- Formalize the TYPE:collection_name:subsidiary_name naming scheme for
ccaches in ccache collections
- KEYRING: ccaches are weird because they have one more optional field: the
"anchor", so rather than just assume a naming convention everywhere, we
add new functions as well
- Add krb5_cc_{resolve,default}_sub() that allows one to specify a
"subsidiary" ccache name in a collection separately from the
collection name
- Add krb5_cc_{resolve,default}_for() which take a principal name,
unparse it, and use it as the subsidiary ccache name (with colons
replaced)
- Make kinit use the new interfaces
- Add missing DIR ccache iteration functionality
- Revamps test_cc
- Add krb5_cc_get_collection() and krb5_cc_get_subsidiary()
- Bump the ccops SPI version number
- Add gss_store_cred_into2()
- Make MEMORY:anonymous not linked into the global MEMORY ccache
collection, and uses this for delegated cred handles
TBD:
- Split this up into a krb5 change and gss mech_krb5 change?
- Add krb5_cc_init_and_store() utility, per Greg's suggestion?
Move init/copy/destroy fallback sequence from fcc_move() to
krb5_cc_move().
Make sure all backends's move() method calls krb5_cc_destroy() on the
source on success (and only on success).
In text_cc make sure that we can find in the destination the cred
stored into the source.
After the for loop 'key' cannot have the value -1. The loop
must execute at least once resulting either in the function
returning to the caller or the value of 'key' getting set to
a value other than -1.
Change-Id: Idaf65e3cf3d22a27828ad0dd04650a4f54ba94fc
At the completion of the while loop the value of 'ret' cannot
be zero. The expected value is KRB5_CC_END. Any other value
is an error to return to the caller. If 'ret' is KRB5_CC_END
then return krcc_end_get() result().
Change-Id: Ic2afb5a754e03d521c10a259c53fc70b86b4a132
