From 464b99b8ffa4ee8c7a33cd34609ba2f6885f6b01 Mon Sep 17 00:00:00 2001 From: Claudio Bisegni Date: Mon, 22 Mar 2010 23:35:22 +0100 Subject: [PATCH] Develop Kerberos renew system for ticket - In Preference pane has been added a tab called "Option" where are showned the option for kerberos renew - In AfsBackgrounder has been implemented the NSTimer that will call the krb5 renew action according to user preference value Change-Id: Ica4b705018722488613ac09586e60c69303d1076 Change-Id: I79ce1334d99f926544e865fbb563a1ffecaa969c Reviewed-on: http://gerrit.openafs.org/1606 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- .../AFSBackgrounder/AFSBackgrounderDelegate.h | 11 + .../AFSBackgrounder/AFSBackgrounderDelegate.m | 59 ++ .../DARWIN/AFSPreference/AFSCommanderPref.h | 6 + .../DARWIN/AFSPreference/AFSCommanderPref.m | 82 ++- .../DARWIN/AFSPreference/AFSPropertyManager.m | 21 +- .../English.lproj/OpenAFSPreference.xib | 692 +++++++++++++++++- src/platform/DARWIN/AFSPreference/Krb5Util.h | 17 + src/platform/DARWIN/AFSPreference/Krb5Util.m | 82 +++ .../OpenAFS.xcodeproj/project.pbxproj | 12 + src/platform/DARWIN/AFSPreference/global.h | 23 +- 10 files changed, 963 insertions(+), 42 deletions(-) create mode 100644 src/platform/DARWIN/AFSPreference/Krb5Util.h create mode 100644 src/platform/DARWIN/AFSPreference/Krb5Util.m diff --git a/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.h b/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.h index 31239f2a8..c4799c6cf 100644 --- a/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.h +++ b/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.h @@ -31,23 +31,34 @@ NSImage *hasTokenImage; NSImage *noTokenImage; + //krb5 renew + NSNumber *krb5CheckRenew; + NSNumber *krb5RenewTime; + NSNumber *krb5RenewCheckTimeInterval; + NSNumber *krb5SecToExpireTimeForRenew; + //credential windows mainWindow AFSMenuCredentialContoller *credentialMenuController; //NSTimer for tokens refresh NSTimer *timerForCheckTokensList; + NSTimer *timerForCheckRenewTicket; NSLock *tokensLock; + NSLock *renewTicketLock; bool currentLinkActivationStatus; NSMutableDictionary *linkConfiguration; NSLock *linkCreationLock; } - (void)startTimer; - (void)stopTimer; +- (void)startTimerRenewTicket; +- (void)stopTimerRenewTicket; - (BOOL)useAklogPrefValue; - (void)readPreferenceFile:(NSNotification *)notification; - (void)getToken:(id)sender; - (void)releaseToken:(id)sender; - (void)updateAfsStatus:(NSTimer*)timer; +- (void)krb5RenewAction:(NSTimer*)timer; - (void)klogUserEven:(NSNotification *)notification; - (void)switchHandler:(NSNotification*) notification; - (void)chageMenuVisibility:(NSNotification *)notification; diff --git a/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.m b/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.m index d5d317021..94bef26a2 100644 --- a/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.m +++ b/src/platform/DARWIN/AFSPreference/AFSBackgrounder/AFSBackgrounderDelegate.m @@ -21,6 +21,7 @@ #include #include #import +#import "Krb5Util.h" #define LINK_ICON 'srvr' @@ -34,6 +35,7 @@ // allocate the lock for concurent afs check state tokensLock = [[NSLock alloc] init]; + renewTicketLock = [[NSLock alloc] init]; //remove the auto eanble on menu item [backgrounderMenu setAutoenablesItems:NO]; @@ -111,6 +113,7 @@ //release the lock [self stopTimer]; + [self stopTimerRenewTicket]; if(hasTokenImage) [hasTokenImage release]; if(noTokenImage) [noTokenImage release]; @@ -172,9 +175,19 @@ NSNumber *linkEnabledStatus = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_USE_LINK, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); [self updateLinkModeStatusWithpreferenceStatus:[linkEnabledStatus boolValue]]; + //check the user preference for manage the renew + krb5CheckRenew = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_CHECK_ENABLE, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + krb5RenewTime = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_RENEW_TIME, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + krb5RenewCheckTimeInterval = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + