search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
some more doxygen
[heimdal.git] / lib / krb5 / cache.c
blobd6ec487c754d1394a45e3f82c8ba2e92718db703
1 /*
2 * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 /**
37 * @page krb5_ccache_intro The credential cache functions
38 * @section section_krb5_ccache Kerberos credential caches
39 *
40 * krb5_ccache structure holds a Kerberos credential cache.
41 *
42 * Heimdal support the follow types of credential caches:
43 *
44 * - SCC
45 * Store the credential in a database
46 * - FILE
47 * Store the credential in memory
48 * - MEMORY
49 * Store the credential in memory
50 * - API
51 * A credential cache server based solution for Mac OS X
52 * - KCM
53 * A credential cache server based solution for all platforms
54 *
55 * @subsection Example
56 *
57 * This is a minimalistic version of klist:
58 @code
59 #include <krb5.h>
60
61 int
62 main (int argc, char **argv)
63 {
64 krb5_context context;
65 krb5_cc_cursor cursor;
66 krb5_error_code ret;
67 krb5_ccache id;
68 krb5_creds creds;
69
70 if (krb5_init_context (&context) != 0)
71 errx(1, "krb5_context");
72
73 ret = krb5_cc_default (context, &id);
74 if (ret)
75 krb5_err(context, 1, ret, "krb5_cc_default");
76
77 ret = krb5_cc_start_seq_get(context, id, &cursor);
78 if (ret)
79 krb5_err(context, 1, ret, "krb5_cc_start_seq_get");
80
81 while((ret = krb5_cc_next_cred(context, id, &cursor, &creds)) == 0){
82 char *principal;
83
84 krb5_unparse_name_short(context, creds.server, &principal);
85 printf("principal: %s\\n", principal);
86 free(principal);
87 krb5_free_cred_contents (context, &creds);
88 }
89 ret = krb5_cc_end_seq_get(context, id, &cursor);
90 if (ret)
91 krb5_err(context, 1, ret, "krb5_cc_end_seq_get");
92
93 krb5_cc_close(context, id);
94
95 krb5_free_context(context);
96 return 0;
97 }
98 * @endcode
99 */
100
101 /**
102 * Add a new ccache type with operations `ops', overwriting any
103 * existing one if `override'.
104 *
105 * @param context a Keberos context
106 * @param ops type of plugin symbol
107 * @param override flag to select if the registration is to overide
108 * an existing ops with the same name.
109 *
110 * @return Return an error code or 0, see krb5_get_error_message().
111 *
112 * @ingroup krb5_ccache
113 */
114
115 krb5_error_code KRB5_LIB_FUNCTION
116 krb5_cc_register(krb5_context context,
117 const krb5_cc_ops *ops,
118 krb5_boolean override)
119 {
120 int i;
121
122 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
123 if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
124 if(!override) {
125 krb5_set_error_message(context,
126 KRB5_CC_TYPE_EXISTS,
127 N_("cache type %s already exists", "type"),
128 ops->prefix);
129 return KRB5_CC_TYPE_EXISTS;
130 }
131 break;
132 }
133 }
134 if(i == context->num_cc_ops) {
135 krb5_cc_ops *o = realloc(context->cc_ops,
136 (context->num_cc_ops + 1) *
137 sizeof(*context->cc_ops));
138 if(o == NULL) {
139 krb5_set_error_message(context, KRB5_CC_NOMEM,
140 N_("malloc: out of memory", ""));
141 return KRB5_CC_NOMEM;
142 }
143 context->num_cc_ops++;
144 context->cc_ops = o;
145 memset(context->cc_ops + i, 0,
146 (context->num_cc_ops - i) * sizeof(*context->cc_ops));
147 }
148 memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
149 return 0;
150 }
151
152 /*
153 * Allocate the memory for a `id' and the that function table to
154 * `ops'. Returns 0 or and error code.
155 */
156
157 krb5_error_code
158 _krb5_cc_allocate(krb5_context context,
159 const krb5_cc_ops *ops,
160 krb5_ccache *id)
161 {
162 krb5_ccache p;
163
164 p = malloc (sizeof(*p));
165 if(p == NULL) {
166 krb5_set_error_message(context, KRB5_CC_NOMEM,
167 N_("malloc: out of memory", ""));
168 return KRB5_CC_NOMEM;
169 }
170 p->ops = ops;
171 *id = p;
172
173 return 0;
174 }
175
176 /*
177 * Allocate memory for a new ccache in `id' with operations `ops'
178 * and name `residual'. Return 0 or an error code.
179 */
180
181 static krb5_error_code
182 allocate_ccache (krb5_context context,
183 const krb5_cc_ops *ops,
184 const char *residual,
185 krb5_ccache *id)
186 {
187 krb5_error_code ret;
188
189 ret = _krb5_cc_allocate(context, ops, id);
190 if (ret)
191 return ret;
192 ret = (*id)->ops->resolve(context, id, residual);
193 if(ret)
194 free(*id);
195 return ret;
196 }
197
198 /**
199 * Find and allocate a ccache in `id' from the specification in `residual'.
200 * If the ccache name doesn't contain any colon, interpret it as a file name.
201 *
202 * @param context a Keberos context.
203 * @param name string name of a credential cache.
204 * @param id return pointer to a found credential cache.
205 *
206 * @return Return 0 or an error code. In case of an error, id is set
207 * to NULL, see krb5_get_error_message().
208 *
209 * @ingroup krb5_ccache
210 */
211
212
213 krb5_error_code KRB5_LIB_FUNCTION
214 krb5_cc_resolve(krb5_context context,
215 const char *name,
216 krb5_ccache *id)
217 {
218 int i;
219
220 *id = NULL;
221
222 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
223 size_t prefix_len = strlen(context->cc_ops[i].prefix);
224
225 if(strncmp(context->cc_ops[i].prefix, name, prefix_len) == 0
226 && name[prefix_len] == ':') {
227 return allocate_ccache (context, &context->cc_ops[i],
228 name + prefix_len + 1,
229 id);
230 }
231 }
232 if (strchr (name, ':') == NULL)
233 return allocate_ccache (context, &krb5_fcc_ops, name, id);
234 else {
235 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
236 N_("unknown ccache type %s", "name"), name);
237 return KRB5_CC_UNKNOWN_TYPE;
238 }
239 }
240
241 /**
242 * Generates a new unique ccache of `type` in `id'. If `type' is NULL,
243 * the library chooses the default credential cache type. The supplied
244 * `hint' (that can be NULL) is a string that the credential cache
245 * type can use to base the name of the credential on, this is to make
246 * it easier for the user to differentiate the credentials.
