C++ (Cpp) KLCacheHasValidTickets Examples

Example #1

0

Show file

File: test-kll.c Project: alfintatorkace/osx-10.9-opensource

int
main(int argc, char **argv)
{
    KLLoginOptions options;
    KLPrincipal princ;
    KLStatus ret;
    KLBoolean foundV5;
    KLIdleCallback idlecall;
    KLRefCon refcon;

    if (argc != 2)
	errx(1, "argc != 2");

    printf("test NULL argument\n");
    ret = KLCreatePrincipalFromString(NULL, kerberosVersion_V5, &princ);
    if (ret == 0)
	errx(1, "KLCreatePrincipalFromString: %d", ret);

    printf("create principal\n");
    ret = KLCreatePrincipalFromString(argv[1],
				      kerberosVersion_V5, &princ);
    if (ret)
	errx(1, "KLCreatePrincipalFromString: %d", ret);

    printf("acquire cred\n");

    KLCreateLoginOptions(&options);
    KLLoginOptionsSetRenewableLifetime(options, 3600 * 24 * 7);

    ret = KLAcquireInitialTickets(princ, options, NULL, NULL);
    if (ret)
	errx(1, "KLAcquireTicketsWithPassword: %d", ret);

    KLDisposeLoginOptions(options);

    printf("get valid tickets\n");
    ret = KLCacheHasValidTickets(princ, kerberosVersion_V5, &foundV5, NULL, NULL);
    if (ret)
	errx(1, "KLCacheHasValidTickets failed");
    else if (!foundV5)
	errx(1, "found no valid tickets");

    printf("renew tickets\n");
    ret = KLRenewInitialTickets(princ, NULL, NULL, NULL);
    if (ret)
	errx(1, "KLRenewInitialTickets: %d", ret);
    KLDisposePrincipal(princ);

    printf("test callbacks\n");
    ret = KLGetIdleCallback(&idlecall, &refcon);
    if (ret != klNoErr)
	errx(1, "KLGetIdleCallback: %d", ret);

    ret = KLSetIdleCallback(NULL, refcon);
    if (ret != klNoErr)
	errx(1, "KLSetIdleCallback: %d", ret);


    return 0;
}

Example #2

0

Show file

File: kll.c Project: alfintatorkace/osx-10.9-opensource

KLStatus
KLAcquireInitialTicketsWithPassword(KLPrincipal      inPrincipal,
				    KLLoginOptions   inLoginOptions,
				    const char      *inPassword,
				    char           **outCredCacheName)
{
    KLStatus ret;
    KLBoolean ValidTickets;

    ret = KLCacheHasValidTickets(inPrincipal,
				 kerberosVersion_V5,
				 &ValidTickets,
				 NULL,
				 outCredCacheName);
    if (ret == 0) {
	if (ValidTickets)
	    return klNoErr; /* done */
	/* get credential */
	if (outCredCacheName)
	    free(*outCredCacheName);
    }
    return KLAcquireNewInitialTicketsWithPassword(inPrincipal, 
						  inLoginOptions,
						  inPassword,
						  outCredCacheName);
}

Example #3

0

Show file

File: passwd-kerberos.c Project: BuBuaBu/bang-screensaver

/* Called at startup to grab user, instance, and realm information
   from the user's ticketfile (remember, name.inst@realm). Since we're
   using tf_get_pname(), this should work even if your kerberos username
   isn't the same as your local username. We grab the ticket at startup
   time so that even if your ticketfile dies while the screen's locked
   we'll still have the information to unlock it.

   Problems: the password dialog currently displays local username, so if
     you have some non-standard name/instance when you run xscreensaver,
     you'll need to remember what it was when unlocking, or else you lose.

     Also, we use des_string_to_key(), so if you have an AFS password
     (encrypted with ka_StringToKey()), you'll lose. Get a kerberos password;
     it isn't that hard.

