summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2012-06-14 13:53:09 -0400
committerGreg Hudson <ghudson@mit.edu>2012-06-15 00:15:37 -0400
commit85afc74759792cfd3ed53daa7f42bce11ca4c536 (patch)
treefce51b46d6cdd18b776a3d82bdf8ff6e20fd8adf /src/lib
parent2cef3fc6eae96643604e322f998176c6fae89c12 (diff)
downloadkrb5-85afc74759792cfd3ed53daa7f42bce11ca4c536.tar.gz
krb5-85afc74759792cfd3ed53daa7f42bce11ca4c536.tar.xz
krb5-85afc74759792cfd3ed53daa7f42bce11ca4c536.zip
Add krb5_cccol_have_content API
Add a new API to determine whether any krb5 credentials are available in the ccache collection. Add tests to t_cccol.py. ticket: 7173 (new)
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/krb5/ccache/cccursor.c35
-rw-r--r--src/lib/krb5/ccache/t_cccol.py7
-rw-r--r--src/lib/krb5/ccache/t_cccursor.c9
-rw-r--r--src/lib/krb5/libkrb5.exports1
-rw-r--r--src/lib/krb5_32.def1
5 files changed, 51 insertions, 2 deletions
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
index 9f366ce06..2b1893a6c 100644
--- a/src/lib/krb5/ccache/cccursor.c
+++ b/src/lib/krb5/ccache/cccursor.c
@@ -218,3 +218,38 @@ krb5_cc_cache_match(krb5_context context, krb5_principal client,
*cache_out = cache;
return ret;
}
+
+krb5_error_code KRB5_CALLCONV
+krb5_cccol_have_content(krb5_context context)
+{
+ krb5_cccol_cursor col_cursor;
+ krb5_cc_cursor cache_cursor;
+ krb5_ccache cache;
+ krb5_creds creds;
+ krb5_boolean found = FALSE;
+
+ if (krb5_cccol_cursor_new(context, &col_cursor))
+ goto no_entries;
+
+ while (!found && !krb5_cccol_cursor_next(context, col_cursor, &cache) &&
+ cache != NULL) {
+ if (krb5_cc_start_seq_get(context, cache, &cache_cursor))
+ continue;
+ while (!found &&
+ !krb5_cc_next_cred(context, cache, &cache_cursor, &creds)) {
+ if (!krb5_is_config_principal(context, creds.client))
+ found = TRUE;
+ krb5_free_cred_contents(context, &creds);
+ }
+ krb5_cc_end_seq_get(context, cache, &cache_cursor);
+ krb5_cc_close(context, cache);
+ }
+ krb5_cccol_cursor_free(context, &col_cursor);
+ if (found)
+ return 0;
+
+no_entries:
+ krb5_set_error_message(context, KRB5_CC_NOTFOUND,
+ _("No Kerberos credentials available"));
+ return KRB5_CC_NOTFOUND;
+}
diff --git a/src/lib/krb5/ccache/t_cccol.py b/src/lib/krb5/ccache/t_cccol.py
index 4c4d239d4..2b2c8450c 100644
--- a/src/lib/krb5/ccache/t_cccol.py
+++ b/src/lib/krb5/ccache/t_cccol.py
@@ -37,8 +37,15 @@ mbar = 'MEMORY:bar'
cursor_test('filemem', [fccname, mfoo, mbar], [fccname, mfoo, mbar])
cursor_test('dirmem', [dccname, mfoo], [duser, dalice, dbob, mfoo])
+# Test krb5_cccol_have_content.
+realm.run_as_client(['./t_cccursor', dccname, 'CONTENT'])
+realm.run_as_client(['./t_cccursor', fccname, 'CONTENT'])
+realm.run_as_client(['./t_cccursor', realm.ccache, 'CONTENT'])
+realm.run_as_client(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1)
+
# Make sure FILE doesn't yield a nonexistent default cache.
realm.run_as_client([kdestroy])
cursor_test('noexist', [], [])
+realm.run_as_client(['./t_cccursor', fccname, 'CONTENT'], expected_code=1)
success('Renewing credentials')
diff --git a/src/lib/krb5/ccache/t_cccursor.c b/src/lib/krb5/ccache/t_cccursor.c
index a0c758603..dc5fa5b61 100644
--- a/src/lib/krb5/ccache/t_cccursor.c
+++ b/src/lib/krb5/ccache/t_cccursor.c
@@ -28,7 +28,9 @@
* Displays a list of caches returned by the cccol cursor. The first argument,
* if given, is set to the default cache name for the context before iterating.
* Any remaining argments are resolved as caches and kept open during the
- * iteration.
+ * iteration. If the argument "CONTENT" is given as one of the cache names,
+ * immediately exit with status 0 if the collection contains credentials and 1
+ * if it does not.
*/
#include "k5-int.h"
@@ -48,8 +50,11 @@ main(int argc, char **argv)
if (argc > 2) {
assert(argc < 60);
- for (i = 2; i < argc; i++)
+ for (i = 2; i < argc; i++) {
+ if (strcmp(argv[i], "CONTENT") == 0)
+ return (krb5_cccol_have_content(ctx) != 0);
assert(krb5_cc_resolve(ctx, argv[i], &hold[i - 2]) == 0);
+ }
}
assert(krb5_cccol_cursor_new(ctx, &cursor) == 0);
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 53b508225..0af5150cc 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -212,6 +212,7 @@ krb5_cc_switch
krb5_cccol_cursor_free
krb5_cccol_cursor_new
krb5_cccol_cursor_next
+krb5_cccol_have_content
krb5_change_cache
krb5_change_password
krb5_check_clockskew
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
index 54fd081de..08653ed42 100644
--- a/src/lib/krb5_32.def
+++ b/src/lib/krb5_32.def
@@ -428,3 +428,4 @@ EXPORTS
; new in 1.11 (note that 399-400 are used above)
krb5_chpw_message @398
krb5_kt_have_content @401
+ krb5_cccol_have_content @402