247 *
248 * @return Return an error code or 0, see krb5_get_error_message().
249 *
250 * @ingroup krb5_ccache
251 */
252
253 krb5_error_code KRB5_LIB_FUNCTION
254 krb5_cc_new_unique(krb5_context context, const char *type,
255 const char *hint, krb5_ccache *id)
256 {
257 const krb5_cc_ops *ops;
258 krb5_error_code ret;
259
260 ops = krb5_cc_get_prefix_ops(context, type);
261 if (ops == NULL) {
262 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
263 "Credential cache type %s is unknown", type);
264 return KRB5_CC_UNKNOWN_TYPE;
265 }
266
267 ret = _krb5_cc_allocate(context, ops, id);
268 if (ret)
269 return ret;
270 ret = (*id)->ops->gen_new(context, id);
271 if (ret) {
272 free(*id);
273 *id = NULL;
274 }
275 return ret;
276 }
277
278 /**
279 * Return the name of the ccache `id'
280 *
281 * @ingroup krb5_ccache
282 */
283
284
285 const char* KRB5_LIB_FUNCTION
286 krb5_cc_get_name(krb5_context context,
287 krb5_ccache id)
288 {
289 return id->ops->get_name(context, id);
290 }
291
292 /**
293 * Return the type of the ccache `id'.
294 *
295 * @ingroup krb5_ccache
296 */
297
298
299 const char* KRB5_LIB_FUNCTION
300 krb5_cc_get_type(krb5_context context,
301 krb5_ccache id)
302 {
303 return id->ops->prefix;
304 }
305
306 /**
307 * Return the complete resolvable name the ccache `id' in `str´.
308 * `str` should be freed with free(3).
309 * Returns 0 or an error (and then *str is set to NULL).
310 *
311 * @ingroup krb5_ccache
312 */
313
314
315 krb5_error_code KRB5_LIB_FUNCTION
316 krb5_cc_get_full_name(krb5_context context,
317 krb5_ccache id,
318 char **str)
319 {
320 const char *type, *name;
321
322 *str = NULL;
323
324 type = krb5_cc_get_type(context, id);
325 if (type == NULL) {
326 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
327 "cache have no name of type");
328 return KRB5_CC_UNKNOWN_TYPE;
329 }
330
331 name = krb5_cc_get_name(context, id);
332 if (name == NULL) {
333 krb5_set_error_message(context, KRB5_CC_BADNAME,
334 "cache of type %s have no name", type);
335 return KRB5_CC_BADNAME;
336 }
337
338 if (asprintf(str, "%s:%s", type, name) == -1) {
339 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
340 *str = NULL;
341 return ENOMEM;
342 }
343 return 0;
344 }
345
346 /**
347 * Return krb5_cc_ops of a the ccache `id'.
348 *
349 * @ingroup krb5_ccache
350 */
351
352
353 const krb5_cc_ops *
354 krb5_cc_get_ops(krb5_context context, krb5_ccache id)
355 {
356 return id->ops;
357 }
358
359 /*
360 * Expand variables in `str' into `res'
361 */
362
363 krb5_error_code
364 _krb5_expand_default_cc_name(krb5_context context, const char *str, char **res)
365 {
366 size_t tlen, len = 0;
367 char *tmp, *tmp2, *append;
368
369 *res = NULL;
370
371 while (str && *str) {
372 tmp = strstr(str, "%{");
373 if (tmp && tmp != str) {
374 append = malloc((tmp - str) + 1);
375 if (append) {
376 memcpy(append, str, tmp - str);
377 append[tmp - str] = '\0';
378 }
379 str = tmp;
380 } else if (tmp) {
381 tmp2 = strchr(tmp, '}');
382 if (tmp2 == NULL) {
383 free(*res);
384 *res = NULL;
385 krb5_set_error_message(context, KRB5_CONFIG_BADFORMAT,
386 "variable missing }");
387 return KRB5_CONFIG_BADFORMAT;
388 }
389 if (strncasecmp(tmp, "%{uid}", 6) == 0)
390 asprintf(&append, "%u", (unsigned)getuid());
391 else if (strncasecmp(tmp, "%{null}", 7) == 0)
392 append = strdup("");
393 else {
394 free(*res);
395 *res = NULL;
396 krb5_set_error_message(context,
397 KRB5_CONFIG_BADFORMAT,
398 "expand default cache unknown "
399 "variable \"%.*s\"",
400 (int)(tmp2 - tmp) - 2, tmp + 2);
401 return KRB5_CONFIG_BADFORMAT;
402 }
403 str = tmp2 + 1;
404 } else {
405 append = strdup(str);
406 str = NULL;
407 }
408 if (append == NULL) {
409 free(*res);
410 *res = NULL;
411 krb5_set_error_message(context, ENOMEM,
412 N_("malloc: out of memory", ""));
413 return ENOMEM;
414 }
415
416 tlen = strlen(append);
417 tmp = realloc(*res, len + tlen + 1);
418 if (tmp == NULL) {
419 free(append);
420 free(*res);
421 *res = NULL;
422 krb5_set_error_message(context, ENOMEM,
423 N_("malloc: out of memory", ""));
424 return ENOMEM;
425 }
426 *res = tmp;
427 memcpy(*res + len, append, tlen + 1);
428 len = len + tlen;
429 free(append);
430 }
431 return 0;
432 }
433
434 /*
435 * Return non-zero if envirnoment that will determine default krb5cc
436 * name has changed.
