summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/kim/kim_ccache.h45
-rw-r--r--src/kim/lib/kim_ccache.c99
-rw-r--r--src/kim/lib/kim_ccache_private.h5
-rw-r--r--src/kim/lib/mac/KerberosLogin.c41
4 files changed, 105 insertions, 85 deletions
diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h
index d18a5aae4e..709c698142 100644
--- a/src/include/kim/kim_ccache.h
+++ b/src/include/kim/kim_ccache.h
@@ -307,8 +307,8 @@ void kim_ccache_iterator_free (kim_ccache_iterator *io_ccache_iterator);
* \brief Acquire a new initial credential and store it in a ccache.
*/
kim_error kim_ccache_create_new (kim_ccache *out_ccache,
- kim_identity in_client_identity,
- kim_options in_options);
+ kim_identity in_client_identity,
+ kim_options in_options);
/*!
* \param out_ccache on exit, a ccache object for a ccache containing a newly acquired
@@ -322,18 +322,21 @@ kim_error kim_ccache_create_new (kim_ccache *out_ccache,
* unavailable, acquire and store a new initial credential.
*/
kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache,
- kim_identity in_client_identity,
- kim_options in_options);
+ kim_identity in_client_identity,
+ kim_options in_options);
/*!
* \param out_ccache on exit, a ccache object for a ccache containing a TGT
* credential. Must be freed with kim_ccache_free().
- * \param in_client_identity a client identity to obtain a credential for.
+ * \param in_client_identity a client identity to find a ccache for. If
+ * \a in_client_identity is #KIM_IDENTITY_ANY, this
+ * function returns the default ccache
+ * (ie: is equivalent to #kim_ccache_create_from_default()).
* \return On success, #KIM_NO_ERROR. On failure, an error code representing the failure.
* \brief Find a ccache for a client identity in the cache collection.
*/
kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache,
- kim_identity in_client_identity);
+ kim_identity in_client_identity);
/*!
* \param out_ccache on exit, a new ccache object containing an initial credential
@@ -347,9 +350,9 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache,
* \brief Acquire a new initial credential from a keytab and store it in a ccache.
*/
kim_error kim_ccache_create_from_keytab (kim_ccache *out_ccache,
- kim_identity in_identity,
- kim_options in_options,
- kim_string in_keytab);
+ kim_identity in_identity,
+ kim_options in_options,
+ kim_string in_keytab);
/*!
* \param out_ccache on exit, a ccache object for the default ccache.
@@ -381,8 +384,8 @@ kim_error kim_ccache_create_from_display_name (kim_ccache *out_ccache,
* \brief Get a ccache for a ccache type and name.
*/
kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache,
- kim_string in_type,
- kim_string in_name);
+ kim_string in_type,
+ kim_string in_name);
/*!
* \param out_ccache on exit, a new ccache object which is a copy of in_krb5_ccache.
@@ -393,8 +396,8 @@ kim_error kim_ccache_create_from_type_and_name (kim_ccache *out_ccache,
* \brief Get a ccache for a krb5 ccache.
*/
kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache,
- krb5_context in_krb5_context,
- krb5_ccache in_krb5_ccache);
+ krb5_context in_krb5_context,
+ krb5_ccache in_krb5_ccache);
/*!
* \param out_ccache on exit, the new ccache object which is a copy of in_ccache.
@@ -404,7 +407,7 @@ kim_error kim_ccache_create_from_krb5_ccache (kim_ccache *out_ccache,
* \brief Copy a ccache.
*/
kim_error kim_ccache_copy (kim_ccache *out_ccache,
- kim_ccache in_ccache);
+ kim_ccache in_ccache);
/*!
* \param in_ccache a ccache object.
@@ -438,7 +441,7 @@ kim_error kim_ccache_get_krb5_ccache (kim_ccache in_ccache,
* \brief Get the name of a ccache.
*/
kim_error kim_ccache_get_name (kim_ccache in_ccache,
- kim_string *out_name);
+ kim_string *out_name);
/*!
* \param in_ccache a ccache object.
@@ -447,7 +450,7 @@ kim_error kim_ccache_get_name (kim_ccache in_ccache,
* \brief Get the type of a ccache.
*/
kim_error kim_ccache_get_type (kim_ccache in_ccache,
- kim_string *out_type);
+ kim_string *out_type);
/*!
* \param in_ccache a ccache object.
@@ -563,9 +566,9 @@ kim_error kim_ccache_set_default (kim_ccache io_ccache);
* \brief Verify the TGT in a ccache.
