From 1494b7b61103a4789d4c5012614dfc42caa4de56 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Sun, 22 Nov 2009 12:32:39 -0800 Subject: [PATCH] add kdc syncing, more API cache glue, query if switching is supported --- lib/krb5/cache.c | 89 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 83 insertions(+), 6 deletions(-) diff --git a/lib/krb5/cache.c b/lib/krb5/cache.c index 3617a0eef..505ecd03c 100644 --- a/lib/krb5/cache.c +++ b/lib/krb5/cache.c @@ -3,6 +3,8 @@ * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * + * Portions Copyright (c) 2009 Apple Inc. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -303,9 +305,13 @@ krb5_cc_get_type(krb5_context context, } /** - * Return the complete resolvable name the ccache `id' in `strĀ“. - * `str` should be freed with free(3). - * Returns 0 or an error (and then *str is set to NULL). + * Return the complete resolvable name the cache + + * @param context a Keberos context + * @param id return pointer to a found credential cache + * @param str the returned name of a credential cache, free with krb5_xfree() + * + * @return Returns 0 or an error (and then *str is set to NULL). * * @ingroup krb5_ccache */ @@ -444,6 +450,12 @@ environment_changed(krb5_context context) if (context->default_cc_name_set) return 0; + /* XXX performance: always ask KCM/API if default name has changed */ + if (context->default_cc_name && + (strncmp(context->default_cc_name, "KCM:", 4) == 0 || + strncmp(context->default_cc_name, "API:", 4) == 0)) + return 1; + if(issuid()) return 0; @@ -472,7 +484,7 @@ environment_changed(krb5_context context) * @ingroup krb5_ccache */ -krb5_error_code +krb5_error_code KRB5_LIB_FUNCTION krb5_cc_switch(krb5_context context, krb5_ccache id) { @@ -482,6 +494,23 @@ krb5_cc_switch(krb5_context context, krb5_ccache id) return (*id->ops->set_default)(context, id); } +/** + * Return true if the default credential cache support switch + * + * @ingroup krb5_ccache + */ + +krb5_boolean KRB5_LIB_FUNCTION +krb5_cc_support_switch(krb5_context context, const char *type) +{ + const krb5_cc_ops *ops; + + ops = krb5_cc_get_prefix_ops(context, type); + if (ops && ops->set_default) + return 1; + return FALSE; +} + /** * Set the default cc name for `context' to `name'. * @@ -1623,13 +1652,61 @@ krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t) if (now < cred.times.endtime) *t = cred.times.endtime - now; krb5_free_cred_contents(context, &cred); - goto out; + break; } krb5_free_cred_contents(context, &cred); } - out: krb5_cc_end_seq_get(context, id, &cursor); return ret; } + +/** + * Set the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +krb5_error_code +krb5_cc_set_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat offset) +{ + if (id->ops->set_kdc_offset == NULL) { + context->kdc_sec_offset = offset; + context->kdc_usec_offset = 0; + return 0; + } + return (*id->ops->set_kdc_offset)(context, id, offset); +} + +/** + * Get the time offset betwen the client and the KDC + * + * If the backend doesn't support KDC offset, use the context global setting. + * + * @param context A Kerberos 5 context. + * @param id a credential cache + * @param offset the offset in seconds + * + * @return Return an error code or 0, see krb5_get_error_message(). + * + * @ingroup krb5_ccache + */ + +krb5_error_code +krb5_cc_get_kdc_offset(krb5_context context, krb5_ccache id, krb5_deltat *offset) +{ + if (id->ops->get_kdc_offset == NULL) { + *offset = context->kdc_sec_offset; + return 0; + } + return (*id->ops->get_kdc_offset)(context, id, offset); +}