:c:func:`krb5_auth_con_setsendsubkey()` H5l: Not implemented as of version 1.3.3
:c:func:`krb5_cc_set_config()` MIT: Before version 1.10 it was assumed that
the last argument *data* is ALWAYS non-zero.
- :c:func:`krb5_cccol_last_change_time()` H5l takes 3 arguments: krb5_context context,
- const char \*type, krb5_timestamp \*change_time
- MIT takes two arguments: krb5_context context,
- krb5_timestamp \*change_time
+ :c:func:`krb5_cccol_last_change_time()` MIT: not implemented
:c:func:`krb5_set_default_realm()` H5l: Caches the computed default realm context
field. If the second argument is NULL,
it tries to retrieve it from libdefaults or DNS.
krb5_cc_get_config.rst
krb5_cc_get_flags.rst
krb5_cc_get_full_name.rst
- krb5_cc_last_change_time.rst
- krb5_cc_lock.rst
krb5_cc_move.rst
krb5_cc_next_cred.rst
krb5_cc_remove_cred.rst
krb5_cc_store_cred.rst
krb5_cc_support_switch.rst
krb5_cc_switch.rst
- krb5_cc_unlock.rst
krb5_cccol_cursor_free.rst
krb5_cccol_cursor_new.rst
krb5_cccol_cursor_next.rst
krb5_cccol_have_content.rst
- krb5_cccol_last_change_time.rst
- krb5_cccol_lock.rst
- krb5_cccol_unlock.rst
krb5_clear_error_message.rst
krb5_check_clockskew.rst
krb5_copy_addresses.rst
krb5_error_code KRB5_CALLCONV
krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst);
-/**
- * Return a timestamp of the last modification to a credential cache.
- *
- * @param [in] context Library context
- * @param [in] ccache Credential cache handle
- * @param [out] change_time The last change time of @a ccache
- *
- * If an error occurs, @a change_time is set to 0.
- */
-krb5_error_code KRB5_CALLCONV
-krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache,
- krb5_timestamp *change_time);
-
-/**
- * Lock a credential cache.
- *
- * @param [in] context Library context
- * @param [in] ccache Credential cache handle
- *
- * Use krb5_cc_unlock() to unlock the lock.
- *
- * @retval 0 Success; otherwise - Kerberos error codes
- */
-krb5_error_code KRB5_CALLCONV
-krb5_cc_lock(krb5_context context, krb5_ccache ccache);
-
-/**
- * Unlock a credential cache.
- *
- * @param [in] context Library context
- * @param [in] ccache Credential cache handle
- *
- * This function unlocks the @a ccache locked by krb5_cc_lock().
- *
- * @retval 0 Success; otherwise - Kerberos error codes
- */
-krb5_error_code KRB5_CALLCONV
-krb5_cc_unlock(krb5_context context, krb5_ccache ccache);
-
/**
* Prepare to iterate over the collection of known credential caches.
*
krb5_error_code KRB5_CALLCONV
krb5_cccol_have_content(krb5_context context);
-/**
- * Return a timestamp of the last modification of any known credential cache.
- *
- * @param [in] context Library context
- * @param [out] change_time Last modification timestamp
- *
- * This function returns the most recent modification time of any known
- * credential cache, ignoring any caches which cannot supply a last
- * modification time.
- *
- * If there are no known credential caches, @a change_time is set to 0.
- *
- * @retval 0 Success; otherwise - Kerberos error codes
- */
-krb5_error_code KRB5_CALLCONV
-krb5_cccol_last_change_time(krb5_context context, krb5_timestamp *change_time);
-
-/**
- * Acquire a global lock for credential caches.
- *
- * @param [in] context Library context
- *
- * This function locks the global credential cache collection, ensuring
- * that no ccaches are added to or removed from it until the collection
- * lock is released.
- *
- * Use krb5_cccol_unlock() to unlock the lock.
- *
- * @retval 0 Success; otherwise - Kerberos error codes
- */
-
-krb5_error_code KRB5_CALLCONV
-krb5_cccol_lock(krb5_context context);
-
-/**
- * Release a global lock for credential caches.