437 */
438
439 static int
440 environment_changed(krb5_context context)
441 {
442 const char *e;
443
444 /* if the cc name was set, don't change it */
445 if (context->default_cc_name_set)
446 return 0;
447
448 if(issuid())
449 return 0;
450
451 e = getenv("KRB5CCNAME");
452 if (e == NULL) {
453 if (context->default_cc_name_env) {
454 free(context->default_cc_name_env);
455 context->default_cc_name_env = NULL;
456 return 1;
457 }
458 } else {
459 if (context->default_cc_name_env == NULL)
460 return 1;
461 if (strcmp(e, context->default_cc_name_env) != 0)
462 return 1;
463 }
464 return 0;
465 }
466
467 /**
468 * Switch the default default credential cache for a specific
469 * credcache type (and name for some implementations).
470 *
471 * @return Return an error code or 0, see krb5_get_error_message().
472 *
473 * @ingroup krb5_ccache
474 */
475
476 krb5_error_code
477 krb5_cc_switch(krb5_context context, krb5_ccache id)
478 {
479
480 if (id->ops->set_default == NULL)
481 return 0;
482
483 return (*id->ops->set_default)(context, id);
484 }
485
486 /**
487 * Set the default cc name for `context' to `name'.
488 *
489 * @ingroup krb5_ccache
490 */
491
492 krb5_error_code KRB5_LIB_FUNCTION
493 krb5_cc_set_default_name(krb5_context context, const char *name)
494 {
495 krb5_error_code ret = 0;
496 char *p;
497
498 if (name == NULL) {
499 const char *e = NULL;
500
501 if(!issuid()) {
502 e = getenv("KRB5CCNAME");
503 if (e) {
504 p = strdup(e);
505 if (context->default_cc_name_env)
506 free(context->default_cc_name_env);
507 context->default_cc_name_env = strdup(e);
508 }
509 }
510 if (e == NULL) {
511 e = krb5_config_get_string(context, NULL, "libdefaults",
512 "default_cc_name", NULL);
513 if (e) {
514 ret = _krb5_expand_default_cc_name(context, e, &p);
515 if (ret)
516 return ret;
517 }
518 if (e == NULL) {
519 const krb5_cc_ops *ops = KRB5_DEFAULT_CCTYPE;
520 e = krb5_config_get_string(context, NULL, "libdefaults",
521 "default_cc_type", NULL);
522 if (e) {
523 ops = krb5_cc_get_prefix_ops(context, e);
524 if (ops == NULL) {
525 krb5_set_error_message(context,
526 KRB5_CC_UNKNOWN_TYPE,
527 "Credential cache type %s "
528 "is unknown", e);
529 return KRB5_CC_UNKNOWN_TYPE;
530 }
531 }
532 ret = (*ops->get_default_name)(context, &p);
533 if (ret)
534 return ret;
535 }
536 }
537 context->default_cc_name_set = 0;
538 } else {
539 p = strdup(name);
540 context->default_cc_name_set = 1;
541 }
542
543 if (p == NULL) {
544 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
545 return ENOMEM;
546 }
547
548 if (context->default_cc_name)
549 free(context->default_cc_name);
550
551 context->default_cc_name = p;
552
553 return ret;
554 }
555
556 /**
557 * Return a pointer to a context static string containing the default
558 * ccache name.
559 *
560 * @return String to the default credential cache name.
561 *
562 * @ingroup krb5_ccache
563 */
564
565
566 const char* KRB5_LIB_FUNCTION
567 krb5_cc_default_name(krb5_context context)
568 {
569 if (context->default_cc_name == NULL || environment_changed(context))
570 krb5_cc_set_default_name(context, NULL);
571
572 return context->default_cc_name;
573 }
574
575 /**
576 * Open the default ccache in `id'.
577 *
578 * @return Return an error code or 0, see krb5_get_error_message().
579 *
580 * @ingroup krb5_ccache
581 */
582
583
584 krb5_error_code KRB5_LIB_FUNCTION
585 krb5_cc_default(krb5_context context,
586 krb5_ccache *id)
587 {
588 const char *p = krb5_cc_default_name(context);
589
590 if (p == NULL) {
591 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
592 return ENOMEM;
593 }
594 return krb5_cc_resolve(context, p, id);
595 }
596
597 /**
598 * Create a new ccache in `id' for `primary_principal'.
599 *
600 * @return Return an error code or 0, see krb5_get_error_message().
601 *
602 * @ingroup krb5_ccache
603 */
604
605
606 krb5_error_code KRB5_LIB_FUNCTION
607 krb5_cc_initialize(krb5_context context,
608 krb5_ccache id,
609 krb5_principal primary_principal)
610 {
611 return (*id->ops->init)(context, id, primary_principal);
612 }
613
614
615 /**
616 * Remove the ccache `id'.
617 *
618 * @return Return an error code or 0, see krb5_get_error_message().
619 *
620 * @ingroup krb5_ccache
621 */
622
623
624 krb5_error_code KRB5_LIB_FUNCTION
625 krb5_cc_destroy(krb5_context context,
626 krb5_ccache id)
627 {
628 krb5_error_code ret;
629
630 ret = (*id->ops->destroy)(context, id);
631 krb5_cc_close (context, id);
632 return ret;
633 }
634
635 /**
636 * Stop using the ccache `id' and free the related resources.
637 *
638 * @return Return an error code or 0, see krb5_get_error_message().
639 *
640 * @ingroup krb5_ccache
641 */
642
643
644 krb5_error_code KRB5_LIB_FUNCTION
645 krb5_cc_close(krb5_context context,
646 krb5_ccache id)
647 {
648 krb5_error_code ret;
649 ret = (*id->ops->close)(context, id);
650 free(id);
651 return ret;
652 }
653
654 /**
655 * Store `creds' in the ccache `id'.
656 *
657 * @return Return an error code or 0, see krb5_get_error_message().
658 *
659 * @ingroup krb5_ccache
660 */
661
662
663 krb5_error_code KRB5_LIB_FUNCTION
664 krb5_cc_store_cred(krb5_context context,
665 krb5_ccache id,
666 krb5_creds *creds)
667 {
668 return (*id->ops->store)(context, id, creds);
669 }
670
671 /**
672 * Retrieve the credential identified by `mcreds' (and `whichfields')
673 * from `id' in `creds'. 'creds' must be free by the caller using
674 * krb5_free_cred_contents.
