From 85afc74759792cfd3ed53daa7f42bce11ca4c536 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 14 Jun 2012 13:53:09 -0400 Subject: Add krb5_cccol_have_content API Add a new API to determine whether any krb5 credentials are available in the ccache collection. Add tests to t_cccol.py. ticket: 7173 (new) --- src/lib/krb5/ccache/cccursor.c | 35 +++++++++++++++++++++++++++++++++++ src/lib/krb5/ccache/t_cccol.py | 7 +++++++ src/lib/krb5/ccache/t_cccursor.c | 9 +++++++-- src/lib/krb5/libkrb5.exports | 1 + 4 files changed, 50 insertions(+), 2 deletions(-) (limited to 'src/lib/krb5') diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c index 9f366ce06..2b1893a6c 100644 --- a/src/lib/krb5/ccache/cccursor.c +++ b/src/lib/krb5/ccache/cccursor.c @@ -218,3 +218,38 @@ krb5_cc_cache_match(krb5_context context, krb5_principal client, *cache_out = cache; return ret; } + +krb5_error_code KRB5_CALLCONV +krb5_cccol_have_content(krb5_context context) +{ + krb5_cccol_cursor col_cursor; + krb5_cc_cursor cache_cursor; + krb5_ccache cache; + krb5_creds creds; + krb5_boolean found = FALSE; + + if (krb5_cccol_cursor_new(context, &col_cursor)) + goto no_entries; + + while (!found && !krb5_cccol_cursor_next(context, col_cursor, &cache) && + cache != NULL) { + if (krb5_cc_start_seq_get(context, cache, &cache_cursor)) + continue; + while (!found && + !krb5_cc_next_cred(context, cache, &cache_cursor, &creds)) { + if (!krb5_is_config_principal(context, creds.client)) + found = TRUE; + krb5_free_cred_contents(context, &creds); + } + krb5_cc_end_seq_get(context, cache, &cache_cursor); + krb5_cc_close(context, cache); + } + krb5_cccol_cursor_free(context, &col_cursor); + if (found) + return 0; + +no_entries: + krb5_set_error_message(context, KRB5_CC_NOTFOUND, + _("No Kerberos credentials available")); + return KRB5_CC_NOTFOUND; +} diff --git a/src/lib/krb5/ccache/t_cccol.py b/src/lib/krb5/ccache/t_cccol.py index 4c4d239d4..2b2c8450c 100644 --- a/src/lib/krb5/ccache/t_cccol.py +++ b/src/lib/krb5/ccache/t_cccol.py @@ -37,8 +37,15 @@ mbar = 'MEMORY:bar' cursor_test('filemem', [fccname, mfoo, mbar], [fccname, mfoo, mbar]) cursor_test('dirmem', [dccname, mfoo], [duser, dalice, dbob, mfoo]) +# Test krb5_cccol_have_content. +realm.run_as_client(['./t_cccursor', dccname, 'CONTENT']) +realm.run_as_client(['./t_cccursor', fccname, 'CONTENT']) +realm.run_as_client(['./t_cccursor', realm.ccache, 'CONTENT']) +realm.run_as_client(['./t_cccursor', mfoo, 'CONTENT'], expected_code=1) + # Make sure FILE doesn't yield a nonexistent default cache. realm.run_as_client([kdestroy]) cursor_test('noexist', [], []) +realm.run_as_client(['./t_cccursor', fccname, 'CONTENT'], expected_code=1) success('Renewing credentials') diff --git a/src/lib/krb5/ccache/t_cccursor.c b/src/lib/krb5/ccache/t_cccursor.c index a0c758603..dc5fa5b61 100644 --- a/src/lib/krb5/ccache/t_cccursor.c +++ b/src/lib/krb5/ccache/t_cccursor.c @@ -28,7 +28,9 @@ * Displays a list of caches returned by the cccol cursor. The first argument, * if given, is set to the default cache name for the context before iterating. * Any remaining argments are resolved as caches and kept open during the - * iteration. + * iteration. If the argument "CONTENT" is given as one of the cache names, + * immediately exit with status 0 if the collection contains credentials and 1 + * if it does not. */ #include "k5-int.h" @@ -48,8 +50,11 @@ main(int argc, char **argv) if (argc > 2) { assert(argc < 60); - for (i = 2; i < argc; i++) + for (i = 2; i < argc; i++) { + if (strcmp(argv[i], "CONTENT") == 0) + return (krb5_cccol_have_content(ctx) != 0); assert(krb5_cc_resolve(ctx, argv[i], &hold[i - 2]) == 0); + } } assert(krb5_cccol_cursor_new(ctx, &cursor) == 0); diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 53b508225..0af5150cc 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -212,6 +212,7 @@ krb5_cc_switch krb5_cccol_cursor_free krb5_cccol_cursor_new krb5_cccol_cursor_next +krb5_cccol_have_content krb5_change_cache krb5_change_password krb5_check_clockskew -- cgit