- *
- * @param [in] context Library context
- *
- * This function unlocks the lock from krb5_cccol_lock().
- *
- * @retval 0 Success; otherwise - Kerberos error codes
- */
-krb5_error_code KRB5_CALLCONV
-krb5_cccol_unlock(krb5_context context);
-
/**
* Create a new credential cache of the specified type with a unique name.
*
(krb5_context context);
#endif
+krb5_error_code
+k5_cc_lock(krb5_context context, krb5_ccache ccache);
+
+krb5_error_code
+k5_cc_unlock(krb5_context context, krb5_ccache ccache);
+
+krb5_error_code
+k5_cccol_lock(krb5_context context);
+
+krb5_error_code
+k5_cccol_unlock(krb5_context context);
+
void
k5_cc_mutex_force_unlock(k5_cc_mutex *m);
krb5_cc_ptcursor *);
krb5_error_code (KRB5_CALLCONV *move)(krb5_context, krb5_ccache,
krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *lastchange)(krb5_context,
- krb5_ccache, krb5_timestamp *);
krb5_error_code (KRB5_CALLCONV *wasdefault)(krb5_context, krb5_ccache,
krb5_timestamp *);
krb5_error_code (KRB5_CALLCONV *lock)(krb5_context, krb5_ccache);
return 0;
}
-static krb5_error_code KRB5_CALLCONV
-dcc_lastchange(krb5_context context, krb5_ccache cache,
- krb5_timestamp *time_out)
-{
- dcc_data *data = cache->data;
-
- return krb5_fcc_ops.lastchange(context, data->fcc, time_out);
-}
-
static krb5_error_code KRB5_CALLCONV
dcc_lock(krb5_context context, krb5_ccache cache)
{
dcc_ptcursor_next,
dcc_ptcursor_free,
NULL, /* move */
- dcc_lastchange,
NULL, /* wasdefault */
dcc_lock,
dcc_unlock,
return 0;
}
-/* Get the cache file's last modification time. */
-static krb5_error_code KRB5_CALLCONV
-fcc_last_change_time(krb5_context context, krb5_ccache id,
- krb5_timestamp *change_time)
-{
- krb5_error_code ret = 0;
- fcc_data *data = id->data;
- struct stat buf;
-
- *change_time = 0;
-
- k5_cc_mutex_lock(context, &data->lock);
-
- if (stat(data->filename, &buf) == -1)
- ret = interpret_errno(context, errno);
- else
- *change_time = (krb5_timestamp)buf.st_mtime;
-
- k5_cc_mutex_unlock(context, &data->lock);
-
- return set_errmsg_filename(context, ret, data->filename);
-}
-
/* Lock the cache handle against other threads. (This does not lock the cache
* file against other processes.) */
static krb5_error_code KRB5_CALLCONV
fcc_ptcursor_next,
fcc_ptcursor_free,
NULL, /* move */
- fcc_last_change_time,
NULL, /* wasdefault */
fcc_lock,
fcc_unlock,
fcc_ptcursor_next,
fcc_ptcursor_free,
NULL, /* move */
- fcc_last_change_time,
NULL, /* wasdefault */
fcc_lock,
fcc_unlock,
struct kcm_cache_data {
char *residual; /* immutable; may be accessed without lock */
- k5_cc_mutex lock; /* protects io and changetime */
+ k5_cc_mutex lock; /* protects io */
struct kcmio *io;
- krb5_timestamp changetime;
};
struct kcm_ptcursor {
data->residual = residual_copy;
data->io = io;
- data->changetime = 0;
cache->ops = &krb5_kcm_ops;
cache->data = data;
cache->magic = KV5M_CCACHE;
return ENOMEM;
}
-/* Lock cache's I/O structure and use it to call the KCM daemon. If modify is
- * true, update the last change time. */
+/* Lock cache's I/O structure and use it to call the KCM daemon. */