675 *
676 * @return Return an error code or 0, see krb5_get_error_message().
677 *
678 * @ingroup krb5_ccache
679 */
680
681
682 krb5_error_code KRB5_LIB_FUNCTION
683 krb5_cc_retrieve_cred(krb5_context context,
684 krb5_ccache id,
685 krb5_flags whichfields,
686 const krb5_creds *mcreds,
687 krb5_creds *creds)
688 {
689 krb5_error_code ret;
690 krb5_cc_cursor cursor;
691
692 if (id->ops->retrieve != NULL) {
693 return (*id->ops->retrieve)(context, id, whichfields,
694 mcreds, creds);
695 }
696
697 ret = krb5_cc_start_seq_get(context, id, &cursor);
698 if (ret)
699 return ret;
700 while((ret = krb5_cc_next_cred(context, id, &cursor, creds)) == 0){
701 if(krb5_compare_creds(context, whichfields, mcreds, creds)){
702 ret = 0;
703 break;
704 }
705 krb5_free_cred_contents (context, creds);
706 }
707 krb5_cc_end_seq_get(context, id, &cursor);
708 return ret;
709 }
710
711 /**
712 * Return the principal of `id' in `principal'.
713 *
714 * @return Return an error code or 0, see krb5_get_error_message().
715 *
716 * @ingroup krb5_ccache
717 */
718
719
720 krb5_error_code KRB5_LIB_FUNCTION
721 krb5_cc_get_principal(krb5_context context,
722 krb5_ccache id,
723 krb5_principal *principal)
724 {
725 return (*id->ops->get_princ)(context, id, principal);
726 }
727
728 /**
729 * Start iterating over `id', `cursor' is initialized to the
730 * beginning. Caller must free the cursor with krb5_cc_end_seq_get().
731 *
732 * @return Return an error code or 0, see krb5_get_error_message().
733 *
734 * @ingroup krb5_ccache
735 */
736
737
738 krb5_error_code KRB5_LIB_FUNCTION
739 krb5_cc_start_seq_get (krb5_context context,
740 const krb5_ccache id,
741 krb5_cc_cursor *cursor)
742 {
743 return (*id->ops->get_first)(context, id, cursor);
744 }
745
746 /**
747 * Retrieve the next cred pointed to by (`id', `cursor') in `creds'
748 * and advance `cursor'.
749 *
750 * @return Return an error code or 0, see krb5_get_error_message().
751 *
752 * @ingroup krb5_ccache
753 */
754
755
756 krb5_error_code KRB5_LIB_FUNCTION
757 krb5_cc_next_cred (krb5_context context,
758 const krb5_ccache id,
759 krb5_cc_cursor *cursor,
760 krb5_creds *creds)
761 {
762 return (*id->ops->get_next)(context, id, cursor, creds);
763 }
764
765 /**
766 * Destroy the cursor `cursor'.
767 *
768 * @ingroup krb5_ccache
769 */
770
771
772 krb5_error_code KRB5_LIB_FUNCTION
773 krb5_cc_end_seq_get (krb5_context context,
774 const krb5_ccache id,
775 krb5_cc_cursor *cursor)
776 {
777 return (*id->ops->end_get)(context, id, cursor);
778 }
779
780 /**
781 * Remove the credential identified by `cred', `which' from `id'.
782 *
783 * @ingroup krb5_ccache
784 */
785
786
787 krb5_error_code KRB5_LIB_FUNCTION
788 krb5_cc_remove_cred(krb5_context context,
789 krb5_ccache id,
790 krb5_flags which,
791 krb5_creds *cred)
792 {
793 if(id->ops->remove_cred == NULL) {
794 krb5_set_error_message(context,
795 EACCES,
796 "ccache %s does not support remove_cred",
797 id->ops->prefix);
798 return EACCES; /* XXX */
799 }
800 return (*id->ops->remove_cred)(context, id, which, cred);
801 }
802
803 /**
804 * Set the flags of `id' to `flags'.
805 *
806 * @ingroup krb5_ccache
807 */
808
809
810 krb5_error_code KRB5_LIB_FUNCTION
811 krb5_cc_set_flags(krb5_context context,
812 krb5_ccache id,
813 krb5_flags flags)
814 {
815 return (*id->ops->set_flags)(context, id, flags);
816 }
817
818 /**
819 * Get the flags of `id', store them in `flags'.
820 *
821 * @ingroup krb5_ccache
822 */
823
824 krb5_error_code KRB5_LIB_FUNCTION
825 krb5_cc_get_flags(krb5_context context,
826 krb5_ccache id,
827 krb5_flags *flags)
828 {
829 *flags = 0;
830 return 0;
831 }
832
833 /**
834 * Copy the contents of `from' to `to' if the given match function
835 * return true.
836 *
837 * @param context A Kerberos 5 context.
838 * @param from the cache to copy data from.
839 * @param to the cache to copy data to.
840 * @param match a match function that should return TRUE if cred argument should be copied, if NULL, all credentials are copied.
841 * @param matchctx context passed to match function.
842 * @param matched set to true if there was a credential that matched, may be NULL.
843 *
844 * @return Return an error code or 0, see krb5_get_error_message().
