Finished KLL to KIM shim.

Switched krb5 code to using it.

ticket:	6134

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 516 insertions, 9 deletions

diff --git a/src/kim/lib/kim_ccache.c b/src/kim/lib/kim_ccache.c
index 2e457be89..43da3f29b 100644
--- a/src/kim/lib/kim_ccache.c
+++ b/src/kim/lib/kim_ccache.c
@@ -255,19 +255,42 @@ kim_error kim_ccache_create_new_if_needed (kim_ccache   *out_ccache,
                                            kim_options   in_options)
 {
     kim_error err = KIM_NO_ERROR;
+    kim_ccache ccache = NULL;
     
     if (!err && !out_ccache        ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     if (!err && !in_client_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
-        err = kim_ccache_create_from_client_identity (out_ccache, in_client_identity);
+        kim_credential_state state;
         
-        if (err) {
-            /* ccache does not already exist, create a new one */
-            err = kim_ccache_create_new (out_ccache, in_client_identity, in_options);
+        err = kim_ccache_create_from_client_identity (&ccache, in_client_identity);
+        
+        if (!err) {
+            err = kim_ccache_get_state (ccache, &state);
         }
+        
+        if (!err && state != kim_credentials_state_valid) {
+            if (state == kim_credentials_state_needs_validation) {
+                err = kim_ccache_validate (ccache, in_options);
+            } else {
+                kim_ccache_free (&ccache);
+                ccache = NULL;
+            }
+        }
+        
+        if (!ccache) {
+            /* ccache does not already exist, create a new one */
+            err = kim_ccache_create_new (&ccache, in_client_identity, in_options);
+        }        
     }
     
+    if (!err) {
+        *out_ccache = ccache;
+        ccache = NULL;
+    }
+    
+    kim_ccache_free (&ccache);
+    
     return check_error (err);
 }
 
diff --git a/src/kim/lib/mac/KerberosLogin.c b/src/kim/lib/mac/KerberosLogin.c
index e5fa38468..b97128ccf 100644
--- a/src/kim/lib/mac/KerberosLogin.c
+++ b/src/kim/lib/mac/KerberosLogin.c
@@ -24,14 +24,87 @@
  * or implied warranty.
  */
 
+#ifndef LEAN_CLIENT
+
 #define KERBEROSLOGIN_DEPRECATED
 
 #include "CredentialsCache.h"
 #include "KerberosLogin.h"
+#include "KerberosLoginPrivate.h"
 #include <kim/kim.h>
 #include "kim_private.h"
 
-#define kl_check_error(x) (x)
+krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions);
+KLTime __KLLoginOptionsGetStartTime (KLLoginOptions ioOptions);
+char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions);
+
+/* ------------------------------------------------------------------------ */
+
+static KLStatus kl_check_error_ (kim_error inError, const char *function, const char *file, int line)
+{
+    kim_error err = inError;
+    
+    switch (err) {
+        case ccNoError:
+            err = klNoErr;
+            break;
+            
+        case ccErrBadName:
+            err = klPrincipalDoesNotExistErr;
+            break;
+            
+        case ccErrCCacheNotFound:
+            err = klCacheDoesNotExistErr;
+            break;
+            
+        case ccErrCredentialsNotFound:
+            err = klNoCredentialsErr;
+            break;
+            
+        case KIM_OUT_OF_MEMORY_ERR:
+        case ccErrNoMem:
+            err = klMemFullErr;
+            break;
+            
+        case ccErrBadCredentialsVersion:
+            err = klInvalidVersionErr;
+            break;
+            
+        case KIM_NULL_PARAMETER_ERR:
+        case ccErrBadParam:
+        case ccIteratorEnd:
+        case ccErrInvalidContext:
+        case ccErrInvalidCCache:
+        case ccErrInvalidString:
+        case ccErrInvalidCredentials:
+        case ccErrInvalidCCacheIterator:
+        case ccErrInvalidCredentialsIterator:
+        case ccErrInvalidLock:
+        case ccErrBadAPIVersion:
+        case ccErrContextLocked:
+        case ccErrContextUnlocked:
+        case ccErrCCacheLocked:
+        case ccErrCCacheUnlocked:
+        case ccErrBadLockType:
+        case ccErrNeverDefault:
+            err = klParameterErr;
+            break;
+            
+        case KIM_USER_CANCELED_ERR:
+        case KRB5_LIBOS_PWDINTR:
+            err = klUserCanceledErr;
+            break;
+    }
+    
+    if (err) {
+        kim_debug_printf ("%s() remapped %d to %d ('%s') at %s: %d", 
+                          function, inError, err, kim_error_message (err), 
+                          file, line);
+    }
+    
+    return err;
+}
+#define kl_check_error(err) kl_check_error_(err, __FUNCTION__, __FILE__, __LINE__)
 