   Like the original lock_init, we return false if something went wrong.
   We don't use the arguments we're given, though.
 */
Bool
kerberos_lock_init (int argc, char **argv, Bool verbose_p)
{
# ifdef HAVE_DARWIN

    KLBoolean found;
    return ((klNoErr == (KLCacheHasValidTickets (NULL, kerberosVersion_Any,
                                                 &found, &princ, NULL)))
            && found);

# else /* !HAVE_DARWIN */

    /* Perhaps we should be doing it the Mac way (above) all the time?
       The following code assumes Unix-style file-based Kerberos credentials
       cache, which Mac OS X doesn't use.  But is there any real reason to
       do it this way at all, even on other Unixen?
     */
    int k_errno;
    
    memset(name, 0, sizeof(name));
    memset(inst, 0, sizeof(inst));
    
    /* find out where the user's keeping his tickets.
       squirrel it away for later use. */
    tk_file = tkt_string();

    /* open ticket file or die trying. */
    if ((k_errno = tf_init(tk_file, R_TKT_FIL))) {
	return False;
    }

    /* same with principal and instance names */
    if ((k_errno = tf_get_pname(name)) ||
	(k_errno = tf_get_pinst(inst))) {
	return False;
    }

    /* close the ticketfile to release the lock on it. */
    tf_close();

    /* figure out what realm we're authenticated to. this ought
       to be the local realm, but it pays to be sure. */
    if ((k_errno = krb_get_tf_realm(tk_file, realm))) {
	return False;
    }

    /* last-minute sanity check on what we got. */
    if ((strlen(name)+strlen(inst)+strlen(realm)+3) >
	(REALM_SZ + ANAME_SZ + INST_SZ + 3)) {
	return False;
    }

    /* success */
    return True;

# endif /* !HAVE_DARWIN */
}

Example #4

0

Show file

File: kll.c Project: alfintatorkace/osx-10.9-opensource

KLStatus
KLAcquireInitialTickets(KLPrincipal      inPrincipal,
			KLLoginOptions   inLoginOptions,
			KLPrincipal     *outPrincipal,
			char           **outCredCacheName)
{
    KLBoolean ValidTickets;
    KLStatus ret;

    LOG_ENTRY();

    ret = KLCacheHasValidTickets(inPrincipal,
				 kerberosVersion_V5,
				 &ValidTickets,
				 outPrincipal,
				 outCredCacheName);
    if (ret || !ValidTickets)
	ret = acquireticket_ui(inPrincipal, inLoginOptions, outPrincipal, outCredCacheName);

    return ret;
}

Example #5

0

Show file

File: test_kll.c Project: FarazShaikh/likewise-open

void TestHighLevelAPI (void)
{
    KLStatus err;
    KLPrincipal	inPrincipal, outPrincipal, outPrincipal2;
    char *outCredCacheName, *outCredCacheName2;
    KLTime	expirationTime;
    char*	principalString;
    char	timeString[256];
    KLBoolean	valid;

    err = KLCreatePrincipalFromTriplet ("grail", "", "TESTV5-KERBEROS-1.3.1", &inPrincipal);
    printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
    if (err == klNoErr) {
        err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "liarg", &outCredCacheName);
        if (err != klNoErr) {
            printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err);
        } else {
            printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName);
            KLDisposeString (outCredCacheName);
        }
        KLDisposePrincipal (inPrincipal);
    }

    err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
    printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
    if (err == klNoErr) {
        err = KLAcquireNewInitialTicketsWithPassword (inPrincipal, NULL, "ydobon", &outCredCacheName);
        if (err != klNoErr) {
            printf ("KLAcquireNewInitialTicketsWithPassword() returned err = %d\n", err);
        } else {
            printf ("KLAcquireNewInitialTicketsWithPassword() returned '%s'\n", outCredCacheName);
            KLDisposeString (outCredCacheName);
        }
        KLDisposePrincipal (inPrincipal);
    }

    err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName);
    printf ("KLAcquireNewInitialTickets() (err = %d)\n", err);
    if (err == klNoErr) {
        KLDisposeString (outCredCacheName);
        err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
        printf ("KLAcquireInitialTickets() (err = %d)\n", err);
        if (err == klNoErr) {
            KLDisposeString (outCredCacheName);
            KLDisposePrincipal (outPrincipal);
        }
        KLDisposePrincipal (inPrincipal);
    }

