lib/krb5_wrap: add smb_krb5_cc_new_unique_memory()

This generates a memory credential cache that is
not visible to a (the default) credential cache collection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7cc28697e8162d60aeff669f950aae727d4b5d10..0df4d04208148d483231460acda0f4f86fbc9659 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1093,6 +1093,80 @@ krb5_error_code smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx,
        return 0;
 }
 
+krb5_error_code smb_krb5_cc_new_unique_memory(krb5_context context,
+                                             TALLOC_CTX *mem_ctx,
+                                             char **ccache_name,
+                                             krb5_ccache *id)
+{
+       krb5_error_code code;
+       const char *type = NULL;
+       const char *name = NULL;
+
+       if (ccache_name != NULL) {
+               *ccache_name = NULL;
+       }
+       *id = NULL;
+
+#ifdef SAMBA4_USES_HEIMDAL
+       /*
+        * "MEMORY:anonymous" is not visible to
+        * the credential cache collection iterator
+        *
+        * It creates anonymous-POINTER-UNIQUECOUNTTER
+        * in the background.
+        */
+       code = krb5_cc_resolve(context, "MEMORY:anonymous", id);
+       if (code != 0) {
+               DBG_ERR("krb5_cc_resolve(MEMORY:anonymous) failed: %s\n",
+                       smb_get_krb5_error_message(
+                               context, code, mem_ctx));
+               return code;
+       }
+#else /* MIT */
+       /*
+        * In MIT the "MEMORY:" credential cache collection
+        * only contains the default cache (at most).
+        */
+       code = krb5_cc_new_unique(context, "MEMORY", NULL, id);
+       if (code != 0) {
+               DBG_ERR("krb5_cc_new_unique failed: %s\n",
+                       smb_get_krb5_error_message(
+                               context, code, mem_ctx));
+               return code;
+       }
+#endif /* MIT */
+
+       type = krb5_cc_get_type(context, *id);
+       if (type == NULL) {
+               DBG_ERR("krb5_cc_get_type failed...\n");
+               krb5_cc_destroy(context, *id);
+               *id = NULL;
+               return KRB5_CC_UNKNOWN_TYPE;
+       }
+
+       name = krb5_cc_get_name(context, *id);
+       if (name == NULL) {
+               DBG_ERR("krb5_cc_get_name failed...\n");
+               krb5_cc_destroy(context, *id);
+               *id = NULL;
+               return KRB5_CC_BADNAME;
+       }
+
+       if (ccache_name == NULL) {
+               return 0;
+       }
+
+       *ccache_name = talloc_asprintf(mem_ctx, "%s:%s", type, name);
+       if (*ccache_name == NULL) {
+               DBG_ERR("krb5_cc_get_name failed...\n");
+               krb5_cc_destroy(context, *id);
+               *id = NULL;
+               return ENOMEM;
+       }
+
+       return 0;
+}
+
 /**
  * @brief
  *

diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index df6d392c02032dc193b10fb418e634f8b7eadec7..a3470c1ea283324df6ae6f00f0834f6710a2ed67 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -450,6 +450,11 @@ krb5_error_code krb5_warnx(krb5_context context, const char *fmt, ...)
        PRINTF_ATTRIBUTE(2, 0);
 #endif
 
+krb5_error_code smb_krb5_cc_new_unique_memory(krb5_context context,
+                                             TALLOC_CTX *mem_ctx,
+                                             char **ccache_name,
+                                             krb5_ccache *id);
+
 krb5_error_code smb_krb5_cc_copy_creds(krb5_context context,
                                       krb5_ccache incc, krb5_ccache outcc);