/*
- * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * Copyright (c) 1997 - 2008 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "krb5_locl.h"
* @param override flag to select if the registration is to overide
* an existing ops with the same name.
*
- * @return Return an error code or 0.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_register(krb5_context context,
- const krb5_cc_ops *ops,
+krb5_cc_register(krb5_context context,
+ const krb5_cc_ops *ops,
krb5_boolean override)
{
int i;
for(i = 0; i < context->num_cc_ops && context->cc_ops[i].prefix; i++) {
if(strcmp(context->cc_ops[i].prefix, ops->prefix) == 0) {
if(!override) {
- krb5_set_error_message(context,
+ krb5_set_error_message(context,
KRB5_CC_TYPE_EXISTS,
- "ccache type %s already exists",
+ N_("cache type %s already exists", "type"),
ops->prefix);
return KRB5_CC_TYPE_EXISTS;
}
(context->num_cc_ops + 1) *
sizeof(*context->cc_ops));
if(o == NULL) {
- krb5_set_error_message(context, KRB5_CC_NOMEM,
- "malloc: out of memory");
+ krb5_set_error_message(context, KRB5_CC_NOMEM,
+ N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
context->num_cc_ops++;
context->cc_ops = o;
- memset(context->cc_ops + i, 0,
+ memset(context->cc_ops + i, 0,
(context->num_cc_ops - i) * sizeof(*context->cc_ops));
}
memcpy(&context->cc_ops[i], ops, sizeof(context->cc_ops[i]));
*/
krb5_error_code
-_krb5_cc_allocate(krb5_context context,
+_krb5_cc_allocate(krb5_context context,
const krb5_cc_ops *ops,
krb5_ccache *id)
{
p = malloc (sizeof(*p));
if(p == NULL) {
- krb5_set_error_message(context, KRB5_CC_NOMEM, "malloc: out of memory");
+ krb5_set_error_message(context, KRB5_CC_NOMEM,
+ N_("malloc: out of memory", ""));
return KRB5_CC_NOMEM;
}
p->ops = ops;
* @param id return pointer to a found credential cache.
*
* @return Return 0 or an error code. In case of an error, id is set
- * to NULL.
+ * to NULL, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
return allocate_ccache (context, &krb5_fcc_ops, name, id);
else {
krb5_set_error_message(context, KRB5_CC_UNKNOWN_TYPE,
- "unknown ccache type %s", name);
+ N_("unknown ccache type %s", "name"), name);
return KRB5_CC_UNKNOWN_TYPE;
}
}
/**
* Generate a new ccache of type `ops' in `id'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
* type can use to base the name of the credential on, this is to make
* it easier for the user to differentiate the credentials.
*
- * @return Returns 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_new_unique(krb5_context context, const char *type,
+krb5_cc_new_unique(krb5_context context, const char *type,
const char *hint, krb5_ccache *id)
{
const krb5_cc_ops *ops;
}
/**
- * Return the complete resolvable name the ccache `id' in `str´.
+ * Return the complete resolvable name the ccache `id' in `str´.
* `str` should be freed with free(3).
* Returns 0 or an error (and then *str is set to NULL).
*
"cache of type %s have no name", type);
return KRB5_CC_BADNAME;
}
-
+
if (asprintf(str, "%s:%s", type, name) == -1) {
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
*str = NULL;
return ENOMEM;
}
else {
free(*res);
*res = NULL;
- krb5_set_error_message(context,
+ krb5_set_error_message(context,
KRB5_CONFIG_BADFORMAT,
"expand default cache unknown "
"variable \"%.*s\"",
if (append == NULL) {
free(*res);
*res = NULL;
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ krb5_set_error_message(context, ENOMEM,
+ N_("malloc: out of memory", ""));
return ENOMEM;
}
free(append);
free(*res);
*res = NULL;
- krb5_set_error_message(context, ENOMEM,
- "malloc: out of memory");
+ krb5_set_error_message(context, ENOMEM,
+ N_("malloc: out of memory", ""));
return ENOMEM;
}
*res = tmp;
memcpy(*res + len, append, tlen + 1);
len = len + tlen;
free(append);
- }
+ }
return 0;
}
* Switch the default default credential cache for a specific
* credcache type (and name for some implementations).