845 *
846 * @ingroup krb5_ccache
847 */
848
849 krb5_error_code KRB5_LIB_FUNCTION
850 krb5_cc_copy_match_f(krb5_context context,
851 const krb5_ccache from,
852 krb5_ccache to,
853 krb5_boolean (*match)(krb5_context, void *, const krb5_creds *),
854 void *matchctx,
855 unsigned int *matched)
856 {
857 krb5_error_code ret;
858 krb5_cc_cursor cursor;
859 krb5_creds cred;
860 krb5_principal princ;
861
862 if (matched)
863 *matched = 0;
864
865 ret = krb5_cc_get_principal(context, from, &princ);
866 if (ret)
867 return ret;
868 ret = krb5_cc_initialize(context, to, princ);
869 if (ret) {
870 krb5_free_principal(context, princ);
871 return ret;
872 }
873 ret = krb5_cc_start_seq_get(context, from, &cursor);
874 if (ret) {
875 krb5_free_principal(context, princ);
876 return ret;
877 }
878
879 while ((ret = krb5_cc_next_cred(context, from, &cursor, &cred)) == 0) {
880 if (match == NULL || (*match)(context, matchctx, &cred) == 0) {
881 if (matched)
882 (*matched)++;
883 ret = krb5_cc_store_cred(context, to, &cred);
884 if (ret)
885 break;
886 }
887 krb5_free_cred_contents(context, &cred);
888 }
889 krb5_cc_end_seq_get(context, from, &cursor);
890 krb5_free_principal(context, princ);
891 if (ret == KRB5_CC_END)
892 ret = 0;
893 return ret;
894 }
895
896 /**
897 * Just like krb5_cc_copy_match_f(), but copy everything.
898 *
899 * @ingroup @krb5_ccache
900 */
901
902 krb5_error_code KRB5_LIB_FUNCTION
903 krb5_cc_copy_cache(krb5_context context,
904 const krb5_ccache from,
905 krb5_ccache to)
906 {
907 return krb5_cc_copy_match_f(context, from, to, NULL, NULL, NULL);
908 }
909
910 /**
911 * Return the version of `id'.
912 *
913 * @ingroup krb5_ccache
914 */
915
916
917 krb5_error_code KRB5_LIB_FUNCTION
918 krb5_cc_get_version(krb5_context context,
919 const krb5_ccache id)
920 {
921 if(id->ops->get_version)
922 return (*id->ops->get_version)(context, id);
923 else
924 return 0;
925 }
926
927 /**
928 * Clear `mcreds' so it can be used with krb5_cc_retrieve_cred
929 *
930 * @ingroup krb5_ccache
931 */
932
933
934 void KRB5_LIB_FUNCTION
935 krb5_cc_clear_mcred(krb5_creds *mcred)
936 {
937 memset(mcred, 0, sizeof(*mcred));
938 }
939
940 /**
941 * Get the cc ops that is registered in `context' to handle the
942 * prefix. prefix can be a complete credential cache name or a
943 * prefix, the function will only use part up to the first colon (:)
944 * if there is one. If prefix the argument is NULL, the default ccache
945 * implemtation is returned.
946 *
947 * @return Returns NULL if ops not found.
948 *
949 * @ingroup krb5_ccache
950 */
951
952
953 const krb5_cc_ops *
954 krb5_cc_get_prefix_ops(krb5_context context, const char *prefix)
955 {
956 char *p, *p1;
957 int i;
958
959 if (prefix == NULL)
960 return KRB5_DEFAULT_CCTYPE;
961 if (prefix[0] == '/')
962 return &krb5_fcc_ops;
963
964 p = strdup(prefix);
965 if (p == NULL) {
966 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
967 return NULL;
968 }
969 p1 = strchr(p, ':');
970 if (p1)
971 *p1 = '\0';
972
973 for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
974 if(strcmp(context->cc_ops[i].prefix, p) == 0) {
975 free(p);
976 return &context->cc_ops[i];
977 }
978 }
979 free(p);
980 return NULL;
981 }
982
983 struct krb5_cc_cache_cursor_data {
984 const krb5_cc_ops *ops;
985 krb5_cc_cursor cursor;
986 };
987
988 /**
989 * Start iterating over all caches of specified type. See also
990 * krb5_cccol_cursor_new().
991
992 * @param context A Kerberos 5 context
993 * @param type optional type to iterate over, if NULL, the default cache is used.
994 * @param cursor cursor should be freed with krb5_cc_cache_end_seq_get().
995 *
996 * @return Return an error code or 0, see krb5_get_error_message().
997 *
998 * @ingroup krb5_ccache
999 */
1000
1001
1002 krb5_error_code KRB5_LIB_FUNCTION
1003 krb5_cc_cache_get_first (krb5_context context,
1004 const char *type,
1005 krb5_cc_cache_cursor *cursor)
1006 {
1007 const krb5_cc_ops *ops;
1008 krb5_error_code ret;
1009
1010 if (type == NULL)
1011 type = krb5_cc_default_name(context);
1012
1013 ops = krb5_cc_get_prefix_ops(context, type);
1014 if (ops == NULL) {
1015 krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
1016 "Unknown type \"%s\" when iterating "
1017 "trying to iterate the credential caches", type);
1018 return KRB5_CC_UNKNOWN_TYPE;
1019 }
1020
1021 if (ops->get_cache_first == NULL) {
1022 krb5_set_error_message(context, KRB5_CC_NOSUPP,
1023 N_("Credential cache type %s doesn't support "
1024 "iterations over caches", "type"),
1025 ops->prefix);
1026 return KRB5_CC_NOSUPP;
1027 }
1028
1029 *cursor = calloc(1, sizeof(**cursor));
1030 if (*cursor == NULL) {
1031 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
1032 return ENOMEM;
1033 }
1034
1035 (*cursor)->ops = ops;
1036
1037 ret = ops->get_cache_first(context, &(*cursor)->cursor);
1038 if (ret) {
1039 free(*cursor);
1040 *cursor = NULL;
1041 }
1042 return ret;
1043 }
1044
1045 /**
1046 * Retrieve the next cache pointed to by (`cursor') in `id'
1047 * and advance `cursor'.
1048 *
1049 * @param context A Kerberos 5 context
1050 * @param cursor the iterator cursor, returned by krb5_cc_cache_get_first()
1051 * @param id next ccache
1052 *
1053 * @return Return 0 or an error code. Returns KRB5_CC_END when the end
1054 * of caches is reached, see krb5_get_error_message().
1055 *
1056 * @ingroup krb5_ccache
1057 */
1058
1059
1060 krb5_error_code KRB5_LIB_FUNCTION
1061 krb5_cc_cache_next (krb5_context context,
1062 krb5_cc_cache_cursor cursor,
1063 krb5_ccache *id)
1064 {
1065 return cursor->ops->get_cache_next(context, cursor->cursor, id);
1066 }
1067
1068 /**
1069 * Destroy the cursor `cursor'.