 /* ------------------------------------------------------------------------ */
 
@@ -1051,7 +1124,7 @@ KLStatus KLSetDefaultLoginOption (const KLDefaultLoginOption  inOption,
         kim_string_free (&new_identity_string);
         kim_identity_free (&old_identity);
         kim_identity_free (&new_identity);
-         
+        
     } else if (!err && inOption == loginOption_LoginInstance) {
         /* Ignored */
         
@@ -1536,11 +1609,192 @@ KLStatus KLDisposeLoginOptions(KLLoginOptions ioOptions)
 
 /* ------------------------------------------------------------------------ */
 
-
-/* Misc function */
-
 KLStatus KLDisposeString (char *inStringToDispose)
 {
     kim_string_free ((kim_string *)&inStringToDispose);
     return klNoErr;
 }
+
+#pragma mark -
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetApplicationPrompter (KLPrompterProcPtr inPrompter)
+{
+    /* Deprecated */
+    return klNoErr;
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetHomeDirectoryAccess (KLBoolean inAllowHomeDirectoryAccess)
+{
+    return kl_check_error (kim_library_set_allow_home_directory_access (inAllowHomeDirectoryAccess));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLAllowHomeDirectoryAccess (void)
+{
+    return kim_library_allow_home_directory_access ();
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting)
+{
+    return kl_check_error (kim_library_set_allow_automatic_prompting (inAllowAutomaticPrompting));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLAllowAutomaticPrompting (void)
+{
+    return kl_check_error (kim_library_allow_automatic_prompting ());
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLSetPromptMechanism (KLPromptMechanism inPromptMechanism)
+{
+    kim_error err = KIM_NO_ERROR;
+
+    if (inPromptMechanism == klPromptMechanism_None) {
+        err = kim_library_set_allow_automatic_prompting (0);
+    } else {
+        err = kim_library_set_allow_automatic_prompting (1);
+    }
+
+    return kl_check_error (err);
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLPromptMechanism __KLPromptMechanism (void)
+{
+    kim_ui_environment environment = kim_library_ui_environment ();
+    
+    if (environment == KIM_UI_ENVIRONMENT_GUI) {
+        return klPromptMechanism_GUI;
+    } else if (environment == KIM_UI_ENVIRONMENT_CLI) {
+        return klPromptMechanism_CLI;
+    }
+    return klPromptMechanism_None;
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLAllowRememberPassword (void)
+{
+    return kl_check_error (kim_os_identity_allow_save_password ());
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLCreatePrincipalFromTriplet (const char  *inName,
+                                         const char  *inInstance,
+                                         const char  *inRealm,
+                                         KLKerberosVersion  inKerberosVersion,
+                                         KLPrincipal *outPrincipal)
+{
+    return kl_check_error (kim_identity_create_from_components (outPrincipal,
+                                                                inRealm,
+                                                                inName, 
+                                                                inInstance,
+                                                                NULL));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLGetTripletFromPrincipal (KLPrincipal         inPrincipal,
+                                      KLKerberosVersion   inKerberosVersion,
+                                      char              **outName,
+                                      char              **outInstance,
+                                      char              **outRealm)
+{
+    return KLGetTripletFromPrincipal (inPrincipal, 
+                                      outName, outInstance, outRealm);
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal inPrincipal,
+                                                    KLPrincipal *outPrincipal)
+{
+    return KLCreatePrincipalFromKerberos5Principal (inPrincipal, outPrincipal);
+    
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal, 
+                                                 krb5_context    inContext, 
+                                                 krb5_principal *outKrb5Principal)
+{
+    return kl_check_error (kim_identity_get_krb5_principal (inPrincipal, 
+                                                            inContext, 
+                                                            outKrb5Principal));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLBoolean __KLPrincipalIsTicketGrantingService (KLPrincipal inPrincipal)
+{