*
- * @return Returns 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
}
if (p == NULL) {
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
/**
* Open the default ccache in `id'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
const char *p = krb5_cc_default_name(context);
if (p == NULL) {
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
return krb5_cc_resolve(context, p, id);
/**
* Create a new ccache in `id' for `primary_principal'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
/**
* Remove the ccache `id'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
/**
* Stop using the ccache `id' and free the related resources.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
/**
* Store `creds' in the ccache `id'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
* from `id' in `creds'. 'creds' must be free by the caller using
* krb5_free_cred_contents.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
/**
* Return the principal of `id' in `principal'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
* Start iterating over `id', `cursor' is initialized to the
* beginning.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
* Retrieve the next cred pointed to by (`id', `cursor') in `creds'
* and advance `cursor'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
{
return (*id->ops->set_flags)(context, id, flags);
}
-
+
+/**
+ * Get the flags of `id', store them in `flags'.
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_get_flags(krb5_context context,
+ krb5_ccache id,
+ krb5_flags *flags)
+{
+ *flags = 0;
+ return 0;
+}
+
/**
* Copy the contents of `from' to `to'.
*
return ret;
}
+
/**
* Just like krb5_cc_copy_cache_match, but copy everything.
*
- * @ingroup krb5_ccache
+ * @ingroup @krb5_ccache
*/
-
krb5_error_code KRB5_LIB_FUNCTION
krb5_cc_copy_cache(krb5_context context,
const krb5_ccache from,
return krb5_cc_copy_cache_match(context, from, to, 0, NULL, NULL);
}
+/**
+ * MIT compat glue
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_copy_creds(krb5_context context,
+ const krb5_ccache from,
+ krb5_ccache to)
+{
+ return krb5_cc_copy_cache(context, from, to);
+}
+
/**
* Return the version of `id'.
*
* prefix, the function will only use part up to the first colon (:)
* if there is one. If prefix the argument is NULL, the default ccache
* implemtation is returned.
-
+ *
* @return Returns NULL if ops not found.
*
* @ingroup krb5_ccache
{
char *p, *p1;
int i;
-
+
if (prefix == NULL)
return KRB5_DEFAULT_CCTYPE;
if (prefix[0] == '/')
p = strdup(prefix);
if (p == NULL) {
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return NULL;
}
p1 = strchr(p, ':');
};
/**
- * Start iterating over all caches of `type'. If `type' is NULL, the
- * default type is * used. `cursor' is initialized to the beginning.
+ * Start iterating over all caches of specified type. See also
+ * krb5_cccol_cursor_new().
+
+ * @param context A Kerberos 5 context
+ * @param type optional type to iterate over, if NULL, the default cache is used.
+ * @param cursor cursor should be freed with krb5_cc_cache_end_seq_get().
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
if (ops->get_cache_first == NULL) {
krb5_set_error_message(context, KRB5_CC_NOSUPP,
- "Credential cache type %s doesn't support "
- "iterations over caches", ops->prefix);
+ N_("Credential cache type %s doesn't support "
+ "iterations over caches", "type"),
+ ops->prefix);
return KRB5_CC_NOSUPP;
}
*cursor = calloc(1, sizeof(**cursor));
if (*cursor == NULL) {
- krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
return ENOMEM;
}
* Retrieve the next cache pointed to by (`cursor') in `id'
* and advance `cursor'.
*
- * @return Return 0 or an error code.
+ * @return Return 0 or an error code. Returns KRB5_CC_END when the end
+ * of caches is reached, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
/**
* Destroy the cursor `cursor'.
*
- * @return Return 0 or an error code.
+ * @return Return an error code or 0, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
/**
* Search for a matching credential cache of type `type' that have the
- * `principal' as the default principal. If NULL is used for `type',
- * the default type is used. On success, `id' needs to be freed with
- * krb5_cc_close or krb5_cc_destroy.
+ * `principal' as the default principal. On success, `id' needs to be
+ * freed with krb5_cc_close() or krb5_cc_destroy().
*
* @return On failure, error code is returned and `id' is set to NULL.