static krb5_error_code
-cache_call(krb5_context context, krb5_ccache cache, struct kcmreq *req,
- krb5_boolean modify)
+cache_call(krb5_context context, krb5_ccache cache, struct kcmreq *req)
{
krb5_error_code ret;
struct kcm_cache_data *data = cache->data;
k5_cc_mutex_lock(context, &data->lock);
ret = kcmio_call(context, data->io, req);
- if (modify && !ret)
- data->changetime = time(NULL);
k5_cc_mutex_unlock(context, &data->lock);
return ret;
}
int32_t time_offset;
kcmreq_init(&req, KCM_OP_GET_KDC_OFFSET, cache);
- if (cache_call(context, cache, &req, FALSE) != 0)
+ if (cache_call(context, cache, &req) != 0)
goto cleanup;
time_offset = k5_input_get_uint32_be(&req.reply);
if (!req.reply.status)
if (context->os_context.os_flags & KRB5_OS_TOFFSET_VALID) {
kcmreq_init(&req, KCM_OP_SET_KDC_OFFSET, cache);
kcmreq_put32(&req, context->os_context.time_offset);
- (void)cache_call(context, cache, &req, TRUE);
+ (void)cache_call(context, cache, &req);
kcmreq_free(&req);
}
}
kcmreq_init(&req, KCM_OP_INITIALIZE, cache);
k5_marshal_princ(&req.reqbuf, 4, princ);
- ret = cache_call(context, cache, &req, TRUE);
+ ret = cache_call(context, cache, &req);
kcmreq_free(&req);
set_kdc_offset(context, cache);
return ret;
struct kcmreq req;
kcmreq_init(&req, KCM_OP_DESTROY, cache);
- ret = cache_call(context, cache, &req, TRUE);
+ ret = cache_call(context, cache, &req);
kcmreq_free(&req);
(void)kcm_close(context, cache);
return ret;
kcmreq_init(&req, KCM_OP_STORE, cache);
k5_marshal_cred(&req.reqbuf, 4, cred);
- ret = cache_call(context, cache, &req, TRUE);
+ ret = cache_call(context, cache, &req);
kcmreq_free(&req);
return ret;
}
struct kcm_cache_data *data = cache->data;
kcmreq_init(&req, KCM_OP_GET_PRINCIPAL, cache);
- ret = cache_call(context, cache, &req, FALSE);
+ ret = cache_call(context, cache, &req);
/* Heimdal KCM can respond with code 0 and no principal. */
if (!ret && req.reply.len == 0)
ret = KRB5_FCC_NOFILE;
get_kdc_offset(context, cache);
kcmreq_init(&req, KCM_OP_GET_CRED_UUID_LIST, cache);
- ret = cache_call(context, cache, &req, FALSE);
+ ret = cache_call(context, cache, &req);
if (ret)
goto cleanup;
ret = kcmreq_get_uuid_list(&req, &uuids);
k5_buf_add_len(&req.reqbuf, uuids->uuidbytes + (uuids->pos * KCM_UUID_LEN),
KCM_UUID_LEN);
uuids->pos++;
- ret = cache_call(context, cache, &req, FALSE);
+ ret = cache_call(context, cache, &req);
if (!ret)
ret = k5_unmarshal_cred(req.reply.ptr, req.reply.len, 4, cred_out);
kcmreq_free(&req);
kcmreq_init(&req, KCM_OP_REMOVE_CRED, cache);
kcmreq_put32(&req, flags);
k5_marshal_mcred(&req.reqbuf, mcred);
- ret = cache_call(context, cache, &req, TRUE);
+ ret = cache_call(context, cache, &req);
kcmreq_free(&req);
return ret;
}
return 0;
}
-static krb5_error_code KRB5_CALLCONV
-kcm_lastchange(krb5_context context, krb5_ccache cache,
- krb5_timestamp *time_out)
-{
- struct kcm_cache_data *data = cache->data;
-
- /*
- * KCM has no support for retrieving the last change time. Return the time
- * of the last change made through this handle, which isn't very useful,
- * but is the best we can do for now.
