krb5: Improve cccol sub naming; add gss_store_cred_into2()

- Formalize the TYPE:collection_name:subsidiary_name naming scheme for
   ccaches in ccache collections
    - KEYRING: ccaches are weird because they have one more optional field: the
      "anchor", so rather than just assume a naming convention everywhere, we
      add new functions as well
 - Add krb5_cc_{resolve,default}_sub() that allows one to specify a
   "subsidiary" ccache name in a collection separately from the
   collection name
 - Add krb5_cc_{resolve,default}_for() which take a principal name,
   unparse it, and use it as the subsidiary ccache name (with colons
   replaced)
 - Make kinit use the new interfaces
 - Add missing DIR ccache iteration functionality
 - Revamps test_cc
 - Add krb5_cc_get_collection() and krb5_cc_get_subsidiary()
 - Bump the ccops SPI version number
 - Add gss_store_cred_into2()
 - Make MEMORY:anonymous not linked into the global MEMORY ccache
   collection, and uses this for delegated cred handles

TBD:

 - Split this up into a krb5 change and gss mech_krb5 change?
 - Add krb5_cc_init_and_store() utility, per Greg's suggestion?

lib/krb5/fcache.c

@@ -62,14 +62,23 @@ struct fcc_cursor {
 
 #define FCC_CURSOR(C) ((struct fcc_cursor*)(C))
 
-static const char* KRB5_CALLCONV
+static krb5_error_code KRB5_CALLCONV
 fcc_get_name(krb5_context context,
-	     krb5_ccache id)
+	     krb5_ccache id,
+             const char **name,
+             const char **colname,
+             const char **sub)
 {
     if (FCACHE(id) == NULL)
-        return NULL;
+        return KRB5_CC_NOTFOUND;
 
-    return FILENAME(id);
+    if (name)
+        *name = FILENAME(id);
+    if (colname)
+        *colname = FILENAME(id);
+    if (sub)
+        *sub = NULL;
+    return 0;
 }
 
 KRB5_LIB_FUNCTION int KRB5_LIB_CALL
@@ -178,15 +187,32 @@ static krb5_error_code KRB5_CALLCONV
 fcc_lock(krb5_context context, krb5_ccache id,
 	 int fd, krb5_boolean exclusive)
 {
+    krb5_error_code ret;
+    const char *name;
+
     if (exclusive == FALSE)
         return 0;
-    return _krb5_xlock(context, fd, exclusive, fcc_get_name(context, id));
+    ret = fcc_get_name(context, id, &name, NULL, NULL);
+    if (ret == 0)
+        ret = _krb5_xlock(context, fd, exclusive, name);
+    return ret;
 }
 
 static krb5_error_code KRB5_CALLCONV
-fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
+fcc_resolve(krb5_context context,
+            krb5_ccache *id,
+            const char *res,
+            const char *sub)
 {
     krb5_fcache *f;
+
+    if (sub && *sub) {
+        krb5_set_error_message(context, KRB5_CC_NOSUPP,
+                               N_("FILE ccache type is not a collection "
+                                  "type", ""));
+        return KRB5_CC_NOSUPP;
+    }
+
     f = calloc(1, sizeof(*f));
     if(f == NULL) {
 	krb5_set_error_message(context, KRB5_CC_NOMEM,
@@ -204,6 +230,7 @@ fcc_resolve(krb5_context context, krb5_ccache *id, const char *res)
     f->version = 0;
     (*id)->data.data = f;
     (*id)->data.length = sizeof(*f);
+
     return 0;
 }
 
@@ -647,11 +674,8 @@ fcc_destroy(krb5_context context,
     if (FCACHE(id) == NULL)
         return krb5_einval(context, 2);
 
-    if (TMPFILENAME(id)) {
+    if (TMPFILENAME(id))
         (void) _krb5_erase_file(context, TMPFILENAME(id));
-        free(TMPFILENAME(id));
-        TMPFILENAME(id) = NULL;
-    }
     return _krb5_erase_file(context, FILENAME(id));
 }