*
krb5_error_code KRB5_LIB_FUNCTION
krb5_cc_cache_match (krb5_context context,
krb5_principal client,
- const char *type,
krb5_ccache *id)
{
- krb5_cc_cache_cursor cursor;
+ krb5_cccol_cursor cursor;
krb5_error_code ret;
krb5_ccache cache = NULL;
*id = NULL;
- ret = krb5_cc_cache_get_first (context, type, &cursor);
+ ret = krb5_cccol_cursor_new (context, &cursor);
if (ret)
return ret;
- while ((ret = krb5_cc_cache_next (context, cursor, &cache)) == 0) {
+ while ((ret = krb5_cccol_cursor_next (context, cursor, &cache)) == 0) {
krb5_principal principal;
ret = krb5_cc_get_principal(context, cache, &principal);
if (ret == 0) {
krb5_boolean match;
-
+
match = krb5_principal_compare(context, principal, client);
krb5_free_principal(context, principal);
if (match)
cache = NULL;
}
- krb5_cc_cache_end_seq_get(context, cursor);
+ krb5_cccol_cursor_free(context, &cursor);
if (cache == NULL) {
char *str;
krb5_unparse_name(context, client, &str);
krb5_set_error_message(context, KRB5_CC_NOTFOUND,
- "Principal %s not found in a "
- "credential cache",
+ N_("Principal %s not found in a "
+ "credential cache", ""),
str ? str : "<out of memory>");
if (str)
free(str);
/**
* Move the content from one credential cache to another. The
- * operation is an atomic switch.
+ * operation is an atomic switch.
*
* @param context a Keberos context
* @param from the credential cache to move the content from
* @param to the credential cache to move the content to
* @return On sucess, from is freed. On failure, error code is
- * returned and from and to are both still allocated.
+ * returned and from and to are both still allocated, see krb5_get_error_message().
*
* @ingroup krb5_ccache
*/
if (strcmp(from->ops->prefix, to->ops->prefix) != 0) {
krb5_set_error_message(context, KRB5_CC_NOSUPP,
- "Moving credentials between diffrent "
- "types not yet supported");
+ N_("Moving credentials between diffrent "
+ "types not yet supported", ""));
return KRB5_CC_NOSUPP;
}
return ret;
}
-#define KRB5_CONF_NAME "@krb5_ccache_conf_data"
+#define KRB5_CONF_NAME "krb5_ccache_conf_data"
+#define KRB5_REALM_NAME "X-CACHECONF:"
static krb5_error_code
build_conf_principals(krb5_context context, krb5_ccache id,
ret = krb5_cc_get_principal(context, id, &client);
if (ret)
return ret;
-
+
if (principal) {
ret = krb5_unparse_name(context, principal, &pname);
if (ret)
krb5_free_principal(context, client);
return ret;
}
-
+
+/**
+ * Return TRUE (non zero) if the principal is a configuration
+ * principal (generated part of krb5_cc_set_config()). Returns FALSE
+ * (zero) if not a configuration principal.
+ *
+ * @param context a Keberos context
+ * @param principal principal to check if it a configuration principal
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_boolean KRB5_LIB_FUNCTION
+krb5_is_config_principal(krb5_context context,
+ krb5_const_principal principal)
+{
+ if (strcmp(principal->realm, KRB5_REALM_NAME) != 0)
+ return FALSE;
+
+ if (principal->name.name_string.len == 0 ||
+ strcmp(principal->name.name_string.val[0], KRB5_CONF_NAME) != 0)
+ return FALSE;
+
+ return TRUE;
+}
+
/**
* Store some configuration for the credential cache in the cache.
* Existing configuration under the same name is over-written.
* NULL, global for the whole cache.
* @param name name under which the configuraion is stored.
* @param data data to store
+ *
+ * @ingroup krb5_ccache
*/
krb5_error_code KRB5_LIB_FUNCTION
-krb5_cc_set_config(krb5_context context, krb5_ccache id,
+krb5_cc_set_config(krb5_context context, krb5_ccache id,
krb5_const_principal principal,
const char *name, krb5_data *data)
{
/* Remove old configuration */
ret = krb5_cc_remove_cred(context, id, 0, &cred);
- if (ret)
- goto out;
+ if (ret && ret != KRB5_CC_NOTFOUND)
+ goto out;
/* not that anyone care when this expire */
cred.times.authtime = time(NULL);
- cred.times.endtime = cred.times.authtime + 3600 * 24 * 30;
+ cred.times.endtime = cred.times.authtime + 3600 * 24 * 30;
ret = krb5_data_copy(&cred.ticket, data->data, data->length);
if (ret)
* NULL, global for the whole cache.
* @param name name under which the configuraion is stored.
* @param data data to fetched, free with krb5_data_free()
+ *
+ * @ingroup krb5_ccache
*/
return ret;
}
+/*
+ *
+ */
+
+struct krb5_cccol_cursor {
+ int idx;
+ krb5_cc_cache_cursor cursor;
+};
+
+/**
+ * Get a new cache interation cursor that will interate over all
+ * credentials caches independent of type.
+ *
+ * @param context a Keberos context
+ * @param cursor passed into krb5_cccol_cursor_next() and free with krb5_cccol_cursor_free().