krb5SecToExpireTimeForRenew = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + //set the menu name [self updateAfsStatus:nil]; + + //stop and start the timer for krb5 renew + [self stopTimerRenewTicket]; + [self startTimerRenewTicket]; } // ------------------------------------------------------------------------------- @@ -432,6 +445,52 @@ [timerForCheckTokensList invalidate]; timerForCheckTokensList = nil; } + +// ------------------------------------------------------------------------------- +// startTimerRenewTicket: +// ------------------------------------------------------------------------------- +- (void)startTimerRenewTicket { + //start the time for check ticket renew + if(timerForCheckRenewTicket || !krb5RenewCheckTimeInterval || ![krb5RenewCheckTimeInterval intValue]) return; + NSLog(@"startTimerRenewTicket with sec %d", [krb5RenewCheckTimeInterval intValue]); + timerForCheckRenewTicket = [NSTimer scheduledTimerWithTimeInterval:(krb5RenewCheckTimeInterval?[krb5RenewCheckTimeInterval intValue]:PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL_DEFAULT_VALUE) + target:self + selector:@selector(krb5RenewAction:) + userInfo:nil + repeats:YES]; + [timerForCheckRenewTicket fire]; +} + +// ------------------------------------------------------------------------------- +// stopTimerRenewTicket: +// ------------------------------------------------------------------------------- +- (void)stopTimerRenewTicket { + NSLog(@"stopTimerRenewTicket"); + if(!timerForCheckRenewTicket) return; + [timerForCheckRenewTicket invalidate]; + timerForCheckRenewTicket = nil; +} + +// ------------------------------------------------------------------------------- +// krb5RenewAction: +// ------------------------------------------------------------------------------- +- (void)krb5RenewAction:(NSTimer*)timer { + //Try to locking + if(![renewTicketLock tryLock]) return; + NSLog(@"krb5RenewAction %@", [NSDate date]); + @try { + [Krb5Util renewTicket:[krb5SecToExpireTimeForRenew intValue] + renewTime:[krb5RenewTime intValue]]; + } + @catch (NSException * e) { + } + @finally { + [renewTicketLock unlock]; + } + + +} + // ------------------------------------------------------------------------------- // -(void) getImageFromBundle // ------------------------------------------------------------------------------- diff --git a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.h b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.h index f6666c73a..cc1534b30 100644 --- a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.h +++ b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.h @@ -43,6 +43,10 @@ int CoreMenuExtraRemoveMenuExtra(void *menuExtra, int whoCares); IBOutlet NSTextField *daemonNumber; IBOutlet NSTextField *afsRootMountPoint; IBOutlet NSTextField *nVolEntry; + IBOutlet NSTextField *nsTextFieldKrb5RenewTime; + IBOutlet NSTextField *nsTextFieldKrb5SecToExpireDateForRenew; + IBOutlet NSTextField *nsTextFieldKrb5RenewCheckIntervall; + IBOutlet NSButton *nsButtonEnableDisableKrb5RenewCheck; IBOutlet NSButton *dynRoot; IBOutlet NSButton *afsDB; IBOutlet NSButton *verbose; @@ -123,6 +127,8 @@ int CoreMenuExtraRemoveMenuExtra(void *menuExtra, int whoCares); - (IBAction) searchCellTextEvent:(id) sender; - (IBAction) manageBackgrounderActivation:(id)sender; - (IBAction) tableViewLinkPerformClick:(id) sender; +- (IBAction) enableDisableKrb5RenewCheck:(id) sender; +- (IBAction) krb5RenewParamChange:(id) sender; - (void) credentialAtLoginTimeEventCreationLaunchAgentDir:(NSWindow*)alert returnCode:(int)returnCode contextInfo:(void *)contextInfo; - (void) clearCellServDBFiltering; - (void) filterCellServDB:(NSString*)textToFilter; diff --git a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m index 6e4e4ffaf..4d708ef39 100644 --- a/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m +++ b/src/platform/DARWIN/AFSPreference/AFSCommanderPref.m @@ -297,6 +297,22 @@ NSNumber *linkEnabledStatus = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_USE_LINK, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); [checkEnableLink setState:[linkEnabledStatus boolValue]]; + //check the user