- */
- k5_cc_mutex_lock(context, &data->lock);
- *time_out = data->changetime;
- k5_cc_mutex_unlock(context, &data->lock);
- return 0;
-}
-
static krb5_error_code KRB5_CALLCONV
kcm_lock(krb5_context context, krb5_ccache cache)
{
struct kcmreq req;
kcmreq_init(&req, KCM_OP_SET_DEFAULT_CACHE, cache);
- ret = cache_call(context, cache, &req, FALSE);
+ ret = cache_call(context, cache, &req);
kcmreq_free(&req);
return ret;
}
kcm_ptcursor_next,
kcm_ptcursor_free,
NULL, /* move */
- kcm_lastchange,
NULL, /* wasdefault */
kcm_lock,
kcm_unlock,
key_serial_t collection_id; /* collection containing this cache keyring */
key_serial_t cache_id; /* keyring representing ccache */
key_serial_t princ_id; /* key holding principal info */
- krb5_timestamp changetime;
krb5_boolean is_legacy_type;
} krcc_data;
int32_t *time_offset,
int32_t *usec_offset);
-static void krcc_update_change_time(krcc_data *d);
-
/* Note the following is a stub function for Linux */
extern krb5_error_code krb5_change_cache(void);
return errno;
}
data->princ_id = 0;
- krcc_update_change_time(data);
return 0;
}
data->princ_id = 0;
data->cache_id = cache_id;
data->collection_id = collection_id;
- data->changetime = 0;
data->is_legacy_type = (strcmp(anchor_name, KRCC_LEGACY_ANCHOR) == 0);
- krcc_update_change_time(data);
*data_out = data;
return 0;
if (ret)
goto errout;
- krcc_update_change_time(data);
-
/* Set appropriate timeouts on cache keys. */
ret = krb5_timeofday(context, &now);
if (ret)
return ret;
}
-/* Get the cache's last modification time. (This is currently broken; it
- * returns only the last change made using this handle.) */
-static krb5_error_code KRB5_CALLCONV
-krcc_last_change_time(krb5_context context, krb5_ccache id,
- krb5_timestamp *change_time)
-{
- krcc_data *data = id->data;
-
- k5_cc_mutex_lock(context, &data->lock);
- *change_time = data->changetime;
- k5_cc_mutex_unlock(context, &data->lock);
- return 0;
-}
-
/* Lock the cache handle against other threads. (This does not lock the cache
* keyring against other processes.) */
static krb5_error_code KRB5_CALLCONV
} else {
data->princ_id = newkey;
ret = 0;
- krcc_update_change_time(data);
}
k5_buf_free(&buf);
data->cache_id);
if (newkey == -1)
return errno;
- krcc_update_change_time(data);
return 0;
}
return ret;
}
-/*
- * Utility routine: called by krcc_* functions to keep
- * result of krcc_last_change_time up to date.
- * Value monotonically increases -- based on but not guaranteed to be actual
- * system time.
- */
-
-static void
-krcc_update_change_time(krcc_data *data)
-{
- krb5_timestamp now_time = time(NULL);
- data->changetime = ts_after(now_time, data->changetime) ?
- now_time : ts_incr(data->changetime, 1);
-}
-
/*
* ccache implementation storing credentials in the Linux keyring facility
* The default is to put them at the session keyring level.