+ *
+ * @return Returns 0 or and error code, see krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)
+{
+ *cursor = calloc(1, sizeof(**cursor));
+ if (*cursor == NULL) {
+ krb5_set_error_message(context, ENOMEM, N_("malloc: out of memory", ""));
+ return ENOMEM;
+ }
+ (*cursor)->idx = 0;
+ (*cursor)->cursor = NULL;
+
+ return 0;
+}
+
+/**
+ * Get next credential cache from the iteration.
+ *
+ * @param context A Kerberos 5 context
+ * @param cursor the iteration cursor
+ * @param cache the returned cursor, pointer is set to NULL on failure
+ * and a cache on success. The returned cache needs to be freed
+ * with krb5_cc_close() or destroyed with krb5_cc_destroy().
+ *
+ * @return Return 0 or and error, KRB5_CC_END is returned at the end
+ * of iteration. See krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor,
+ krb5_ccache *cache)
+{
+ krb5_error_code ret;
+
+ *cache = NULL;
+
+ while (cursor->idx < context->num_cc_ops) {
+
+ if (cursor->cursor == NULL) {
+ ret = krb5_cc_cache_get_first (context,
+ context->cc_ops[cursor->idx].prefix,
+ &cursor->cursor);
+ if (ret) {
+ cursor->idx++;
+ continue;
+ }
+ }
+ ret = krb5_cc_cache_next(context, cursor->cursor, cache);
+ if (ret == 0)
+ break;
+
+ krb5_cc_cache_end_seq_get(context, cursor->cursor);
+ cursor->cursor = NULL;
+ if (ret != KRB5_CC_END)
+ break;
+
+ cursor->idx++;
+ }
+ if (cursor->idx >= context->num_cc_ops) {
+ krb5_set_error_message(context, KRB5_CC_END,
+ N_("Reached end of credential caches", ""));
+ return KRB5_CC_END;
+ }
+
+ return 0;
+}
+
+/**
+ * End an iteration and free all resources, can be done before end is reached.
+ *
+ * @param context A Kerberos 5 context
+ * @param cursor the iteration cursor to be freed.
+ *
+ * @return Return 0 or and error, KRB5_CC_END is returned at the end
+ * of iteration. See krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)
+{
+ krb5_cccol_cursor c = *cursor;
+
+ *cursor = NULL;
+ if (c) {
+ if (c->cursor)
+ krb5_cc_cache_end_seq_get(context, c->cursor);
+ free(c);
+ }
+ return 0;
+}
+
+/**
+ * Return the last time the credential cache was modified.
+ *
+ * @param context A Kerberos 5 context
+ * @param id The credential cache to probe
+ * @param mtime the last modification time, set to 0 on error.
+
+ * @return Return 0 or and error. See krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cc_last_change_time(krb5_context context,
+ krb5_ccache id,
+ krb5_timestamp *mtime)
+{
+ *mtime = 0;
+ return (*id->ops->lastchange)(context, id, mtime);
+}
+
+/**
+ * Return the last modfication time for a cache collection. The query
+ * can be limited to a specific cache type. If the function return 0
+ * and mtime is 0, there was no credentials in the caches.
+ *
+ * @param context A Kerberos 5 context
+ * @param id The credential cache to probe
+ * @param mtime the last modification time, set to 0 on error.
+
+ * @return Return 0 or and error. See krb5_get_error_message().
+ *
+ * @ingroup krb5_ccache
+ */
+
+krb5_error_code KRB5_LIB_FUNCTION
+krb5_cccol_last_change_time(krb5_context context,
+ const char *type,
+ krb5_timestamp *mtime)
+{
+ krb5_cccol_cursor cursor;
+ krb5_error_code ret;
+ krb5_ccache id;
+ krb5_timestamp t = 0;
+
+ *mtime = 0;
+
+ ret = krb5_cccol_cursor_new (context, &cursor);
+ if (ret)
+ return ret;
+
+ while ((ret = krb5_cccol_cursor_next (context, cursor, &id)) == 0) {
+
+ if (type && strcmp(krb5_cc_get_type(context, id), type) != 0)
+ continue;
+
+ ret = krb5_cc_last_change_time(context, id, &t);
+ krb5_cc_close(context, id);
+ if (ret)
+ continue;
+ if (t > *mtime)
+ *mtime = t;
+ }
+
+ krb5_cccol_cursor_free(context, &cursor);
+
+ return 0;
+}
git.samba.org / samba.git / blobdiff