diff options
author | Alexandra Ellwood <lxs@mit.edu> | 2008-10-01 19:34:06 +0000 |
---|---|---|
committer | Alexandra Ellwood <lxs@mit.edu> | 2008-10-01 19:34:06 +0000 |
commit | 00729527c88c65b8179b762a111bef16926d6a97 (patch) | |
tree | b0707eb5c9f704fdee953147cc2e5d2c6146753c /src/lib/krb5 | |
parent | fbe47fb2d24d9d5971b1fd2d2af9b924d1805a0f (diff) | |
download | krb5-00729527c88c65b8179b762a111bef16926d6a97.zip krb5-00729527c88c65b8179b762a111bef16926d6a97.tar.gz krb5-00729527c88c65b8179b762a111bef16926d6a97.tar.bz2 |
Finished KLL to KIM shim.
Switched krb5 code to using it.
ticket: 6134
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20796 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
-rw-r--r-- | src/lib/krb5/ccache/ccdefault.c | 54 | ||||
-rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 2 | ||||
-rw-r--r-- | src/lib/krb5/os/init_os_ctx.c | 10 |
3 files changed, 42 insertions, 24 deletions
diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c index d6a2597..e5006de 100644 --- a/src/lib/krb5/ccache/ccdefault.c +++ b/src/lib/krb5/ccache/ccdefault.c @@ -29,8 +29,8 @@ #include "k5-int.h" -#if defined(USE_LOGIN_LIBRARY) -#include "KerberosLoginPrivate.h" +#if defined(USE_KIM) +#include <kim/kim.h> #elif defined(USE_LEASH) static void (*pLeash_AcquireInitialTicketsIfNeeded)(krb5_context,krb5_principal,char*,int) = NULL; static HANDLE hLeashDLL = INVALID_HANDLE_VALUE; @@ -77,25 +77,43 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) return KV5M_CONTEXT; } -#ifdef USE_LOGIN_LIBRARY +#ifdef USE_KIM { - /* make sure the default cache has tix before you open it */ - KLStatus err = klNoErr; - char *outCacheName = NULL; + kim_error err = KIM_NO_ERROR; + kim_ccache kimccache = NULL; + kim_identity identity = KIM_IDENTITY_ANY; + kim_credential_state state; + kim_string name = NULL; - /* Try to make sure a krb5 tgt is in the cache */ - err = __KLInternalAcquireInitialTicketsForCache (krb5_cc_default_name (context), kerberosVersion_V5, - NULL, NULL, &outCacheName); - if (err == klNoErr) { - /* This function tries to get tickets and put them in the specified - cache, however, if the cache does not exist, it may choose to put - them elsewhere (ie: the system default) so we set that here */ - const char * ccdefname = krb5_cc_default_name (context); - if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) { - krb5_cc_set_default_name (context, outCacheName); - } - KLDisposeString (outCacheName); + err = kim_ccache_create_from_display_name (&kimccache, + krb5_cc_default_name (context)); + + if (!err) { + err = kim_ccache_get_client_identity (kimccache, &identity); + } + + if (!err) { + err = kim_ccache_get_state (kimccache, &state); + } + + if (err || state != kim_credentials_state_valid) { + /* Either the ccache is does not exist or is invalid. Get new + * tickets. Use the identity in the ccache if there was one. */ + kim_ccache_free (&kimccache); + err = kim_ccache_create_new (&kimccache, + identity, KIM_OPTIONS_DEFAULT); } + + if (!err) { + err = kim_ccache_get_display_name (kimccache, &name); + } + + if (!err) { + krb5_cc_set_default_name (context, name); + } + + kim_string_free (&name); + kim_ccache_free (&kimccache); } #else #ifdef USE_LEASH diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 094eb79..bd5cbd1 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -186,7 +186,7 @@ krb5_get_init_creds_password(krb5_context context, use_master = 0; } -#ifdef USE_LOGIN_LIBRARY +#ifdef USE_KIM if (ret == KRB5KDC_ERR_KEY_EXP) goto cleanup; /* Login library will deal appropriately with this error */ #endif diff --git a/src/lib/krb5/os/init_os_ctx.c b/src/lib/krb5/os/init_os_ctx.c index 06a5b6b..5011d54 100644 --- a/src/lib/krb5/os/init_os_ctx.c +++ b/src/lib/krb5/os/init_os_ctx.c @@ -32,8 +32,8 @@ #include "os-proto.h" #include "prof_int.h" /* XXX for profile_copy, not public yet */ -#ifdef USE_LOGIN_LIBRARY -#include "KerberosLoginPrivate.h" +#ifdef USE_KIM +#include "kim/kim_library.h" #endif #if defined(_WIN32) @@ -240,10 +240,10 @@ os_get_default_config_files(profile_filespec_t **pfiles, krb5_boolean secure) unsigned int ent_len; const char *s, *t; -#ifdef USE_LOGIN_LIBRARY - /* If __KLAllowHomeDirectoryAccess() == FALSE, we are probably +#ifdef USE_KIM + /* If kim_library_allow_home_directory_access() == FALSE, we are probably trying to authenticate to a fileserver for the user's homedir. */ - if (!__KLAllowHomeDirectoryAccess ()) + if (!kim_library_allow_home_directory_access ()) secure = 1; #endif if (secure) { |