preference for manage the renew + NSNumber *checkRenew = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_CHECK_ENABLE, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + if(checkRenew)[nsButtonEnableDisableKrb5RenewCheck setState:[checkRenew intValue]]; + + NSNumber *renewTime = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_RENEW_TIME, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + if(renewTime && [renewTime intValue])[nsTextFieldKrb5RenewTime setIntValue:[renewTime intValue]]; + else [nsTextFieldKrb5RenewTime setIntValue:PREFERENCE_KRB5_RENEW_TIME_DEFAULT_VALUE]; + + NSNumber *renewCheckTimeInterval = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + if(renewCheckTimeInterval && [renewCheckTimeInterval intValue])[nsTextFieldKrb5RenewCheckIntervall setIntValue:[renewCheckTimeInterval intValue]]; + else [nsTextFieldKrb5RenewCheckIntervall setIntValue:PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL_DEFAULT_VALUE]; + + NSNumber *expireTimeForRenew = (NSNumber*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + if(expireTimeForRenew && [expireTimeForRenew intValue])[nsTextFieldKrb5SecToExpireDateForRenew setIntValue:[expireTimeForRenew intValue]]; + else [nsTextFieldKrb5SecToExpireDateForRenew setIntValue:PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW_DEFAULT_VALUE]; + //link configuration NSData *prefData = (NSData*)CFPreferencesCopyValue((CFStringRef)PREFERENCE_LINK_CONFIGURATION, (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); linkConfiguration = (NSMutableDictionary*)[NSPropertyListSerialization propertyListFromData:prefData @@ -312,10 +328,6 @@ - (void) writePreferenceFile { //Set the preference for afs path - /*CFPreferencesSetValue((CFStringRef)PREFERENCE_AFS_SYS_PAT, - (CFStringRef)[((NSTextField*) installationPathTextField ) stringValue], - (CFStringRef)kAfsCommanderID, kCFPreferencesAnyUser, kCFPreferencesAnyHost);*/ - //Set the preference for aklog use CFPreferencesSetValue((CFStringRef)PREFERENCE_USE_AKLOG, (CFNumberRef)[NSNumber numberWithInt:[useAklogCheck state]], @@ -333,14 +345,29 @@ //set aklog at login CFPreferencesSetValue((CFStringRef)PREFERENCE_SHOW_STATUS_MENU, - (CFNumberRef)[NSNumber numberWithBool:[afsMenucheckBox state]], + (CFNumberRef)[NSNumber numberWithBool:[(NSButton*)afsMenucheckBox state]], (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); - //write preference for link + //preference for link CFPreferencesSetValue((CFStringRef)PREFERENCE_USE_LINK, (CFNumberRef)[NSNumber numberWithBool:[checkEnableLink state]], (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + //preference for renew time + CFPreferencesSetValue((CFStringRef)PREFERENCE_KRB5_RENEW_TIME, + (CFNumberRef)[NSNumber numberWithInt:[nsTextFieldKrb5RenewTime intValue]], + (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + + //expire time for renew + CFPreferencesSetValue((CFStringRef)PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW, + (CFNumberRef)[NSNumber numberWithInt:[nsTextFieldKrb5SecToExpireDateForRenew intValue]], + (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + + //sec to expiretime for renew job + CFPreferencesSetValue((CFStringRef)PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL, + (CFNumberRef)[NSNumber numberWithInt:[nsTextFieldKrb5RenewCheckIntervall intValue]], + (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + CFPreferencesSynchronize((CFStringRef)kAfsCommanderID, kCFPreferencesAnyUser, kCFPreferencesAnyHost); CFPreferencesSynchronize((CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); [[NSDistributedNotificationCenter defaultCenter] postNotificationName:kAFSMenuExtraID object:kPrefChangeNotification]; @@ -800,7 +827,7 @@ -(IBAction) afsMenuActivationEvent:(id) sender { CFPreferencesSetValue((CFStringRef)PREFERENCE_SHOW_STATUS_MENU, - (CFNumberRef)[NSNumber numberWithBool:[afsMenucheckBox state]], + (CFNumberRef)[NSNumber numberWithBool:[(NSButton*)afsMenucheckBox state]], (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); CFPreferencesSynchronize((CFStringRef)kAfsCommanderID, kCFPreferencesAnyUser, kCFPreferencesAnyHost); @@ -1041,7 +1068,48 @@ [tableViewLink