krcc_ptcursor_next,
krcc_ptcursor_free,
NULL, /* move */
- krcc_last_change_time, /* lastchange */
NULL, /* wasdefault */
krcc_lock,
krcc_unlock,
NULL,
NULL,
NULL,
- NULL,
};
#endif /* USE_KEYRING_CCACHE */
static krb5_error_code KRB5_CALLCONV krb5_mcc_ptcursor_free
(krb5_context, krb5_cc_ptcursor *);
-static krb5_error_code KRB5_CALLCONV krb5_mcc_last_change_time
-(krb5_context, krb5_ccache, krb5_timestamp *);
-
static krb5_error_code KRB5_CALLCONV krb5_mcc_lock
(krb5_context context, krb5_ccache id);
k5_cc_mutex lock;
krb5_principal prin;
krb5_mcc_link *link;
- krb5_timestamp changetime;
/* Time offsets for clock-skewed clients. */
krb5_int32 time_offset;
krb5_int32 usec_offset;
k5_cc_mutex krb5int_mcc_mutex = K5_CC_MUTEX_PARTIAL_INITIALIZER;
static struct k5_hashtab *mcc_hashtab = NULL;
-static void update_mcc_change_time(krb5_mcc_data *);
-
/* Ensure that mcc_hashtab is initialized. Call with krb5int_mcc_mutex
* locked. */
static krb5_error_code
empty_mcc_cache(context, d);
ret = krb5_copy_principal(context, princ, &d->prin);
- update_mcc_change_time(d);
if (os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
/* Store client time offsets in the cache */
}
d->link = NULL;
d->prin = NULL;
- d->changetime = 0;
d->time_offset = 0;
d->usec_offset = 0;
d->refcount = 2;
d->generation = 0;
- update_mcc_change_time(d);
if (k5_hashtab_add(mcc_hashtab, d->name, strlen(d->name), d) != 0) {
free(d->name);
k5_cc_mutex_lock(ctx, &mptr->lock);
new_node->next = mptr->link;
mptr->link = new_node;
- update_mcc_change_time(mptr);
k5_cc_mutex_unlock(ctx, &mptr->lock);
return 0;
cleanup:
return 0;
}
-static krb5_error_code KRB5_CALLCONV
-krb5_mcc_last_change_time(
- krb5_context context,
- krb5_ccache id,
- krb5_timestamp *change_time)
-{
- krb5_mcc_data *data = (krb5_mcc_data *) id->data;
-
- k5_cc_mutex_lock(context, &data->lock);
- *change_time = data->changetime;
- k5_cc_mutex_unlock(context, &data->lock);
- return 0;
-}
-
-/*
- Utility routine: called by krb5_mcc_* functions to keep
- result of krb5_mcc_last_change_time up to date
-*/
-
-static void
-update_mcc_change_time(krb5_mcc_data *d)
-{
- krb5_timestamp now_time = time(NULL);
- d->changetime = ts_after(now_time, d->changetime) ?
- now_time : ts_incr(d->changetime, 1);
-}
-
static krb5_error_code KRB5_CALLCONV
krb5_mcc_lock(krb5_context context, krb5_ccache id)
{
krb5_mcc_ptcursor_next,
krb5_mcc_ptcursor_free,
NULL, /* move */
- krb5_mcc_last_change_time,
NULL, /* wasdefault */
krb5_mcc_lock,
krb5_mcc_unlock,
krb5_lcc_ptcursor_next,
krb5_lcc_ptcursor_free,
NULL, /* move */
- NULL, /* lastchange */
NULL, /* wasdefault */
NULL, /* lock */
NULL, /* unlock */
krb5_stdccv3_ptcursor_next,
krb5_stdccv3_ptcursor_free,
NULL, /* move */
- krb5_stdccv3_last_change_time, /* lastchange */
NULL, /* wasdefault */
krb5_stdccv3_lock,
krb5_stdccv3_unlock,
NULL,
NULL,
NULL,
- NULL,
#endif
};
return 0;
}
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time
-(krb5_context context, krb5_ccache id,
- krb5_timestamp *change_time)
-{
- krb5_error_code err = 0;
- stdccCacheDataPtr ccapi_data = id->data;
- cc_time_t ccapi_change_time = 0;
-
- *change_time = 0;
-
- if (!err) {
- err = stdccv3_setup(context, ccapi_data);
- }
- if (!err) {
- err = cc_ccache_get_change_time (ccapi_data->NamedCache, &ccapi_change_time);
- }
- if (!err) {
- *change_time = ccapi_change_time;