*/
kim_error kim_ccache_verify (kim_ccache in_ccache,
- kim_identity in_service_identity,
- kim_string in_keytab,
- kim_boolean in_fail_if_no_service_key);
+ kim_identity in_service_identity,
+ kim_string in_keytab,
+ kim_boolean in_fail_if_no_service_key);
/*!
* \param in_ccache a ccache object containing a TGT to be renewed.
@@ -574,7 +577,7 @@ kim_error kim_ccache_verify (kim_ccache in_ccache,
* \brief Renew the TGT in a ccache.
*/
kim_error kim_ccache_renew (kim_ccache in_ccache,
- kim_options in_options);
+ kim_options in_options);
/*!
* \param in_ccache a ccache object containing a TGT to be validated.
@@ -583,7 +586,7 @@ kim_error kim_ccache_renew (kim_ccache in_ccache,
* \brief Validate the TGT in a ccache.
*/
kim_error kim_ccache_validate (kim_ccache in_ccache,
- kim_options in_options);
+ kim_options in_options);
/*!
* \param io_ccache a ccache object to be destroyed. Set to NULL on exit.
diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c
index 43da3f29b5..26e926d3b7 100644
--- a/src/kim/lib/kim_ccache.c
+++ b/src/kim/lib/kim_ccache.c
@@ -254,6 +254,19 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache,
kim_identity in_client_identity,
kim_options in_options)
{
+ return check_error (kim_ccache_create_new_if_needed_with_password (out_ccache,
+ in_client_identity,
+ in_options,
+ NULL));
+}
+
+/* ------------------------------------------------------------------------ */
+
+kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccache,
+ kim_identity in_client_identity,
+ kim_options in_options,
+ kim_string in_password)
+{
kim_error err = KIM_NO_ERROR;
kim_ccache ccache = NULL;
@@ -263,7 +276,8 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache,
if (!err) {
kim_credential_state state;
- err = kim_ccache_create_from_client_identity (&ccache, in_client_identity);
+ err = kim_ccache_create_from_client_identity (&ccache,
+ in_client_identity);
if (!err) {
err = kim_ccache_get_state (ccache, &state);
@@ -280,7 +294,10 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache *out_ccache,
if (!ccache) {
/* ccache does not already exist, create a new one */
- err = kim_ccache_create_new (&ccache, in_client_identity, in_options);
+ err = kim_ccache_create_new_with_password (&ccache,
+ in_client_identity,
+ in_options,
+ in_password);
}
}
@@ -300,56 +317,62 @@ kim_error kim_ccache_create_from_client_identity (kim_ccache *out_ccache,
kim_identity in_client_identity)
{
kim_error err = KIM_NO_ERROR;
- kim_ccache_iterator iterator = NULL;
- kim_boolean found = FALSE;
- if (!err && !out_ccache ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_ccache) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err) {
+ if (!err && in_client_identity) {
+ kim_ccache_iterator iterator = NULL;
+ kim_boolean found = FALSE;
+
err = kim_ccache_iterator_create (&iterator);
- }
-
- while (!err && !found) {
- kim_ccache ccache = NULL;
- kim_identity identity = NULL;
- kim_comparison comparison;
- err = kim_ccache_iterator_next (iterator, &ccache);
-
- if (!err && !ccache) {
- kim_string string = NULL;
+ while (!err && !found) {
+ kim_ccache ccache = NULL;
+ kim_identity identity = NULL;
+ kim_comparison comparison;
+
+ err = kim_ccache_iterator_next (iterator, &ccache);
+
+ if (!err && !ccache) {
+ kim_string string = NULL;
+
+ err = kim_identity_get_display_string (in_client_identity,
+ &string);
+
+ if (!err) {
+ err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR,
+ string);
+ }
+
+ kim_string_free (&string);
+ }
- err = kim_identity_get_display_string (in_client_identity, &string);
+ if (!err) {
+ err = kim_ccache_get_client_identity (ccache, &identity);
+ }
if (!err) {
- err = kim_error_set_message_for_code (KIM_NO_SUCH_PRINCIPAL_ERR,
- string);
+ err = kim_identity_compare (in_client_identity, identity,
+ &comparison);
}
- kim_string_free (&string);
