From 0adb2d758c23e1c02d5894d2c534b685999d821c Mon Sep 17 00:00:00 2001 From: Derrick Brashear Date: Tue, 12 Oct 2010 09:05:24 -0400 Subject: [PATCH] OSX prefspane use Kerberos Preferences for defaults if we have forwardable tickets, e.g., as a pref, get those. and so on. this way tickets AFS got are not "Weird" Change-Id: I81d70dc72e777503c8d1e588ae6cba6f33c6dc44 Reviewed-on: http://gerrit.openafs.org/2965 Tested-by: BuildBot Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/platform/DARWIN/AFSPreference/Krb5Util.h | 1 + src/platform/DARWIN/AFSPreference/Krb5Util.m | 72 ++++++++++++++++++-- 2 files changed, 69 insertions(+), 4 deletions(-) diff --git a/src/platform/DARWIN/AFSPreference/Krb5Util.h b/src/platform/DARWIN/AFSPreference/Krb5Util.h index deed0564f..1ce4eee1b 100644 --- a/src/platform/DARWIN/AFSPreference/Krb5Util.h +++ b/src/platform/DARWIN/AFSPreference/Krb5Util.h @@ -8,6 +8,7 @@ #import #import +#import @interface Krb5Util : NSObject { diff --git a/src/platform/DARWIN/AFSPreference/Krb5Util.m b/src/platform/DARWIN/AFSPreference/Krb5Util.m index 663a9f005..f88d88220 100644 --- a/src/platform/DARWIN/AFSPreference/Krb5Util.m +++ b/src/platform/DARWIN/AFSPreference/Krb5Util.m @@ -14,13 +14,77 @@ KLStatus kstatus = noErr; char *princName = 0L; KLBoolean outFoundValidTickets = false; + KLLoginOptions inLoginOptions = nil; + @try{ kstatus = KLCacheHasValidTickets(nil, kerberosVersion_All, &outFoundValidTickets, nil, nil); if(!outFoundValidTickets) { - kstatus = KLAcquireNewInitialTickets(nil, nil, &princ, &princName); - if(kstatus != noErr && kstatus != klUserCanceledErr) @throw [NSException exceptionWithName:@"Krb5Util" - reason:@"getNewTicketIfNotPresent" - userInfo:nil]; + kstatus = KLCreateLoginOptions(&inLoginOptions); + if (kstatus != noErr) + @throw [NSException exceptionWithName:@"Krb5Util" + reason:@"getNewTicketIfNotPresent" + userInfo:nil]; + else { + KLLifetime valuel; + KLSize sizel = sizeof (valuel); + KLBoolean value; + KLSize size = sizeof (value); + kstatus = KLGetDefaultLoginOption (loginOption_DefaultTicketLifetime, &valuel, &sizel); + + if (kstatus == noErr) + kstatus = KLLoginOptionsSetTicketLifetime + (inLoginOptions, valuel); + + kstatus = KLGetDefaultLoginOption + (loginOption_DefaultRenewableTicket, &value, + &size); + if (kstatus == noErr) + if ((value != 0) && + ((kstatus = KLGetDefaultLoginOption + (loginOption_DefaultRenewableLifetime, + &value, &size)) == noErr)) + kstatus = KLLoginOptionsSetRenewableLifetime + (inLoginOptions, value); + else { + kstatus = KLLoginOptionsSetRenewableLifetime(inLoginOptions, 0L); + } + kstatus = KLGetDefaultLoginOption + (loginOption_DefaultForwardableTicket, &value, + &size); + + if (kstatus == noErr) + kstatus = KLLoginOptionsSetForwardable + (inLoginOptions, value); + + kstatus = KLGetDefaultLoginOption + (loginOption_DefaultProxiableTicket, &value, + &size); + + if (kstatus == noErr) + kstatus = KLLoginOptionsSetProxiable + (inLoginOptions, value); + + kstatus = KLGetDefaultLoginOption + (loginOption_DefaultAddresslessTicket, &value, + &size); + + if (kstatus == noErr) + kstatus = KLLoginOptionsSetAddressless + (inLoginOptions, value); + } + + if (kstatus == noErr) + kstatus = KLAcquireNewInitialTickets(nil, + inLoginOptions, + &princ, + &princName); + if(kstatus != noErr && kstatus != klUserCanceledErr) + @throw [NSException exceptionWithName:@"Krb5Util" + reason:@"getNewTicketIfNotPresent" + userInfo:nil]; + if (inLoginOptions != NULL) { + KLDisposeLoginOptions (inLoginOptions); + } } } @catch (NSException * e) { -- 2.39.5