch_creds_begin _cc_seq_fetch_creds_begin
+
+cc_int32 _cc_seq_fetch_creds_next (
+ apiCB* inContext,
+ cred_union** outCreds,
+ ccache_cit* inIterator)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ cred_union** outCreds,
+ ccache_cit* inIterator) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_seq_fetch_creds_next", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, outCreds, inIterator) : CC_NOT_SUPP;
+}
+#define cc_seq_fetch_creds_next _cc_seq_fetch_creds_next
+
+cc_int32 _cc_seq_fetch_creds_end (
+ apiCB* inContext,
+ ccache_cit** ioIterator)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ ccache_cit** ioIterator) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_seq_fetch_creds_end", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, ioIterator) : CC_NOT_SUPP;
+}
+#define cc_seq_fetch_creds_end _cc_seq_fetch_creds_end
+
+cc_int32 _cc_free_principal (
+ apiCB* inContext,
+ char** ioPrincipal)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ char** ioPrincipal) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_free_principal", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, ioPrincipal) : CC_NOT_SUPP;
+}
+#define cc_free_principal _cc_free_principal
+
+cc_int32 _cc_free_creds (
+ apiCB* inContext,
+ cred_union** creds)
+{
+ static cc_int32 (*dyfunc)(
+ apiCB* inContext,
+ cred_union** creds) = NULL;
+
+ if (!dyfunc) {
+ void *image = __loadKerberos();
+ if (image) dyfunc = NSAddressOfSymbol(NSLookupSymbolInImage(image, "_cc_free_creds", NSLOOKUPSYMBOLINIMAGE_OPTION_BIND));
+ }
+
+ return dyfunc ? dyfunc(inContext, creds) : CC_NOT_SUPP;
+}
+#define cc_free_creds _cc_free_creds
diff -u -r krb5-1.3.orig/src/lib/krb5/ccache/ccapi/stdcc.c krb5-1.3/src/lib/krb5/ccache/ccapi/stdcc.c
--- krb5-1.3.orig/src/lib/krb5/ccache/ccapi/stdcc.c Thu Jun 20 19:03:25 2002
+++ krb5-1.3/src/lib/krb5/ccache/ccapi/stdcc.c Wed Jul 23 22:24:48 2003
@@ -35,6 +35,8 @@
#include "k5-int.h"
#include <stdio.h>
+#include "ccapi_glue.c"
+
apiCB *gCntrlBlock = NULL;
#if defined(_WIN32)
diff -u -r krb5-1.3.orig/src/lib/krb5/configure.in krb5-1.3/src/lib/krb5/configure.in
--- krb5-1.3.orig/src/lib/krb5/configure.in Tue Feb 4 22:57:22 2003
+++ krb5-1.3/src/lib/krb5/configure.in Wed Jul 23 22:12:41 2003
@@ -24,4 +24,4 @@
KRB5_BUILD_PROGRAM
KRB5_RUN_FLAGS
dnl
-V5_AC_OUTPUT_MAKEFILE(. error_tables asn.1 ccache keytab krb rcache os posix)
+V5_AC_OUTPUT_MAKEFILE(. error_tables asn.1 ccache ccache/ccapi keytab krb rcache os posix)
diff -u -r krb5-1.3.orig/src/lib/krb5/krb/init_ctx.c krb5-1.3/src/lib/krb5/krb/init_ctx.c
--- krb5-1.3.orig/src/lib/krb5/krb/init_ctx.c Thu Jun 5 21:26:53 2003
+++ krb5-1.3/src/lib/krb5/krb/init_ctx.c Thu Jul 24 13:14:16 2003
@@ -107,6 +107,7 @@
} seed_data;
krb5_data seed;
int tmp;
+ extern krb5_cc_ops krb5_fcc_ops;
/* Initialize error tables */
krb5_init_ets(ctx);
@@ -139,6 +140,8 @@
ctx->magic = KV5M_CONTEXT;
ctx->profile_secure = secure;
+
+ krb5_cc_register(ctx, &krb5_fcc_ops, 0);
/* Set the default encryption types, possible defined in krb5/conf */
if ((retval = krb5_set_default_in_tkt_ktypes(ctx, NULL)))
diff -u -r krb5-1.3.orig/src/lib/krb5/os/Makefile.in krb5-1.3/src/lib/krb5/os/Makefile.in
--- krb5-1.3.orig/src/lib/krb5/os/Makefile.in Mon Jun 9 17:57:38 2003
+++ krb5-1.3/src/lib/krb5/os/Makefile.in Thu Jul 24 13:09:17 2003
@@ -5,6 +5,8 @@
KRB5_RUN_ENV = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
+LOCALINCLUDES = -I/System/Library/Frameworks/Kerberos.framework/Headers
+DEFINES=-DUSE_CCAPI
##DOS##BUILDTOP = ..\..\..
##DOS##PREFIXDIR=os
diff -u -r krb5-1.3.orig/src/lib/krb5/os/ccdefname.c krb5-1.3/src/lib/krb5/os/ccdefname.c
--- krb5-1.3.orig/src/lib/krb5/os/ccdefname.c Thu Mar 6 16:16:36 2003
+++ krb5-1.3/src/lib/krb5/os/ccdefname.c Thu Jul 24 13:12:08 2003
@@ -33,6 +33,7 @@
#if defined(USE_CCAPI)
#include <CredentialsCache.h>
+#define cc_initialize _cc_initialize
#endif
#if defined(_WIN32)
More information about the krbdev
mailing list