add kdc syncing, more API cache glue, query if switching is supported

lib/krb5/cache.c

@@ -3,6 +3,8 @@
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
+ * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -303,9 +305,13 @@ krb5_cc_get_type(krb5_context context,
 }
 
 /**
- * Return the complete resolvable name the ccache `id' in `str´.
- * `str` should be freed with free(3).
- * Returns 0 or an error (and then *str is set to NULL).
+ * Return the complete resolvable name the cache
+
+ * @param context a Keberos context
+ * @param id return pointer to a found credential cache
+ * @param str the returned name of a credential cache, free with krb5_xfree()
+ *
+ * @return Returns 0 or an error (and then *str is set to NULL).
  *
  * @ingroup krb5_ccache
  */
@@ -444,6 +450,12 @@ environment_changed(krb5_context context)
     if (context->default_cc_name_set)
 	return 0;
 
+    /* XXX performance: always ask KCM/API if default name has changed */
+    if (context->default_cc_name &&
+	(strncmp(context->default_cc_name, "KCM:", 4) == 0 ||
+	 strncmp(context->default_cc_name, "API:", 4) == 0))
+	return 1;
+
     if(issuid())
 	return 0;
 
@@ -472,7 +484,7 @@ environment_changed(krb5_context context)
  * @ingroup krb5_ccache
  */
 
-krb5_error_code
+krb5_error_code KRB5_LIB_FUNCTION
 krb5_cc_switch(krb5_context context, krb5_ccache id)
 {
 
@@ -482,6 +494,23 @@ krb5_cc_switch(krb5_context context, krb5_ccache id)
     return (*id->ops->set_default)(context, id);
 }
 
+/**
+ * Return true if the default credential cache support switch
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_cc_support_switch(krb5_context context, const char *type)
+{
+    const krb5_cc_ops *ops;
+
+    ops = krb5_cc_get_prefix_ops(context, type);
+    if (ops && ops->set_default)
+	return 1;
+    return FALSE;
+}
+
 /**
  * Set the default cc name for `context' to `name'.
  *
@@ -1623,13 +1652,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
 	    if (now < cred.times.endtime)
 		*t = cred.times.endtime - now;
 	    krb5_free_cred_contents(context, &cred);
-	    goto out;
+	    break;
 	}
 	krb5_free_cred_contents(context, &cred);
     }
     
- out:
     krb5_cc_end_seq_get(context, id, &cursor);
 
     return ret;
 }
+
+/**
+ * Set the time offset betwen the client and the KDC
+ *
+ * If the backend doesn't support KDC offset, use the context global setting.
+ *
+ * @param context A Kerberos 5 context.
+ * @param id a credential cache
+ * @param offset the offset in seconds
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code
+krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset)
+{
+    if (id->ops->set_kdc_offset == NULL) {
+	context->kdc_sec_offset = offset;
+	context->kdc_usec_offset = 0;
+	return 0;
+    }
+    return (*id->ops->set_kdc_offset)(context, id, offset);
+}
+
+/**
+ * Get the time offset betwen the client and the KDC
+ *
+ * If the backend doesn't support KDC offset, use the context global setting.
+ *
+ * @param context A Kerberos 5 context.
+ * @param id a credential cache
+ * @param offset the offset in seconds
+ *
+ * @return Return an error code or 0, see krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code
+krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset)
+{
+    if (id->ops->get_kdc_offset == NULL) {
+	*offset = context->kdc_sec_offset;
+	return 0;
+    }
+    return (*id->ops->get_kdc_offset)(context, id, offset);
+}