Added kim_credential_get_options and kim_ccache_get_options

for KerberosAgent to use to create new favorite identities

ticket: 6055

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20760 dc483132-0cff-0310-8789-dd5450dbe970

6 files changed, 160 insertions, 0 deletions

diff --git a/src/include/kim/kim_ccache.h b/src/include/kim/kim_ccache.h
index 73789eabb..efa9a6dce 100644
--- a/src/include/kim/kim_ccache.h
+++ b/src/include/kim/kim_ccache.h
@@ -247,6 +247,13 @@ extern "C" {
  * without resending secrets to the KDC (such as a password).  If credentials are 
  * not renewable, this function will return an error.
  *
+ * \li #kim_ccache_get_options() 
+ * returns a kim_options object with the credential options of the credentials
+ * in the ccache.  This function is intended to be used when adding 
+ * an identity with existing credentials to the favorite identities list.
+ * By passing in the options returned by this call, future requests for the
+ * favorite identity will use the same credential options.
+ *
  * See \ref kim_ccache_reference and \ref kim_ccache_iterator_reference for 
  * information on specific APIs.
  */
@@ -524,6 +531,16 @@ kim_error kim_ccache_get_renewal_expiration_time (kim_ccache  in_ccache,
                                                   kim_time   *out_renewal_expiration_time);
 
 /*!
+ * \param kim_ccache     a ccache object. 
+ * \param out_options    on exit, an options object reflecting the ticket
+ *                       options of the credentials in \a in_ccache.
+ * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
+ * \brief Get a kim_options object based on a ccache's credential attributes.
+ */
+kim_error kim_ccache_get_options (kim_ccache   in_ccache,
+                                  kim_options *out_options);
+
+/*!
  * \param io_ccache a ccache object which will be set to the default ccache. 
  * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
  * \note This API is provided for backwards compatibilty with applications which are not
diff --git a/src/include/kim/kim_credential.h b/src/include/kim/kim_credential.h
index 678c2a314..222d1e760 100644
--- a/src/include/kim/kim_credential.h
+++ b/src/include/kim/kim_credential.h
@@ -258,6 +258,13 @@ typedef int kim_credential_state;
  *     without resending secrets to the KDC (such as a password).  If credentials are 
  *     not renewable, this function will return a renewal expiration time of 0.
  *
+ * \li #kim_credential_get_options() 
+ *     returns a kim_options object with the credential options of the 
+ *     credential.  This function is intended to be used when adding 
+ *     an identity with existing credentials to the favorite identities list.
+ *     By passing in the options returned by this call, future requests for the
+ *     favorite identity will use the same credential options.
+ *
  *
  * See \ref kim_credential_reference and \ref kim_credential_iterator_reference for 
  * information on specific APIs.
@@ -446,6 +453,16 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential  in_credent
                                                       kim_time       *out_renewal_expiration_time);
 
 /*!
+ * \param in_credential  a credential object. 
+ * \param out_options    on exit, an options object reflecting the ticket
+ *                       options of \a in_credential.
+ * \return On success, #KIM_NO_ERROR.  On failure, an error code representing the failure.
+ * \brief Get a kim_options object based on a credential's attributes.
+ */
+kim_error kim_credential_get_options (kim_credential  in_credential,
+                                      kim_options    *out_options);
+    
+/*!
  * \param in_credential       a credential object. 
  * \param in_client_identity  a client identity.
  * \param out_ccache          on exit, a ccache object containing \a in_credential with the client  
diff --git a/src/kim/lib/kim-lite.exports b/src/kim/lib/kim-lite.exports
index 969ad8383..b548cfc24 100644
--- a/src/kim/lib/kim-lite.exports
+++ b/src/kim/lib/kim-lite.exports
@@ -87,6 +87,7 @@ kim_credential_get_state
 kim_credential_get_start_time
 kim_credential_get_expiration_time
 kim_credential_get_renewal_expiration_time
+kim_credential_get_options
 kim_credential_store
 kim_credential_renew
 kim_credential_validate
@@ -115,6 +116,7 @@ kim_ccache_get_state
 kim_ccache_get_start_time
 kim_ccache_get_expiration_time
 kim_ccache_get_renewal_expiration_time
+kim_ccache_get_options
 kim_ccache_set_default
 kim_ccache_renew
 kim_ccache_validate
diff --git a/src/kim/lib/kim.exports b/src/kim/lib/kim.exports
index 6381cbd81..a41f48109 100644
--- a/src/kim/lib/kim.exports
+++ b/src/kim/lib/kim.exports
@@ -88,6 +88,7 @@ kim_credential_get_state
 kim_credential_get_start_time
 kim_credential_get_expiration_time
 kim_credential_get_renewal_expiration_time
+kim_credential_get_options
 kim_credential_store
 kim_credential_verify
 kim_credential_renew
@@ -118,6 +119,7 @@ kim_ccache_get_state
 kim_ccache_get_start_time
 kim_ccache_get_expiration_time
 kim_ccache_get_renewal_expiration_time
+kim_ccache_get_options
 kim_ccache_set_default
 kim_ccache_verify
 kim_ccache_renew
diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c
index 16ba381cd..152095d54 100644
--- a/src/kim/lib/kim_ccache.c
+++ b/src/kim/lib/kim_ccache.c
@@ -923,6 +923,31 @@ kim_error kim_ccache_get_renewal_expiration_time (kim_ccache  in_ccache,
     return check_error (err);
 }
 