- }
-
- return cc_err_xlate (err);
-}
-
krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
(krb5_context context, krb5_ccache id)
{
krb5_error_code KRB5_CALLCONV krb5_stdccv3_ptcursor_free
(krb5_context context, krb5_cc_ptcursor *cursor);
-krb5_error_code KRB5_CALLCONV krb5_stdccv3_last_change_time
-(krb5_context context, krb5_ccache id,
- krb5_timestamp *change_time);
-
krb5_error_code KRB5_CALLCONV krb5_stdccv3_lock
(krb5_context, krb5_ccache id);
krb5_principal princ = NULL;
TRACE_CC_MOVE(context, src, dst);
- ret = krb5_cccol_lock(context);
+ ret = k5_cccol_lock(context);
if (ret) {
return ret;
}
- ret = krb5_cc_lock(context, src);
+ ret = k5_cc_lock(context, src);
if (ret) {
- krb5_cccol_unlock(context);
+ k5_cccol_unlock(context);
return ret;
}
ret = krb5_cc_initialize(context, dst, princ);
}
if (ret) {
- krb5_cc_unlock(context, src);
- krb5_cccol_unlock(context);
+ k5_cc_unlock(context, src);
+ k5_cccol_unlock(context);
return ret;
}
- ret = krb5_cc_lock(context, dst);
+ ret = k5_cc_lock(context, dst);
if (!ret) {
ret = krb5_cc_copy_creds(context, src, dst);
- krb5_cc_unlock(context, dst);
+ k5_cc_unlock(context, dst);
}
- krb5_cc_unlock(context, src);
+ k5_cc_unlock(context, src);
if (!ret) {
ret = krb5_cc_destroy(context, src);
}
- krb5_cccol_unlock(context);
+ k5_cccol_unlock(context);
if (princ) {
krb5_free_principal(context, princ);
princ = NULL;
* holds on to all pertype global locks as well as typelist lock
*/
-krb5_error_code KRB5_CALLCONV
-krb5_cccol_lock(krb5_context context)
+krb5_error_code
+k5_cccol_lock(krb5_context context)
{
krb5_error_code ret = 0;
return ret;
}
-krb5_error_code KRB5_CALLCONV
-krb5_cccol_unlock(krb5_context context)
+krb5_error_code
+k5_cccol_unlock(krb5_context context)
{
krb5_error_code ret = 0;
return 0;
}
-krb5_error_code KRB5_CALLCONV
-krb5_cccol_last_change_time(krb5_context context,
- krb5_timestamp *change_time)
-{
- krb5_error_code ret = 0;
- krb5_cccol_cursor c = NULL;
- krb5_ccache ccache = NULL;
- krb5_timestamp last_time = 0;
- krb5_timestamp max_change_time = 0;
-
- *change_time = 0;
-
- ret = krb5_cccol_cursor_new(context, &c);
-
- while (!ret) {
- ret = krb5_cccol_cursor_next(context, c, &ccache);
- if (ccache) {
- ret = krb5_cc_last_change_time(context, ccache, &last_time);
- if (!ret && ts_after(last_time, max_change_time)) {
- max_change_time = last_time;
- }
- ret = 0;
- }
- else {
- break;
- }
- }
- *change_time = max_change_time;
- return ret;
-}
-
-/*
- * krb5_cccol_lock and krb5_cccol_unlock are defined in ccbase.c
- */
-
krb5_error_code KRB5_CALLCONV
krb5_cc_cache_match(krb5_context context, krb5_principal client,
krb5_ccache *cache_out)
return cache->ops->prefix;
}
-krb5_error_code KRB5_CALLCONV
-krb5_cc_last_change_time(krb5_context context, krb5_ccache ccache,
- krb5_timestamp *change_time)
-{
- return ccache->ops->lastchange(context, ccache, change_time);
-}
-
-krb5_error_code KRB5_CALLCONV
-krb5_cc_lock(krb5_context context, krb5_ccache ccache)
+krb5_error_code
+k5_cc_lock(krb5_context context, krb5_ccache ccache)
{
return ccache->ops->lock(context, ccache);
}
-krb5_error_code KRB5_CALLCONV
-krb5_cc_unlock(krb5_context context, krb5_ccache ccache)
+krb5_error_code
+k5_cc_unlock(krb5_context context, krb5_ccache ccache)
{
return ccache->ops->unlock(context, ccache);
}
projects / thirdparty / krb5.git / commitdiff