+    kim_boolean is_tgt = FALSE;
+    kim_error err = kim_identity_is_tgt_service (inPrincipal, &is_tgt);
+    
+    return !err ? is_tgt : FALSE; 
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLGetKeychainPasswordForPrincipal (KLPrincipal   inPrincipal,
+                                              char        **outPassword)
+{
+    return kl_check_error (kim_os_identity_get_saved_password (inPrincipal,
+                                                               (kim_string *) outPassword));
+}
+
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLPrincipalSetKeychainPassword (KLPrincipal  inPrincipal,
+                                           const char  *inPassword)
+{
+    return kl_check_error (kim_os_identity_set_saved_password (inPrincipal,
+                                                               inPassword));
+}
+
+/* ------------------------------------------------------------------------ */
+
+KLStatus __KLRemoveKeychainPasswordForPrincipal (KLPrincipal inPrincipal)
+{
+    return kl_check_error (kim_os_identity_remove_saved_password (inPrincipal));
+}
+
+#pragma mark -
+
+// ---------------------------------------------------------------------------
+
+krb5_get_init_creds_opt *__KLLoginOptionsGetKerberos5Options (KLLoginOptions ioOptions)
+{
+    return kim_options_init_cred_options (ioOptions);
+}
+
+// ---------------------------------------------------------------------------
+
+KLTime __KLLoginOptionsGetStartTime (KLLoginOptions ioOptions)
+{
+    return kim_options_start_time (ioOptions);
+}
+
+// ---------------------------------------------------------------------------
+
+char *__KLLoginOptionsGetServiceName (KLLoginOptions ioOptions)
+{
+    return kim_options_service_name (ioOptions);
+}
+
+
+
+#endif /* LEAN_CLIENT */
diff --git a/src/kim/lib/mac/KerberosLogin.exports b/src/kim/lib/mac/KerberosLogin.exports
new file mode 100644
index 000000000..9fd85f41f
--- /dev/null
+++ b/src/kim/lib/mac/KerberosLogin.exports
@@ -0,0 +1,107 @@
+
+# Public API:
+
+KLAcquireTickets
+KLAcquireNewTickets
+KLAcquireTicketsWithPassword
+KLAcquireNewTicketsWithPassword
+
+KLAcquireInitialTickets
+KLAcquireNewInitialTickets
+KLAcquireInitialTicketsWithPassword
+KLAcquireNewInitialTicketsWithPassword
+KLAcquireNewInitialTicketCredentialsWithPassword
+KLStoreNewInitialTicketCredentials
+
+KLVerifyInitialTickets
+KLVerifyInitialTicketCredentials
+KLAcquireNewInitialTicketsWithKeytab
+
+KLChangePassword
+KLChangePasswordWithPasswords
+KLRenewInitialTickets
+KLValidateInitialTickets
+KLDestroyTickets
+
+KLLastChangedTime
+KLCacheHasValidTickets
+KLTicketStartTime
+KLTicketExpirationTime
+KLSetSystemDefaultCache
+
+KLHandleError
+KLGetErrorString
+
+KLCancelAllDialogs
+
+KLSetApplicationOptions
+KLGetApplicationOptions
+
+KLSetIdleCallback
+KLGetIdleCallback
+
+KLGetDefaultLoginOption
+KLSetDefaultLoginOption
+
+KLFindKerberosRealmByName
+KLGetKerberosRealm
+KLSetKerberosRealm
+KLRemoveKerberosRealm
+KLInsertKerberosRealm
+KLRemoveAllKerberosRealms
+KLCountKerberosRealms
+KLGetKerberosDefaultRealm
+KLGetKerberosDefaultRealmByName
+KLSetKerberosDefaultRealm
+KLSetKerberosDefaultRealmByName
+
+KLCreatePrincipalFromTriplet
+KLCreatePrincipalFromString
+KLGetTripletFromPrincipal
+KLGetStringFromPrincipal
+KLGetDisplayStringFromPrincipal
+KLComparePrincipal
+KLDisposePrincipal
+
+KLCreateLoginOptions
+KLLoginOptionsSetTicketLifetime
+KLLoginOptionsSetForwardable
+KLLoginOptionsSetProxiable
+KLLoginOptionsSetRenewableLifetime
+KLLoginOptionsSetAddressless
+KLLoginOptionsSetTicketStartTime
+KLLoginOptionsSetServiceName
+KLDisposeLoginOptions
+
+KLDisposeString
+
+# Private APIs being used by external callers:
+
+#__KLChangePasswordWithPasswordsCompat
+#__KLAcquireInitialTicketsForCache
+#__KLPrompter
+
+__KLSetApplicationPrompter
+
+__KLSetHomeDirectoryAccess
+__KLAllowHomeDirectoryAccess
+
+__KLSetAutomaticPrompting
+__KLAllowAutomaticPrompting
+__KLSetPromptMechanism
+__KLPromptMechanism
+__KLAllowRememberPassword
+
+__KLCreatePrincipalFromTriplet
+__KLGetTripletFromPrincipal
+__KLCreatePrincipalFromKerberos5Principal
+__KLGetKerberos5PrincipalFromPrincipal
+__KLPrincipalIsTicketGrantingService
+
+__KLGetKeychainPasswordForPrincipal
+__KLPrincipalSetKeychainPassword
+__KLRemoveKeychainPasswordForPrincipal
+
+__KLLoginOptionsGetKerberos5Options
+__KLLoginOptionsGetStartTime
+__KLLoginOptionsGetServiceName
diff --git a/src/kim/lib/mac/KerberosLoginPrivate.h b/src/kim/lib/mac/KerberosLoginPrivate.h
new file mode 100644
index 000000000..52e10fcd1
--- /dev/null
+++ b/src/kim/lib/mac/KerberosLoginPrivate.h
@@ -0,0 +1,123 @@
+/*
+* Copyright 1998-2008 Massachusetts Institute of Technology.