+/* ------------------------------------------------------------------------ */
+
+kim_error kim_ccache_get_options (kim_ccache   in_ccache,
+                                  kim_options *out_options)
+{
+    kim_error err = KIM_NO_ERROR;
+    kim_credential credential = NULL;
+    
+    if (!err && !in_ccache  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_options) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    
+    if (!err) {
+        err = kim_ccache_get_dominant_credential (in_ccache, NULL, NULL, 
+                                                  &credential);
+    }
+    
+    if (!err) {
+        err = kim_credential_get_options (credential, out_options);
+    }
+    
+    kim_credential_free (&credential);
+    
+    return check_error (err);
+}
+
 #pragma mark -
 
 /* ------------------------------------------------------------------------ */
diff --git a/src/kim/lib/kim_credential.c b/src/kim/lib/kim_credential.c
index b03cba183..61fbafa48 100644
--- a/src/kim/lib/kim_credential.c
+++ b/src/kim/lib/kim_credential.c
@@ -854,6 +854,103 @@ kim_error kim_credential_get_renewal_expiration_time (kim_credential  in_credent
 
 /* ------------------------------------------------------------------------ */
 
+kim_error kim_credential_get_options (kim_credential  in_credential,
+                                      kim_options    *out_options)
+{
+    kim_error err = KIM_NO_ERROR;
+    kim_options options = NULL;
+    krb5_creds *creds = NULL;
+    
+    if (!err && !in_credential) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_options  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    
+    if (!err) {
+        creds = in_credential->creds;
+        
+        err = kim_options_create (&options);
+    }
+    
+    if (!err) {
+        err = kim_options_set_start_time (options, creds->times.starttime);
+    }
+    
+    if (!err) {
+        kim_lifetime lifetime = (creds->times.endtime -
+                                 (creds->times.starttime ?
+                                  creds->times.starttime :
+                                  creds->times.authtime));
+        
+        err = kim_options_set_lifetime (options, lifetime);
+    }
+    
+    if (!err) {
+        kim_boolean renewable = (creds->ticket_flags & TKT_FLG_RENEWABLE);
+        
+        err = kim_options_set_renewable (options, renewable);
+    }
+    
+    if (!err) {
+        kim_lifetime rlifetime = (creds->ticket_flags & TKT_FLG_RENEWABLE ?
+                                  creds->times.renew_till : 0);
+        
+        err = kim_options_set_lifetime (options, rlifetime);
+    }
+    
+    if (!err) {
+        kim_boolean forwardable = (creds->ticket_flags & TKT_FLG_FORWARDABLE);
+        
+        err = kim_options_set_forwardable (options, forwardable);
+    }
+    
+    if (!err) {
+        kim_boolean proxiable = (creds->ticket_flags & TKT_FLG_PROXIABLE);
+        
+        err = kim_options_set_proxiable (options, proxiable);
+    }
+    
+    if (!err) {
+        kim_boolean addressless = (!creds->addresses || !creds->addresses[0]);
+
+        err = kim_options_set_addressless (options, addressless);
+    }
+    
+    if (!err) {
+        kim_boolean is_tgt = 0;
+        kim_string service = NULL; /* tgt service */
+        
+        err = kim_credential_is_tgt (in_credential, &is_tgt);
+        
+        if (!err && !is_tgt) {
+            kim_identity identity = NULL;
+            
+            err = kim_credential_get_service_identity (in_credential, &identity);
+            
+            if (!err) {
+                err = kim_identity_get_string (identity, &service);
+            }
+
+            kim_identity_free (&identity);
+        }
+         
+        if (!err) {
+            err = kim_options_set_service_name (options, service);
+        }
+        
+        kim_string_free (&service);
+    }
+    
+    if (!err) {
+        *out_options = options;
+        options = NULL;
+    }
+    
+    kim_options_free (&options);
+    
+    return check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
 kim_error kim_credential_store (kim_credential  in_credential,
                                 kim_identity    in_client_identity,
                                 kim_ccache     *out_ccache)