Krb5Credentials Krb5CCache::retrieveCred(krb5_principal sprinc) { Krb5Principal cprinc = getClientPrincipal(); krb5_creds in_creds; memset(&in_creds, 0, sizeof(in_creds)); in_creds.client = cprinc.get(); in_creds.server = sprinc; return retrieveCred(in_creds, 0 /* flags */); }
void Krb5CredentialsCacheManager::writeOutCache(size_t limit) { auto cc_mem = getCache(); if (cc_mem == nullptr) { throw std::runtime_error("Trying to persist an empty cache"); } // Get a default file cache and empty it out Krb5CCache file_cache = Krb5CCache::makeDefault(ctx_.get()); Krb5Principal client = cc_mem->getClientPrincipal(); krb5_error_code code = krb5_cc_initialize( ctx_.get(), file_cache.get(), client.get()); raiseIf(code, "Failed initializing file credentials cache"); // Put 'limit' number of most frequently used credentials into the // top_services set. vector<pair<string, uint64_t>> count_vector; ReadLock readLock(&serviceCountLock_); for (auto& element : serviceCountMap_) { count_vector.push_back(pair<string, uint64_t>( element.first, element.second->getCount())); } readLock.reset(); sort(count_vector.begin(), count_vector.end(), serviceCountCompare); std::set<string> top_services; int count = 0; for (auto& element : count_vector) { if (count >= limit) { break; } top_services.insert(element.first); count++; } // Iterate through the cc for (auto it = cc_mem->begin(true); it != cc_mem->end(); ++it) { krb5_principal borrowed_server = it->server; Krb5Principal server(ctx_.get(), std::move(borrowed_server)); const string princ_string = folly::to<string>(server); SCOPE_EXIT { server.release(); }; // give back borrowed_server // Always persist config and tgt principals. And only persist // top 'limit' services. if (!it.isConfigEntry() && !server.isTgt() && top_services.count(princ_string) == 0) { continue; } // Store the cred into a file code = krb5_cc_store_cred(ctx_.get(), file_cache.get(), &(*it)); // Erase from top_services struct so we don't persist the same // principal more than once. top_services.erase(princ_string); raiseIf(code, "Failed storing a credential into a file"); } }
Krb5Credentials Krb5CCache::getCredentials( krb5_principal sprinc, krb5_flags options) { Krb5Principal cprinc = getClientPrincipal(); krb5_creds in_creds; memset(&in_creds, 0, sizeof(in_creds)); in_creds.client = cprinc.get(); in_creds.server = sprinc; return getCredentials(in_creds, options); }
std::pair<uint64_t, uint64_t> Krb5CCache::getLifetime( krb5_principal principal) const { const std::string client_realm = getClientPrincipal().getRealm(); std::string princ_realm; krb5_context ctx = context_.get(); if (principal) { Krb5Principal princ(ctx, std::move(principal)); princ_realm = princ.getRealm(); princ.release(); } else { princ_realm = client_realm; } for (auto& creds : *this) { Krb5Principal server(ctx, std::move(creds.server)); if (server.isTgt() && server.getComponent(1) == princ_realm && server.getRealm() == client_realm) { return std::make_pair(creds.times.starttime, creds.times.endtime); } } return std::make_pair(0, 0); }