reloadData]; } } +// ------------------------------------------------------------------------------- +// tableViewLinkPerformClick: +// ------------------------------------------------------------------------------- +- (IBAction) enableDisableKrb5RenewCheck:(id) sender { + //NSLog(@"enableDisableKrb5RenewCheck"); + CFPreferencesSetValue((CFStringRef)PREFERENCE_KRB5_CHECK_ENABLE, + (CFNumberRef) [NSNumber numberWithInt:[(NSButton*)sender intValue]], + (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + CFPreferencesSynchronize((CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + //notify the backgrounder + [[NSDistributedNotificationCenter defaultCenter] postNotificationName:kAFSMenuExtraID object:kPrefChangeNotification]; +} +// ------------------------------------------------------------------------------- +// tableViewLinkPerformClick: +// ------------------------------------------------------------------------------- +- (IBAction) krb5RenewParamChange:(id) sender { + //NSLog(@"krb5RenewParamChange %@", [sender description]); + CFStringRef prefStr = 0L; + NSNumber *newNumberValue = [NSNumber numberWithInt:[(NSButton*)sender intValue]]; + + switch([(NSControl*)sender tag]){ + case 1:{ + prefStr = (CFStringRef)PREFERENCE_KRB5_RENEW_TIME; + } + break; + + case 2:{ + prefStr = (CFStringRef)PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW; + } + break; + + case 3:{ + prefStr = (CFStringRef)PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL; + } + break; + } + /*CFPreferencesSetValue(prefStr, + (CFNumberRef)newNumberValue, + (CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost); + CFPreferencesSynchronize((CFStringRef)kAfsCommanderID, kCFPreferencesCurrentUser, kCFPreferencesAnyHost);*/ +} @end @implementation AFSCommanderPref (NSTableDataSource) diff --git a/src/platform/DARWIN/AFSPreference/AFSPropertyManager.m b/src/platform/DARWIN/AFSPreference/AFSPropertyManager.m index 5a5c54039..559a21622 100644 --- a/src/platform/DARWIN/AFSPreference/AFSPropertyManager.m +++ b/src/platform/DARWIN/AFSPreference/AFSPropertyManager.m @@ -6,7 +6,7 @@ // Copyright 2007 INFN - National Institute of Nuclear Physics. All rights reserved. // -#import +#import "Krb5Util.h" #import "AFSPropertyManager.h" #import "TaskUtil.h" @@ -1000,24 +1000,13 @@ // +(void) aklog // ------------------------------------------------------------------------------- -(void) aklog:(NSString*)theCell noKerberosCall:(BOOL)krb5CallEnable { - KLPrincipal princ = nil; KLStatus kstatus = noErr; - char *princName = 0L; - KLBoolean outFoundValidTickets = false; @try { // trying to ket kerberos ticket if(krb5CallEnable) { - kstatus = KLCacheHasValidTickets(nil, nil, &outFoundValidTickets, nil, nil); - //kstatus = KLAcquireInitialTickets (0L, 0L, &princ, &princName); - if(!outFoundValidTickets) { - kstatus = KLAcquireNewInitialTickets(nil, nil, &princ, &princName); - if(kstatus != noErr && kstatus != klUserCanceledErr) @throw [NSException exceptionWithName:@"aklog" - reason:@"KLAcquireInitialTickets" - userInfo:nil]; - } + kstatus = [Krb5Util getNewTicketIfNotPresent]; } else kstatus = klNoErr; - //ok to launch aklog if(kstatus == klNoErr) [TaskUtil executeTaskSearchingPath:@"aklog" args:(theCell==nil?[NSArray arrayWithObjects:nil]:[NSArray arrayWithObjects:@"-c", theCell, nil])]; @@ -1027,11 +1016,7 @@ @throw e; } @finally { - // destory the kerberos va - if (kstatus == klNoErr) { - KLDisposeString (princName); - KLDisposePrincipal (princ); - } + } } diff --git a/src/platform/DARWIN/AFSPreference/English.lproj/OpenAFSPreference.xib b/src/platform/DARWIN/AFSPreference/English.lproj/OpenAFSPreference.xib index 26386358b..2661fff28 100644 --- a/src/platform/DARWIN/AFSPreference/English.lproj/OpenAFSPreference.xib +++ b/src/platform/DARWIN/AFSPreference/English.lproj/OpenAFSPreference.xib @@ -2,13 +2,13 @@ 1050 - 10B504 - 740 - 1038.2 - 437.00 + 10C540 + 762 + 1038.25 + 458.00 com.apple.InterfaceBuilder.CocoaPlugin - 740 + 762 YES @@ -1828,7 +1828,6 @@ - QSAAAEEgAABBmAAAQZgAAA @@ -1900,6 +1899,353 @@ + + Item 4 + + + 256 + + YES + + + 10 + + YES + + + 256 + + YES + + + 268 + {{15, 132}, {174, 