- }
-
- if (!err) {
- err = kim_ccache_get_client_identity (ccache, &identity);
- }
-
- if (!err) {
- err = kim_identity_compare (in_client_identity, identity, &comparison);
+ if (!err && kim_comparison_is_equal_to (comparison)) {
+ found = 1;
+ *out_ccache = ccache;
+ ccache = NULL;
+ }
+
+ kim_identity_free (&identity);
+ kim_ccache_free (&ccache);
}
- if (!err && kim_comparison_is_equal_to (comparison)) {
- found = 1;
- *out_ccache = ccache;
- ccache = NULL;
- }
+ kim_ccache_iterator_free (&iterator);
- kim_identity_free (&identity);
- kim_ccache_free (&ccache);
+ } else if (!err) {
+ /* in_client_identity is NULL, get default ccache */
+ err = kim_ccache_create_from_default (out_ccache);
}
- kim_ccache_iterator_free (&iterator);
-
return check_error (err);
}
diff --git a/src/kim/lib/kim_ccache_private.h b/src/kim/lib/kim_ccache_private.h
index 42f048455b..6e1d7a12e3 100644
--- a/src/kim/lib/kim_ccache_private.h
+++ b/src/kim/lib/kim_ccache_private.h
@@ -29,6 +29,11 @@
#include <kim/kim.h>
+kim_error kim_ccache_create_new_if_needed_with_password (kim_ccache *out_ccache,
+ kim_identity in_client_identity,
+ kim_options in_options,
+ kim_string in_password);
+
kim_error kim_ccache_create_new_with_password (kim_ccache *out_ccache,
kim_identity in_client_identity,
kim_options in_options,
diff --git a/src/kim/lib/mac/KerberosLogin.c b/src/kim/lib/mac/KerberosLogin.c
index e8d7b577e4..47bb142534 100644
--- a/src/kim/lib/mac/KerberosLogin.c
+++ b/src/kim/lib/mac/KerberosLogin.c
@@ -203,13 +203,9 @@ KLStatus KLAcquireInitialTickets (KLPrincipal inPrincipal,
kim_identity identity = NULL;
if (!err) {
- err = kim_ccache_create_from_client_identity (&ccache,
- inPrincipal);
-
- if (err) {
- /* ccache does not already exist, create a new one */
- err = kim_ccache_create_new (&ccache, inPrincipal, inLoginOptions);
- }
+ err = kim_ccache_create_new_if_needed (&ccache,
+ inPrincipal,
+ inLoginOptions);
}
if (!err && outPrincipal) {
@@ -285,7 +281,9 @@ KLStatus KLDestroyTickets (KLPrincipal inPrincipal)
kim_error err = KIM_NO_ERROR;
kim_ccache ccache = NULL;
- err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
+ if (!err) {
+ err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
+ }
if (!err) {
err = kim_ccache_destroy (&ccache);
@@ -303,9 +301,6 @@ KLStatus KLChangePassword (KLPrincipal inPrincipal)
/* ------------------------------------------------------------------------ */
-
-/* Kerberos Login dialog low level functions */
-
KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal,
KLLoginOptions inLoginOptions,
const char *inPassword,
@@ -315,16 +310,10 @@ KLStatus KLAcquireInitialTicketsWithPassword (KLPrincipal inPrincipal,
kim_ccache ccache = NULL;
if (!err) {
- err = kim_ccache_create_from_client_identity (&ccache,
- inPrincipal);
-
- if (err) {
- /* ccache does not already exist, create a new one */
- err = kim_ccache_create_new_with_password (&ccache,
- inPrincipal,
- inLoginOptions,
- inPassword);
- }
+ err = kim_ccache_create_new_if_needed_with_password (&ccache,
+ inPrincipal,
+ inLoginOptions,
+ inPassword);
}
if (!err && outCredCacheName) {
@@ -676,11 +665,7 @@ KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal,
if (!outFoundValidTickets) { err = kl_check_error (klParameterErr); }
if (!err) {
- if (inPrincipal) {
- err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
- } else {
- err = kim_ccache_create_from_default (&ccache);
- }
+ err = kim_ccache_create_from_client_identity (&ccache, inPrincipal);
}
if (!err) {
@@ -689,6 +674,10 @@ KLStatus KLCacheHasValidTickets (KLPrincipal inPrincipal,
if (!err && outPrincipal) {
err = kim_ccache_get_client_identity (ccache, &identity);
+ if (err) {
+ err = KIM_NO_ERROR;
+ identity = NULL;
+ }
}
if (!err && outCredCacheName) {
generated by cgit (git 2.34.1) at 2024-11-10 01:02:23 +0000