5 // Created by Claudio Bisegni on
20/03/10.
6 // Copyright
2010 INFN.
All rights reserved.
11 @implementation Krb5Util
12 +(KLStatus
) getNewTicketIfNotPresent
{
13 KLPrincipal princ
= nil
;
14 KLStatus kstatus
= noErr
;
16 KLBoolean outFoundValidTickets
= false
;
17 KLLoginOptions inLoginOptions
= nil
;
20 kstatus
= KLCacheHasValidTickets
(nil
, kerberosVersion_All
, &outFoundValidTickets
, nil
, nil
);
21 if(!outFoundValidTickets
) {
22 kstatus
= KLCreateLoginOptions
(&inLoginOptions
);
24 @throw
[NSException exceptionWithName
:@"Krb5Util"
25 reason
:@"getNewTicketIfNotPresent"
27 #
if !(defined
(MAC_OS_X_VERSION_10_7
) && (MAC_OS_X_VERSION_MAX_ALLOWED
> MAC_OS_X_VERSION_10_6
))
30 KLSize sizel
= sizeof
(valuel
);
32 KLSize
size = sizeof
(value
);
33 kstatus
= KLGetDefaultLoginOption
(loginOption_DefaultTicketLifetime
, &valuel
, &sizel
);
36 kstatus
= KLLoginOptionsSetTicketLifetime
37 (inLoginOptions
, valuel
);
39 kstatus
= KLGetDefaultLoginOption
40 (loginOption_DefaultRenewableTicket
, &value
,
44 ((kstatus
= KLGetDefaultLoginOption
45 (loginOption_DefaultRenewableLifetime
,
46 &value
, &size)) == noErr
))
47 kstatus
= KLLoginOptionsSetRenewableLifetime
48 (inLoginOptions
, value
);
50 kstatus
= KLLoginOptionsSetRenewableLifetime
(inLoginOptions
, 0L);
52 kstatus
= KLGetDefaultLoginOption
53 (loginOption_DefaultForwardableTicket
, &value
,
57 kstatus
= KLLoginOptionsSetForwardable
58 (inLoginOptions
, value
);
60 kstatus
= KLGetDefaultLoginOption
61 (loginOption_DefaultProxiableTicket
, &value
,
65 kstatus
= KLLoginOptionsSetProxiable
66 (inLoginOptions
, value
);
68 kstatus
= KLGetDefaultLoginOption
69 (loginOption_DefaultAddresslessTicket
, &value
,
73 kstatus
= KLLoginOptionsSetAddressless
74 (inLoginOptions
, value
);
78 kstatus
= KLAcquireNewInitialTickets
(nil
,
82 if(kstatus
!= noErr
&& kstatus
!= klUserCanceledErr
)
83 @throw
[NSException exceptionWithName
:@"Krb5Util"
84 reason
:@"getNewTicketIfNotPresent"
86 if (inLoginOptions
!= NULL) {
87 KLDisposeLoginOptions
(inLoginOptions
);
91 @
catch (NSException
* e
) {
95 KLDisposeString
(princName
);
96 KLDisposePrincipal
(princ
);
101 +(KLStatus
) renewTicket
:(NSTimeInterval
)secToExpire
102 renewTime
:(NSTimeInterval
)renewTime
{
103 KLPrincipal princ
= nil
;
104 KLStatus kstatus
= noErr
;
105 char *princName
= 0L;
106 KLTime expireStartTime
;
107 KLLoginOptions inLoginOptions
;
108 KLLifetime inTicketLifetime
= renewTime
;
109 NSDate
*expirationDate
= nil
;
111 //prepare the login option
112 kstatus
= KLCreateLoginOptions
(&inLoginOptions
);
113 //set the lifetime of ticket
114 kstatus
= KLLoginOptionsSetTicketLifetime
(inLoginOptions
, inTicketLifetime
);
115 kstatus
= KLLoginOptionsSetRenewableLifetime
(inLoginOptions
, 0L);
116 kstatus
= KLLoginOptionsSetTicketStartTime
(inLoginOptions
, 0);
117 //set the preference renewable time
118 //kstatus
= KLLoginOptionsSetRenewableLifetime
(inLoginOptions
, inTicketLifetime
);
119 //check the start time
120 kstatus
= KLTicketExpirationTime
(nil
, kerberosVersion_All
, &expireStartTime
);
121 expirationDate
= [NSDate dateWithTimeIntervalSince1970
:expireStartTime
];
123 //NSLog
(@"Ticket Expiration time
: %@", [expirationDate description]);
124 NSTimeInterval secondToExpireTime
= [expirationDate timeIntervalSinceNow
];
125 if(secondToExpireTime
<= secToExpire
) {
126 #
if defined
(MAC_OS_X_VERSION_10_7
) && (MAC_OS_X_VERSION_MAX_ALLOWED
> MAC_OS_X_VERSION_10_6
)
129 krb5_ccache id
= NULL;
130 static dispatch_once_t once
= 0;
131 static krb5_context kcontext
;
132 krb5_principal me
=NULL;
133 krb5_principal server
=NULL;
136 dispatch_once
(&once
, ^
{
137 krb5_init_context
(&kcontext
);
140 krb5_timeofday
(kcontext
, &now
);
141 memset
((char *)&in
, 0, sizeof
(in
));
142 in.times.starttime
= 0;
143 in.times.endtime
= now
+ inTicketLifetime
;
144 in.times.renew_till
= now
+ inTicketLifetime
;
146 krb5_cc_default
(kcontext
, &id
);
148 ret
= krb5_cc_get_principal
(kcontext
, id
,
152 if ((ret
== 0) && (in.client
)) {
153 ret
= krb5_build_principal_ext
(kcontext
, &server
,
154 krb5_princ_realm
(kcontext
,
156 krb5_princ_realm
(kcontext
,
159 krb5_princ_realm
(kcontext
,
161 krb5_princ_realm
(kcontext
,
164 if (ret
== 0 && server
) {
166 ret
= krb5_get_renewed_creds
(kcontext
, &in
, me
, id
, server
);
168 ret
= krb5_cc_initialize
(kcontext
, id
, me
);
169 ret
= krb5_cc_store_cred
(kcontext
, id
, &in
);
170 krb5_cc_close
(kcontext
,id
);
174 krb5_free_principal
(kcontext
, server
);
176 KLPrincipal klprinc
= nil
;
177 kstatus
= KLRenewInitialTickets
( klprinc
, inLoginOptions
, nil
, nil
);
181 /* handoff to growl agent? */
182 kstatus
= KLTicketExpirationTime
(nil
, kerberosVersion_All
, &expireStartTime
);
183 expirationDate
= [NSDate dateWithTimeIntervalSince1970
:expireStartTime
];
184 BuildNotificationInfo
(@"Ticket Renewed Unitl
%@", expirationDate, callbackInfo->dcref, callbackInfo->regref, callbackInfo->icon);
188 @
catch (NSException
* e
) {
192 KLDisposeString
(princName
);
193 KLDisposePrincipal
(princ
);
194 KLDisposeLoginOptions
(inLoginOptions
);