17}} + + YES + + 68288064 + 272630784 + Requested ticket lifetime: + + + + + + + + + 268 + {{237, 130}, {96, 22}} + + 1 + YES + + -1804468671 + 71304192 + + + + + YES + + YES + allowsFloats + formatterBehavior + locale + maximumFractionDigits + minimum + minimumFractionDigits + minimumIntegerDigits + negativeInfinitySymbol + nilSymbol + numberStyle + positiveInfinitySymbol + + + YES + + + + + + + + -∞ + + + +∞ + + + # + # + + + + + + + + NaN + + + + + + 3 + YES + YES + YES + + . + , + NO + NO + YES + + + YES + + + + + + + 268 + {{237, 70}, {96, 22}} + + 3 + YES + + -1804468671 + 71304192 + + + + + YES + + YES + allowsFloats + formatterBehavior + locale + maximumFractionDigits + minimum + minimumFractionDigits + minimumIntegerDigits + negativeInfinitySymbol + nilSymbol + numberStyle + positiveInfinitySymbol + + + YES + + + + + + + + -∞ + + + +∞ + + + # + # + + + + + + + + NaN + + + + + + 3 + YES + YES + YES + + . + , + NO + NO + YES + + + YES + + + + + + + 268 + {{15, 72}, {207, 17}} + + YES + + 68288064 + 272630784 + Ticket renewal check frequency: + + + + + + + + + 268 + {{237, 100}, {96, 22}} + + 2 + YES + + -1804468671 + 71304192 + + + + + YES + + YES + allowsFloats + formatterBehavior + locale + maximumFractionDigits + minimum + minimumFractionDigits + minimumIntegerDigits + negativeInfinitySymbol + nilSymbol + numberStyle + positiveInfinitySymbol + + + YES + + + + + + + + -∞ + + + +∞ + + + # + # + + + + + + + + NaN + + + + + + 3 + YES + YES + YES + + . + , + NO + NO + YES + + + YES + + + + + + + 268 + {{15, 102}, {217, 17}} + + YES + + 68288064 + 272630784 + Seconds before expire to renew: + + + + + + + + + 265 + {{363, 131}, {148, 18}} + + YES + + 67239424 + 0 + Enable auto-renew + + + 1211912703 + 2 + + + + + 200 + 25 + + + + {{1, 1}, {517, 162}} + + + + {{19, 179}, {519, 178}} + + {0, 0} + + 67239424 + 0 + Kerberos Renew Ticket Option + + + + 3 + MCAwLjgwMDAwMDAxMTkAA + + + + 1 + 0 + 2 + NO + + + {{10, 25}, {552, 363}} + + Option + + + @@ -2608,6 +2954,70 @@ 2063 + + + nsTextFieldKrb5RenewCheckIntervall + + + + 2081 + + + + nsTextFieldKrb5RenewTime + + + + 2082 + + + + nsTextFieldKrb5SecToExpireDateForRenew + + + + 2083 + + + + nsButtonEnableDisableKrb5RenewCheck + + + + 2089 + + + + krb5RenewParamChange: + + + + 2090 + + + + krb5RenewParamChange: + + + + 2091 + + + + krb5RenewParamChange: + + + + 2092 + + + + enableDisableKrb5RenewCheck: + + + + 2093 + @@ -2667,6 +3077,7 @@ + @@ -3686,6 +4097,164 @@ + + 2064 + + + YES + + + + + + 2065 + + + YES + + + + + + 2086 + + + YES + + + + + + + + + + + + 2066 + + + YES + + + + + + 2067 + + + + + 2068 + + + YES + + + + + + 2069 + + + YES + + + + + + 2070 + + + + + 2073 + + + YES + + + + + + 2074 + + + YES + + + + + + 2075 + + + + + 2071 + + + YES + + + + + + 2072 + + + + + 2076 + + + YES + + + + + + 2079 + + + YES + + + + + + 2080 + + + + + 2077 + + + YES + + + + + + 2078 + + + + + 2087 + + + YES + + + + + + 2088 + + + @@ -3851,8 +4420,31 @@ 2050.IBPluginDependency 2054.IBPluginDependency 2055.IBPluginDependency + 2064.IBPluginDependency + 2065.IBPluginDependency + 2066.IBPluginDependency + 2067.IBPluginDependency + 2068.IBAttributePlaceholdersKey + 2068.IBPluginDependency + 2069.IBPluginDependency 207.IBPluginDependency 207.ImportedFromIB2 + 2070.IBNumberFormatterBehaviorMetadataKey + 2070.IBNumberFormatterLocalizesFormatMetadataKey + 2070.IBPluginDependency + 2071.IBPluginDependency + 2072.IBPluginDependency + 2073.IBAttributePlaceholdersKey + 2073.IBPluginDependency + 2074.IBPluginDependency + 2075.IBNumberFormatterBehaviorMetadataKey + 2075.IBNumberFormatterLocalizesFormatMetadataKey + 2075.IBPluginDependency + 2076.IBAttributePlaceholdersKey + 2076.IBPluginDependency + 2077.IBPluginDependency + 2078.IBPluginDependency + 2079.IBPluginDependency 208.IBEditorWindowLastContentRect 208.IBPluginDependency 208.IBWindowTemplateEditedContentRect @@ -3860,6 +4452,13 @@ 208.windowTemplate.hasMinSize 208.windowTemplate.maxSize 208.windowTemplate.minSize + 2080.IBNumberFormatterBehaviorMetadataKey + 2080.IBNumberFormatterLocalizesFormatMetadataKey + 2080.IBPluginDependency + 2086.IBPluginDependency + 2087.IBAttributePlaceholdersKey + 2087.IBPluginDependency + 2088.IBPluginDependency 209.IBPluginDependency 209.ImportedFromIB2 214.IBPluginDependency @@ -3952,11 +4551,11 @@ com.apple.InterfaceBuilder.CocoaPlugin - {{165, 432}, {595, 486}} + {{354, 320}, {595, 486}} com.apple.InterfaceBuilder.CocoaPlugin - {{165, 432}, {595, 486}} + {{354, 320}, {595, 486}} {3.40282e+38, 3.40282e+38} @@ -4109,7 +4708,51 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + + ToolTip + + ToolTip + + Desired lifetime for renewed Kerberos ticket, in seconds (min. 3600). + + + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + + + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + + ToolTip + + ToolTip + + Interval to check whether tickets require renewal, in seconds (min. 3600) + + + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + + + com.apple.InterfaceBuilder.CocoaPlugin + + ToolTip + + ToolTip + + Maximum remaining ticket lifetime before renewal is attempted, in seconds (min. 3600) + + + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin {{0, 510}, {715, 485}} com.apple.InterfaceBuilder.CocoaPlugin {{0, 510}, {715, 485}} @@ -4117,6 +4760,20 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg {3.40282e+38, 3.40282e+38} {0, 0} + + + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin + + ToolTip + + ToolTip + + Enable/Disable automatic Kerberos ticket renewal + + + com.apple.InterfaceBuilder.CocoaPlugin + com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin com.apple.InterfaceBuilder.CocoaPlugin @@ -4241,7 +4898,7 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg - 2063 + 2093 @@ -4259,10 +4916,12 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg afsStartupSwitchEvent: aklogSwitchEvent: credentialAtLoginTimeEvent: + enableDisableKrb5RenewCheck: enableLink: getNewToken: info: krb5KredentialAtLoginTimeEvent: + krb5RenewParamChange: manageBackgrounderActivation: refreshConfiguration: removeLink: @@ -4298,6 +4957,8 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg id id id + id + id @@ -4335,6 +4996,10 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg lyncCreationSheet lynkCreationController nVolEntry + nsButtonEnableDisableKrb5RenewCheck + nsTextFieldKrb5RenewCheckIntervall + nsTextFieldKrb5RenewTime + nsTextFieldKrb5SecToExpireDateForRenew removeCellButton saveConfigurationButton startStopButton @@ -4381,6 +5046,10 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg id LynkCreationController NSTextField + NSButton + NSTextField + NSTextField + NSTextField NSControl NSControl NSButton @@ -5078,6 +5747,7 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg 0 + IBCocoaFramework com.apple.InterfaceBuilder.CocoaPlugin.macosx @@ -5089,5 +5759,9 @@ Zm9yIGRlYnVnZ2luZyBhcyBpdCBwcmludHMgYSBMT1Qgb2YgaW5mb3JtYXRpb24uCg YES ../OpenAFS.xcodeproj 3 + + NSSwitch + {15, 15} + diff --git a/src/platform/DARWIN/AFSPreference/Krb5Util.h b/src/platform/DARWIN/AFSPreference/Krb5Util.h new file mode 100644 index 000000000..deed0564f --- /dev/null +++ b/src/platform/DARWIN/AFSPreference/Krb5Util.h @@ -0,0 +1,17 @@ +// +// Krb5Util.h +// OpenAFS +// +// Created by Claudio Bisegni on 20/03/10. +// Copyright 2010 INFN. All rights reserved. +// + +#import +#import + +@interface Krb5Util : NSObject { + +} ++(KLStatus) getNewTicketIfNotPresent; ++(KLStatus) renewTicket:(NSTimeInterval) secToExpire renewTime:(NSTimeInterval)renewTime; +@end diff --git a/src/platform/DARWIN/AFSPreference/Krb5Util.m b/src/platform/DARWIN/AFSPreference/Krb5Util.m new file mode 100644 index 000000000..adeb9b672 --- /dev/null +++ b/src/platform/DARWIN/AFSPreference/Krb5Util.m @@ -0,0 +1,82 @@ +// +// Krb5Util.m +// OpenAFS +// +// Created by Claudio Bisegni on 20/03/10. +// Copyright 2010 INFN. All rights reserved. +// + +#import "Krb5Util.h" + +@implementation Krb5Util ++(KLStatus) getNewTicketIfNotPresent { + + KLPrincipal princ = nil; + KLStatus kstatus = noErr; + char *princName = 0L; + KLBoolean outFoundValidTickets = false; + @try{ + kstatus = KLCacheHasValidTickets(nil, kerberosVersion_All, &outFoundValidTickets, nil, nil); + if(!outFoundValidTickets) { + kstatus = KLAcquireNewInitialTickets(nil, nil, &princ, &princName); + if(kstatus != noErr && kstatus != klUserCanceledErr) @throw [NSException exceptionWithName:@"Krb5Util" + reason:@"getNewTicketIfNotPresent" + userInfo:nil]; + } + } + @catch (NSException * e) { + @throw e; + } + @finally { + KLDisposeString (princName); + KLDisposePrincipal (princ); + } + return kstatus; +} + ++(KLStatus) renewTicket:(NSTimeInterval)secToExpire + renewTime:(NSTimeInterval)renewTime { + KLPrincipal princ = nil; + KLStatus kstatus = noErr; + char *princName = 0L; + KLTime expireStartTime; + KLLoginOptions inLoginOptions; + KLLifetime inTicketLifetime = renewTime; + NSDate *expirationDate = nil; + + @try { + //prepare the login option + kstatus = KLCreateLoginOptions(&inLoginOptions); + //set the lifetime of ticket + kstatus = KLLoginOptionsSetTicketLifetime (inLoginOptions, inTicketLifetime); + kstatus = KLLoginOptionsSetRenewableLifetime (inLoginOptions, 0L); + kstatus = KLLoginOptionsSetTicketStartTime (inLoginOptions, 0); + //set the preference renewable time + //kstatus = KLLoginOptionsSetRenewableLifetime (inLoginOptions, inTicketLifetime); + //check the start time + kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime); + + expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime]; + //NSLog(@"Ticket Expiration time: %@", [expirationDate description]); + NSTimeInterval secondToExpireTime = [expirationDate timeIntervalSinceNow]; + if(secondToExpireTime <= secToExpire) { + + kstatus = KLRenewInitialTickets ( nil, inLoginOptions, nil, nil); + + kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime); + + expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime]; + //NSLog(@"Ticket Renewed Unitl %@", expirationDate); + } + } + @catch (NSException * e) { + @throw e; + } + @finally { + KLDisposeString (princName); + KLDisposePrincipal (princ); + KLDisposeLoginOptions(inLoginOptions); + } + return kstatus; +} +@end diff --git a/src/platform/DARWIN/AFSPreference/OpenAFS.xcodeproj/project.pbxproj b/src/platform/DARWIN/AFSPreference/OpenAFS.xcodeproj/project.pbxproj index 6683962f4..c61d8443f 100644 --- a/src/platform/DARWIN/AFSPreference/OpenAFS.xcodeproj/project.pbxproj +++ b/src/platform/DARWIN/AFSPreference/OpenAFS.xcodeproj/project.pbxproj @@ -28,6 +28,10 @@ 324D67FD0DA13194007E1561 /* OpenAFSPreference.xib in Resources */ = {isa = PBXBuildFile; fileRef = 324D67FB0DA13194007E1561 /* OpenAFSPreference.xib */; }; 324D683D0DA133A3007E1561 /* IpPanel.xib in Resources */ = {isa = PBXBuildFile; fileRef = 324D683B0DA133A3007E1561 /* IpPanel.xib */; }; 324D684A0DA133CF007E1561 /* CredentialPanel.xib in Resources */ = {isa = PBXBuildFile; fileRef = 324D68480DA133CF007E1561 /* CredentialPanel.xib */; }; + 324F490E115548E2001A763B /* Krb5Util.h in Headers */ = {isa = PBXBuildFile; fileRef = 324F490C115548E2001A763B /* Krb5Util.h */; }; + 324F490F115548E2001A763B /* Krb5Util.m in Sources */ = {isa = PBXBuildFile; fileRef = 324F490D115548E2001A763B /* Krb5Util.m */; }; + 324F4910115548ED001A763B /* Krb5Util.m in Sources */ = {isa = PBXBuildFile; fileRef = 324F490D115548E2001A763B /* Krb5Util.m */; }; + 324F492D11554AF2001A763B /* Krb5Util.m in Sources */ = {isa = PBXBuildFile; fileRef = 324F490D115548E2001A763B /* Krb5Util.m */; }; 325311D00C44F4B100FAF2F3 /* license.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 325311CF0C44F4B100FAF2F3 /* license.rtf */; }; 3273088D0C2A9B05008C322B /* FileUtil.h in Headers */ = {isa = PBXBuildFile; fileRef = 3273088B0C2A9B05008C322B /* FileUtil.h */; }; 3273088E0C2A9B05008C322B /* FileUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 3273088C0C2A9B05008C322B /* FileUtil.m */; }; @@ -169,6 +173,8 @@ 324D67FC0DA13194007E1561 /* English */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = English; path = English.lproj/OpenAFSPreference.xib; sourceTree = ""; }; 324D683C0DA133A3007E1561 /* English */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = English; path = English.lproj/IpPanel.xib; sourceTree = ""; }; 324D68490DA133CF007E1561 /* English */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = English; path = English.lproj/CredentialPanel.xib; sourceTree = ""; }; + 324F490C115548E2001A763B /* Krb5Util.