1070 *
1071 * @return Return an error code or 0, see krb5_get_error_message().
1072 *
1073 * @ingroup krb5_ccache
1074 */
1075
1076
1077 krb5_error_code KRB5_LIB_FUNCTION
1078 krb5_cc_cache_end_seq_get (krb5_context context,
1079 krb5_cc_cache_cursor cursor)
1080 {
1081 krb5_error_code ret;
1082 ret = cursor->ops->end_cache_get(context, cursor->cursor);
1083 cursor->ops = NULL;
1084 free(cursor);
1085 return ret;
1086 }
1087
1088 /**
1089 * Search for a matching credential cache that have the
1090 * `principal' as the default principal. On success, `id' needs to be
1091 * freed with krb5_cc_close() or krb5_cc_destroy().
1092 *
1093 * @param context A Kerberos 5 context
1094 * @param client The principal to search for
1095 * @param id the returned credential cache
1096 *
1097 * @return On failure, error code is returned and `id' is set to NULL.
1098 *
1099 * @ingroup krb5_ccache
1100 */
1101
1102
1103 krb5_error_code KRB5_LIB_FUNCTION
1104 krb5_cc_cache_match (krb5_context context,
1105 krb5_principal client,
1106 krb5_ccache *id)
1107 {
1108 krb5_cccol_cursor cursor;
1109 krb5_error_code ret;
1110 krb5_ccache cache = NULL;
1111
1112 *id = NULL;
1113
1114 ret = krb5_cccol_cursor_new (context, &cursor);
1115 if (ret)
1116 return ret;
1117
1118 while (krb5_cccol_cursor_next (context, cursor, &cache) == 0 && cache != NULL) {
1119 krb5_principal principal;
1120
1121 ret = krb5_cc_get_principal(context, cache, &principal);
1122 if (ret == 0) {
1123 krb5_boolean match;
1124
1125 match = krb5_principal_compare(context, principal, client);
1126 krb5_free_principal(context, principal);
1127 if (match)
1128 break;
1129 }
1130
1131 krb5_cc_close(context, cache);
1132 cache = NULL;
1133 }
1134
1135 krb5_cccol_cursor_free(context, &cursor);
1136
1137 if (cache == NULL) {
1138 char *str;
1139
1140 krb5_unparse_name(context, client, &str);
1141
1142 krb5_set_error_message(context, KRB5_CC_NOTFOUND,
1143 N_("Principal %s not found in any "
1144 "credential cache", ""),
1145 str ? str : "<out of memory>");
1146 if (str)
1147 free(str);
1148 return KRB5_CC_NOTFOUND;
1149 }
1150 *id = cache;
1151
1152 return 0;
1153 }
1154
1155 /**
1156 * Move the content from one credential cache to another. The
1157 * operation is an atomic switch.
1158 *
1159 * @param context a Keberos context
1160 * @param from the credential cache to move the content from
1161 * @param to the credential cache to move the content to
1162
1163 * @return On sucess, from is freed. On failure, error code is
1164 * returned and from and to are both still allocated, see krb5_get_error_message().
1165 *
1166 * @ingroup krb5_ccache
1167 */
1168
1169 krb5_error_code
1170 krb5_cc_move(krb5_context context, krb5_ccache from, krb5_ccache to)
1171 {
1172 krb5_error_code ret;
1173
1174 if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
1175 krb5_set_error_message(context, KRB5_CC_NOSUPP,
1176 N_("Moving credentials between diffrent "
1177 "types not yet supported", ""));
1178 return KRB5_CC_NOSUPP;
1179 }
1180
1181 ret = (*to->ops->move)(context, from, to);
1182 if (ret == 0) {
1183 memset(from, 0, sizeof(*from));
1184 free(from);
1185 }
1186 return ret;
1187 }
1188
1189 #define KRB5_CONF_NAME "krb5_ccache_conf_data"
1190 #define KRB5_REALM_NAME "X-CACHECONF:"
1191
1192 static krb5_error_code
1193 build_conf_principals(krb5_context context, krb5_ccache id,
1194 krb5_const_principal principal,
1195 const char *name, krb5_creds *cred)
1196 {
1197 krb5_principal client;
1198 krb5_error_code ret;
1199 char *pname = NULL;
1200
1201 memset(cred, 0, sizeof(*cred));
1202
1203 ret = krb5_cc_get_principal(context, id, &client);
1204 if (ret)
1205 return ret;
1206
1207 if (principal) {
1208 ret = krb5_unparse_name(context, principal, &pname);
1209 if (ret)
1210 return ret;
1211 }
1212
1213 ret = krb5_make_principal(context, &cred->server,
1214 KRB5_REALM_NAME,
1215 KRB5_CONF_NAME, name, pname, NULL);
1216 free(pname);
1217 if (ret) {
1218 krb5_free_principal(context, client);
1219 return ret;
1220 }
1221 ret = krb5_copy_principal(context, client, &cred->client);
1222 krb5_free_principal(context, client);
1223 return ret;
1224 }
1225
1226 /**
1227 * Return TRUE (non zero) if the principal is a configuration
1228 * principal (generated part of krb5_cc_set_config()). Returns FALSE
1229 * (zero) if not a configuration principal.
1230 *
1231 * @param context a Keberos context
1232 * @param principal principal to check if it a configuration principal
1233 *
1234 * @ingroup krb5_ccache
1235 */
1236
1237 krb5_boolean KRB5_LIB_FUNCTION
1238 krb5_is_config_principal(krb5_context context,
1239 krb5_const_principal principal)
1240 {
1241 if (strcmp(principal->realm, KRB5_REALM_NAME) != 0)
1242 return FALSE;
1243
1244 if (principal->name.name_string.len == 0 ||
1245 strcmp(principal->name.name_string.val[0], KRB5_CONF_NAME) != 0)
1246 return FALSE;
1247
1248 return TRUE;
1249 }
1250
1251 /**
1252 * Store some configuration for the credential cache in the cache.
1253 * Existing configuration under the same name is over-written.