    err = KLSetDefaultLoginOption (loginOption_LoginName, "testname", 3);
    printf ("KLSetDefaultLoginOption(loginOption_LoginName) to testname (err = %d)\n", err);
    if (err == klNoErr) {
        err = KLSetDefaultLoginOption (loginOption_LoginInstance, "testinstance", 6);
        printf ("KLSetDefaultLoginOption(loginOption_LoginInstance) to testinstance (err = %d)\n", err);
    }

    err = KLAcquireNewInitialTickets (NULL, NULL, &inPrincipal, &outCredCacheName);
    printf ("KLAcquireNewInitialTickets() (err = %d)\n", err);
    if (err == klNoErr) {
        KLDisposeString (outCredCacheName);
        KLDisposePrincipal (inPrincipal);
    }

    // Principal == NULL
    while (KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName) == klNoErr) {
        err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime);
        err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, &outPrincipal2, &outCredCacheName2);
        if (err == klNoErr) {
            err = KLGetStringFromPrincipal (outPrincipal2, kerberosVersion_V4, &principalString);
            if (err == klNoErr) {
                printf ("KLGetStringFromPrincipal returned string '%s'\n", principalString);
                KLDisposeString (principalString);
            }
            KLDisposePrincipal (outPrincipal2);
            KLDisposeString (outCredCacheName2);
            err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, NULL, NULL);
            if (err != klNoErr) {
                printf ("KLCacheHasValidTickets returned error = %d\n", err);
            }
        }
        err = KLCacheHasValidTickets (outPrincipal, kerberosVersion_All, &valid, NULL, NULL);
        KLDisposeString (outCredCacheName);
        KLDisposePrincipal (outPrincipal);
    }

    err = KLAcquireNewInitialTickets (NULL, NULL, &outPrincipal, &outCredCacheName);
    if (err == klNoErr) {
        KLDisposeString (outCredCacheName);
        KLDisposePrincipal (outPrincipal);
    }


    err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
    printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
    if (err == klNoErr) {
        err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
        printf ("KLAcquireNewInitialTickets([email protected]) (err = %d)\n", err);
        if (err == klNoErr) {
            KLDisposeString (outCredCacheName);
            KLDisposePrincipal (outPrincipal);
        }
        err = KLDestroyTickets (inPrincipal);

        KLDisposePrincipal (inPrincipal);
    }

    err = KLCreatePrincipalFromTriplet ("nobody", "", "TEST-KERBEROS-1.3.1", &inPrincipal);
    printf ("KLCreatePrincipalFromTriplet([email protected]) (err = %d)\n", err);
    if (err == klNoErr) {
        err = KLAcquireInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
        printf ("KLAcquireInitialTickets([email protected]) (err = %d)\n", err);
        if (err == klNoErr) {
            KLDisposeString (outCredCacheName);
            KLDisposePrincipal (outPrincipal);
        }

        err = KLAcquireNewInitialTickets (inPrincipal, NULL, &outPrincipal, &outCredCacheName);
        if (err == klNoErr) {
            err = KLGetStringFromPrincipal (outPrincipal, kerberosVersion_V5, &principalString);
            if (err == klNoErr) {
                err = KLTicketExpirationTime (outPrincipal, kerberosVersion_All, &expirationTime);
                printf ("Tickets for principal '%s' expire on %s\n",
                        principalString, TimeToString(timeString, expirationTime));

                KLDisposeString (principalString);
            }
            KLDisposeString (outCredCacheName);
            KLDisposePrincipal (outPrincipal);
        }

        err = KLChangePassword (inPrincipal);
        printf ("KLChangePassword() (err = %d)\n", err);

        err = KLDestroyTickets (inPrincipal);
        printf ("KLDestroyTickets() (err = %d)\n", err);

        KLDisposePrincipal (inPrincipal);
    }

}