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Krb5Util.h; sourceTree = ""; }; + 324F490D115548E2001A763B /* Krb5Util.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = Krb5Util.m; sourceTree = ""; }; 325311CF0C44F4B100FAF2F3 /* license.rtf */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; path = license.rtf; sourceTree = ""; }; 3273088B0C2A9B05008C322B /* FileUtil.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FileUtil.h; sourceTree = ""; }; 3273088C0C2A9B05008C322B /* FileUtil.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = FileUtil.m; sourceTree = ""; }; @@ -434,6 +440,8 @@ 498DCB420DC2240B00D143C8 /* PListManager.m */, 49B766430DCA47A50014A80F /* DialogUtility.h */, 49B766440DCA47A50014A80F /* DialogUtility.m */, + 324F490C115548E2001A763B /* Krb5Util.h */, + 324F490D115548E2001A763B /* Krb5Util.m */, ); name = Utility; sourceTree = ""; @@ -524,6 +532,7 @@ 498DCB430DC2240B00D143C8 /* PListManager.h in Headers */, 49B766450DCA47A50014A80F /* DialogUtility.h in Headers */, 32DE818C0DF573200069A05C /* LynkCreationController.h in Headers */, + 324F490E115548E2001A763B /* Krb5Util.h in Headers */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -692,6 +701,7 @@ 3231522010243E09005901AA /* AFSMenuCredentialContoller.m in Sources */, 3231522210243E09005901AA /* AFSMenuExtraView.m in Sources */, 3231522610243E10005901AA /* CredentialWindowController.m in Sources */, + 324F4910115548ED001A763B /* Krb5Util.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -726,6 +736,7 @@ 49683F420C344CDA0093C7C8 /* AuthUtil.m in Sources */, 49683F430C344CDB0093C7C8 /* TaskUtil.m in Sources */, 4934D4170DC38958000511D2 /* PListManager.m in Sources */, + 324F492D11554AF2001A763B /* Krb5Util.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -748,6 +759,7 @@ 498DCB440DC2240B00D143C8 /* PListManager.m in Sources */, 49B766460DCA47A50014A80F /* DialogUtility.m in Sources */, 32DE818D0DF573200069A05C /* LynkCreationController.m in Sources */, + 324F490F115548E2001A763B /* Krb5Util.m in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; diff --git a/src/platform/DARWIN/AFSPreference/global.h b/src/platform/DARWIN/AFSPreference/global.h index 4e3fe5173..8d9786191 100644 --- a/src/platform/DARWIN/AFSPreference/global.h +++ b/src/platform/DARWIN/AFSPreference/global.h @@ -30,14 +30,21 @@ // PREFERENCE KEY -#define PREFERENCE_AFS_SYS_PAT @"PREFERENCE_AFS_SYS_PAT" -#define PREFERENCE_AFS_SYS_PAT_STATIC @"/var/db/openafs" -#define PREFERENCE_USE_AKLOG @"PREFERENCE_USE_AKLOG" -#define PREFERENCE_START_AFS_AT_STARTUP @"PREFERENCE_START_AFS_AT_STARTUP" -#define PREFERENCE_SHOW_STATUS_MENU @"PREFERENCE_SHOW_STATUS_MENU" -#define PREFERENCE_AKLOG_TOKEN_AT_LOGIN @"PREFERENCE_AKLOG_TOKEN_AT_LOGIN" -#define PREFERENCE_USE_LINK @"PREFERENCE_USE_LINK" -#define PREFERENCE_LINK_CONFIGURATION @"PREFERENCE_LINK_CONFIGURATION" +#define PREFERENCE_AFS_SYS_PAT @"PREFERENCE_AFS_SYS_PAT" +#define PREFERENCE_AFS_SYS_PAT_STATIC @"/var/db/openafs" +#define PREFERENCE_USE_AKLOG @"PREFERENCE_USE_AKLOG" +#define PREFERENCE_START_AFS_AT_STARTUP @"PREFERENCE_START_AFS_AT_STARTUP" +#define PREFERENCE_SHOW_STATUS_MENU @"PREFERENCE_SHOW_STATUS_MENU" +#define PREFERENCE_AKLOG_TOKEN_AT_LOGIN @"PREFERENCE_AKLOG_TOKEN_AT_LOGIN" +#define PREFERENCE_USE_LINK @"PREFERENCE_USE_LINK" +#define PREFERENCE_LINK_CONFIGURATION @"PREFERENCE_LINK_CONFIGURATION" +#define PREFERENCE_KRB5_RENEW_TIME @"PREFERENCE_KRB5_RENEW_TIME" +#define PREFERENCE_KRB5_RENEW_TIME_DEFAULT_VALUE 3600 +#define PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW @"PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW" +#define PREFERENCE_KRB5_SEC_TO_EXPIRE_TIME_FOR_RENEW_DEFAULT_VALUE 3600 +#define PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL @"PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL" +#define PREFERENCE_KRB5_RENEW_CHECK_TIME_INTERVALL_DEFAULT_VALUE 3600 +#define PREFERENCE_KRB5_CHECK_ENABLE @"PREFERENCE_KRB5_CHECK_ENABLE" // AFSMENUEXTRA INFO #define kAFSMenuExtra [NSURL fileURLWithPath:[[self bundle] pathForResource:@"AFSBackgrounder" ofType:@"app" inDirectory:@""]] -- 2.39.5