1254 *
1255 * @param context a Keberos context
1256 * @param id the credential cache to store the data for
1257 * @param principal configuration for a specific principal, if
1258 * NULL, global for the whole cache.
1259 * @param name name under which the configuraion is stored.
1260 * @param data data to store, if NULL, configure is removed.
1261 *
1262 * @ingroup krb5_ccache
1263 */
1264
1265 krb5_error_code KRB5_LIB_FUNCTION
1266 krb5_cc_set_config(krb5_context context, krb5_ccache id,
1267 krb5_const_principal principal,
1268 const char *name, krb5_data *data)
1269 {
1270 krb5_error_code ret;
1271 krb5_creds cred;
1272
1273 ret = build_conf_principals(context, id, principal, name, &cred);
1274 if (ret)
1275 goto out;
1276
1277 /* Remove old configuration */
1278 ret = krb5_cc_remove_cred(context, id, 0, &cred);
1279 if (ret && ret != KRB5_CC_NOTFOUND)
1280 goto out;
1281
1282 if (data) {
1283 /* not that anyone care when this expire */
1284 cred.times.authtime = time(NULL);
1285 cred.times.endtime = cred.times.authtime + 3600 * 24 * 30;
1286
1287 ret = krb5_data_copy(&cred.ticket, data->data, data->length);
1288 if (ret)
1289 goto out;
1290
1291 ret = krb5_cc_store_cred(context, id, &cred);
1292 }
1293
1294 out:
1295 krb5_free_cred_contents (context, &cred);
1296 return ret;
1297 }
1298
1299 /**
1300 * Get some configuration for the credential cache in the cache.
1301 *
1302 * @param context a Keberos context
1303 * @param id the credential cache to store the data for
1304 * @param principal configuration for a specific principal, if
1305 * NULL, global for the whole cache.
1306 * @param name name under which the configuraion is stored.
1307 * @param data data to fetched, free with krb5_data_free()
1308 *
1309 * @ingroup krb5_ccache
1310 */
1311
1312
1313 krb5_error_code KRB5_LIB_FUNCTION
1314 krb5_cc_get_config(krb5_context context, krb5_ccache id,
1315 krb5_const_principal principal,
1316 const char *name, krb5_data *data)
1317 {
1318 krb5_creds mcred, cred;
1319 krb5_error_code ret;
1320
1321 memset(&cred, 0, sizeof(cred));
1322 krb5_data_zero(data);
1323
1324 ret = build_conf_principals(context, id, principal, name, &mcred);
1325 if (ret)
1326 goto out;
1327
1328 ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
1329 if (ret)
1330 goto out;
1331
1332 ret = krb5_data_copy(data, cred.ticket.data, cred.ticket.length);
1333
1334 out:
1335 krb5_free_cred_contents (context, &cred);
1336 krb5_free_cred_contents (context, &mcred);
1337 return ret;
1338 }
1339
1340 /*
1341 *
1342 */
1343
1344 struct krb5_cccol_cursor {
1345 int idx;
1346 krb5_cc_cache_cursor cursor;
1347 };
1348
1349 /**
1350 * Get a new cache interation cursor that will interate over all
1351 * credentials caches independent of type.
1352 *
1353 * @param context a Keberos context
1354 * @param cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free().
1355 *
1356 * @return Returns 0 or and error code, see krb5_get_error_message().
1357 *
1358 * @ingroup krb5_ccache
1359 */
1360
1361 krb5_error_code KRB5_LIB_FUNCTION
1362 krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
1363 {
1364 *cursor = calloc(1, sizeof(**cursor));
1365 if (*cursor == NULL) {
1366 krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
1367 return ENOMEM;
1368 }
1369 (*cursor)->idx = 0;
1370 (*cursor)->cursor = NULL;
1371
1372 return 0;
1373 }
1374
1375 /**
1376 * Get next credential cache from the iteration.
1377 *
1378 * @param context A Kerberos 5 context
1379 * @param cursor the iteration cursor
1380 * @param cache the returned cursor, pointer is set to NULL on failure
1381 * and a cache on success. The returned cache needs to be freed
1382 * with krb5_cc_close() or destroyed with krb5_cc_destroy().
1383 * MIT Kerberos behavies slightly diffrent and sets cache to NULL
1384 * when all caches are iterated over and return 0.
1385 *
1386 * @return Return 0 or and error, KRB5_CC_END is returned at the end
1387 * of iteration. See krb5_get_error_message().
1388 *
1389 * @ingroup krb5_ccache
1390 */
1391
1392
1393 krb5_error_code KRB5_LIB_FUNCTION
1394 krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
1395 krb5_ccache *cache)
1396 {
1397 krb5_error_code ret;
1398
1399 *cache = NULL;
1400
1401 while (cursor->idx < context->num_cc_ops) {
1402
1403 if (cursor->cursor == NULL) {
1404 ret = krb5_cc_cache_get_first (context,
1405 context->cc_ops[cursor->idx].prefix,
1406 &cursor->cursor);
1407 if (ret) {
1408 cursor->idx++;
1409 continue;
1410 }
1411 }
1412 ret = krb5_cc_cache_next(context, cursor->cursor, cache);
1413 if (ret == 0)
1414 break;
1415
1416 krb5_cc_cache_end_seq_get(context, cursor->cursor);
1417 cursor->cursor = NULL;
1418 if (ret != KRB5_CC_END)
1419 break;
1420
1421 cursor->idx++;
1422 }
1423 if (cursor->idx >= context->num_cc_ops) {
1424 krb5_set_error_message(context, KRB5_CC_END,
1425 N_("Reached end of credential caches", ""));
1426 return KRB5_CC_END;
1427 }
1428
1429 return 0;
1430 }
1431
1432 /**
1433 * End an iteration and free all resources, can be done before end is reached.
1434 *
1435 * @param context A Kerberos 5 context
1436 * @param cursor the iteration cursor to be freed.
1437 *
1438 * @return Return 0 or and error, KRB5_CC_END is returned at the end
1439 * of iteration. See krb5_get_error_message().