+* All Rights Reserved.
+*
+* Export of this software from the United States of America may
+* require a specific license from the United States Government.
+* It is the responsibility of any person or organization contemplating
+* export to obtain such a license before exporting.
+* 
+* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+* distribute this software and its documentation for any purpose and
+* without fee is hereby granted, provided that the above copyright
+* notice appear in all copies and that both that copyright notice and
+* this permission notice appear in supporting documentation, and that
+* the name of M.I.T. not be used in advertising or publicity pertaining
+* to distribution of the software without specific, written prior
+* permission.  Furthermore if you modify this software you must label
+* your software as modified software and not distribute it in such a
+* fashion that it might be confused with the original M.I.T. software.
+* M.I.T. makes no representations about the suitability of
+* this software for any purpose.  It is provided "as is" without express
+* or implied warranty.
+*/
+
+#ifndef __KERBEROSLOGINPRIVATE__
+#define __KERBEROSLOGINPRIVATE__
+
+#if defined(macintosh) || (defined(__MACH__) && defined(__APPLE__))
+#    include <TargetConditionals.h>
+#    if TARGET_RT_MAC_CFM
+#        error "Use KfM 4.0 SDK headers for CFM compilation."
+#    endif
+#endif
+
+#include <Kerberos/KerberosLogin.h>
+#include <Kerberos/krb5.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum {
+    klPromptMechanism_Autodetect = 0,
+    klPromptMechanism_GUI = 1,
+    klPromptMechanism_CLI = 2,
+    klPromptMechanism_None = 0xFFFFFFFF
+};
+typedef uint32_t KLPromptMechanism;
+
+/*************/
+/*** Types ***/
+/*************/
+
+#ifdef KERBEROSLOGIN_DEPRECATED
+
+typedef krb5_error_code (*KLPrompterProcPtr) (krb5_context  context,
+                                              void         *data,
+                                              const char   *name,
+                                              const char   *banner,
+                                              int           num_prompts,
+                                              krb5_prompt   prompts[]);
+KLStatus __KLSetApplicationPrompter (KLPrompterProcPtr inPrompter);
+
+#endif /* KERBEROSLOGIN_DEPRECATED */
+    
+/*****************/
+/*** Functions ***/
+/*****************/
+
+KLStatus  __KLSetHomeDirectoryAccess (KLBoolean inAllowHomeDirectoryAccess);
+KLBoolean __KLAllowHomeDirectoryAccess (void);
+
+KLStatus  __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting);
+KLBoolean __KLAllowAutomaticPrompting (void);
+
+KLBoolean __KLAllowRememberPassword (void);
+
+KLStatus          __KLSetPromptMechanism (KLPromptMechanism inPromptMechanism);
+KLPromptMechanism __KLPromptMechanism (void);
+
+KLStatus __KLCreatePrincipalFromTriplet (const char  *inName,
+                                         const char  *inInstance,
+                                         const char  *inRealm,
+                                         KLKerberosVersion  inKerberosVersion,
+                                         KLPrincipal *outPrincipal);
+
+KLStatus __KLGetTripletFromPrincipal (KLPrincipal         inPrincipal,
+                                      KLKerberosVersion   inKerberosVersion,
+                                      char              **outName,
+                                      char              **outInstance,
+                                      char              **outRealm);
+
+KLStatus __KLCreatePrincipalFromKerberos5Principal (krb5_principal  inPrincipal,
+                                                    KLPrincipal    *outPrincipal);
+
+KLStatus __KLGetKerberos5PrincipalFromPrincipal (KLPrincipal     inPrincipal, 
+                                                 krb5_context    inContext, 
+                                                 krb5_principal *outKrb5Principal);
+
+KLStatus __KLGetRealmFromPrincipal (KLPrincipal inPrincipal, char **outRealm);
+
+KLBoolean __KLPrincipalIsTicketGrantingService (KLPrincipal inPrincipal);
+
+KLStatus __KLGetKeychainPasswordForPrincipal (KLPrincipal   inPrincipal,
+                                              char        **outPassword);
+
+KLStatus __KLPrincipalSetKeychainPassword (KLPrincipal  inPrincipal,
+                                           const char  *inPassword);
+
+KLStatus __KLRemoveKeychainPasswordForPrincipal (KLPrincipal inPrincipal);
+
+#if TARGET_OS_MAC
+#    if defined(__MWERKS__)
+#        pragma import reset
+#    endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __KERBEROSLOGINPRIVATE__ */
+