1440 *
1441 * @ingroup krb5_ccache
1442 */
1443
1444 krb5_error_code KRB5_LIB_FUNCTION
1445 krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
1446 {
1447 krb5_cccol_cursor c = *cursor;
1448
1449 *cursor = NULL;
1450 if (c) {
1451 if (c->cursor)
1452 krb5_cc_cache_end_seq_get(context, c->cursor);
1453 free(c);
1454 }
1455 return 0;
1456 }
1457
1458 /**
1459 * Return the last time the credential cache was modified.
1460 *
1461 * @param context A Kerberos 5 context
1462 * @param id The credential cache to probe
1463 * @param mtime the last modification time, set to 0 on error.
1464
1465 * @return Return 0 or and error. See krb5_get_error_message().
1466 *
1467 * @ingroup krb5_ccache
1468 */
1469
1470
1471 krb5_error_code KRB5_LIB_FUNCTION
1472 krb5_cc_last_change_time(krb5_context context,
1473 krb5_ccache id,
1474 krb5_timestamp *mtime)
1475 {
1476 *mtime = 0;
1477 return (*id->ops->lastchange)(context, id, mtime);
1478 }
1479
1480 /**
1481 * Return the last modfication time for a cache collection. The query
1482 * can be limited to a specific cache type. If the function return 0
1483 * and mtime is 0, there was no credentials in the caches.
1484 *
1485 * @param context A Kerberos 5 context
1486 * @param type The credential cache to probe, if NULL, all type are traversed.
1487 * @param mtime the last modification time, set to 0 on error.
1488
1489 * @return Return 0 or and error. See krb5_get_error_message().
1490 *
1491 * @ingroup krb5_ccache
1492 */
1493
1494 krb5_error_code KRB5_LIB_FUNCTION
1495 krb5_cccol_last_change_time(krb5_context context,
1496 const char *type,
1497 krb5_timestamp *mtime)
1498 {
1499 krb5_cccol_cursor cursor;
1500 krb5_error_code ret;
1501 krb5_ccache id;
1502 krb5_timestamp t = 0;
1503
1504 *mtime = 0;
1505
1506 ret = krb5_cccol_cursor_new (context, &cursor);
1507 if (ret)
1508 return ret;
1509
1510 while (krb5_cccol_cursor_next(context, cursor, &id) == 0 && id != NULL) {
1511
1512 if (type && strcmp(krb5_cc_get_type(context, id), type) != 0)
1513 continue;
1514
1515 ret = krb5_cc_last_change_time(context, id, &t);
1516 krb5_cc_close(context, id);
1517 if (ret)
1518 continue;
1519 if (t > *mtime)
1520 *mtime = t;
1521 }
1522
1523 krb5_cccol_cursor_free(context, &cursor);
1524
1525 return 0;
1526 }
1527 /**
1528 * Return a friendly name on credential cache. Free the result with krb5_xfree().
1529 *
1530 * @return Return an error code or 0, see krb5_get_error_message().
1531 *
1532 * @ingroup krb5_ccache
1533 */
1534
1535 krb5_error_code KRB5_LIB_FUNCTION
1536 krb5_cc_get_friendly_name(krb5_context context,
1537 krb5_ccache id,
1538 char **name)
1539 {
1540 krb5_error_code ret;
1541 krb5_data data;
1542
1543 ret = krb5_cc_get_config(context, id, NULL, "FriendlyName", &data);
1544 if (ret) {
1545 krb5_principal principal;
1546 ret = krb5_cc_get_principal(context, id, &principal);
1547 if (ret)
1548 return ret;
1549 ret = krb5_unparse_name(context, principal, name);
1550 krb5_free_principal(context, principal);
1551 } else {
1552 ret = asprintf(name, "%.*s", (int)data.length, (char *)data.data);
1553 krb5_data_free(&data);
1554 if (ret <= 0) {
1555 ret = ENOMEM;
1556 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1557 } else
1558 ret = 0;
1559 }
1560
1561 return ret;
1562 }
1563
1564 /**
1565 * Set the friendly name on credential cache.
1566 *
1567 * @return Return an error code or 0, see krb5_get_error_message().
1568 *
1569 * @ingroup krb5_ccache
1570 */
1571
1572 krb5_error_code KRB5_LIB_FUNCTION
1573 krb5_cc_set_friendly_name(krb5_context context,
1574 krb5_ccache id,
1575 const char *name)
1576 {
1577 krb5_data data;
1578
1579 data.data = rk_UNCONST(name);
1580 data.length = strlen(name);
1581
1582 return krb5_cc_set_config(context, id, NULL, "FriendlyName", &data);
1583 }
1584
1585 /**
1586 * Get the lifetime of the initial ticket in the cache
1587 *
1588 * Get the lifetime of the initial ticket in the cache, if the initial
1589 * ticket was not found, the error code KRB5_CC_END is returned.
1590 *
1591 * @param context A Kerberos 5 context.
1592 * @param id a credential cache
1593 * @param t the relative lifetime of the initial ticket
1594 *
1595 * @return Return an error code or 0, see krb5_get_error_message().
1596 *
1597 * @ingroup krb5_ccache
1598 */
1599
1600 krb5_error_code KRB5_LIB_FUNCTION
1601 krb5_cc_get_lifetime(krb5_context context, krb5_ccache id, time_t *t)
1602 {
1603 krb5_cc_cursor cursor;
1604 krb5_error_code ret;
1605 krb5_creds cred;
1606 time_t now;
1607
1608 *t = 0;
1609 now = time(NULL);
1610
1611 ret = krb5_cc_start_seq_get(context, id, &cursor);
1612 if (ret)
1613 return ret;
1614
1615 while ((ret = krb5_cc_next_cred(context, id, &cursor, &cred)) == 0) {
1616 if (cred.flags.b.initial) {
1617 if (now < cred.times.endtime)
1618 *t = cred.times.endtime - now;
1619 krb5_free_cred_contents(context, &cred);
1620 goto out;
1621 }
1622 krb5_free_cred_contents(context, &cred);
1623 }
1624
1625 out:
1626 krb5_cc_end_seq_get(context, id, &cursor);
1627
1628 return ret;
1629 }
Heimdal