5 // Created by Claudio Bisegni on 20/03/10.
6 // Copyright 2010 INFN. All rights reserved.
11 @implementation Krb5Util
12 +(KLStatus) getNewTicketIfNotPresent {
13 KLPrincipal princ = nil;
14 KLStatus kstatus = noErr;
16 KLBoolean outFoundValidTickets = false;
17 KLLoginOptions inLoginOptions = nil;
20 kstatus = KLCacheHasValidTickets(nil, kerberosVersion_All, &outFoundValidTickets, nil, nil);
21 if(!outFoundValidTickets) {
22 kstatus = KLCreateLoginOptions(&inLoginOptions);
24 @throw [NSException exceptionWithName:@"Krb5Util"
25 reason:@"getNewTicketIfNotPresent"
27 #if !(defined(MAC_OS_X_VERSION_10_7) && (MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6))
30 KLSize sizel = sizeof (valuel);
32 KLSize size = sizeof (value);
33 kstatus = KLGetDefaultLoginOption (loginOption_DefaultTicketLifetime, &valuel, &sizel);
36 kstatus = KLLoginOptionsSetTicketLifetime
37 (inLoginOptions, valuel);
39 kstatus = KLGetDefaultLoginOption
40 (loginOption_DefaultRenewableTicket, &value,
44 ((kstatus = KLGetDefaultLoginOption
45 (loginOption_DefaultRenewableLifetime,
46 &value, &size)) == noErr))
47 kstatus = KLLoginOptionsSetRenewableLifetime
48 (inLoginOptions, value);
50 kstatus = KLLoginOptionsSetRenewableLifetime(inLoginOptions, 0L);
52 kstatus = KLGetDefaultLoginOption
53 (loginOption_DefaultForwardableTicket, &value,
57 kstatus = KLLoginOptionsSetForwardable
58 (inLoginOptions, value);
60 kstatus = KLGetDefaultLoginOption
61 (loginOption_DefaultProxiableTicket, &value,
65 kstatus = KLLoginOptionsSetProxiable
66 (inLoginOptions, value);
68 kstatus = KLGetDefaultLoginOption
69 (loginOption_DefaultAddresslessTicket, &value,
73 kstatus = KLLoginOptionsSetAddressless
74 (inLoginOptions, value);
78 kstatus = KLAcquireNewInitialTickets(nil,
82 if(kstatus != noErr && kstatus != klUserCanceledErr)
83 @throw [NSException exceptionWithName:@"Krb5Util"
84 reason:@"getNewTicketIfNotPresent"
86 if (inLoginOptions != NULL) {
87 KLDisposeLoginOptions (inLoginOptions);
91 @catch (NSException * e) {
95 KLDisposeString (princName);
96 KLDisposePrincipal (princ);
101 +(KLStatus) renewTicket:(NSTimeInterval)secToExpire
102 renewTime:(NSTimeInterval)renewTime {
103 KLPrincipal princ = nil;
104 KLStatus kstatus = noErr;
105 char *princName = 0L;
106 KLTime expireStartTime;
107 KLLoginOptions inLoginOptions;
108 KLLifetime inTicketLifetime = renewTime;
109 NSDate *expirationDate = nil;
111 //prepare the login option
112 kstatus = KLCreateLoginOptions(&inLoginOptions);
113 //set the lifetime of ticket
114 kstatus = KLLoginOptionsSetTicketLifetime (inLoginOptions, inTicketLifetime);
115 kstatus = KLLoginOptionsSetRenewableLifetime (inLoginOptions, 0L);
116 kstatus = KLLoginOptionsSetTicketStartTime (inLoginOptions, 0);
117 //set the preference renewable time
118 //kstatus = KLLoginOptionsSetRenewableLifetime (inLoginOptions, inTicketLifetime);
119 //check the start time
120 kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime);
121 expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime];
123 //NSLog(@"Ticket Expiration time: %@", [expirationDate description]);
124 NSTimeInterval secondToExpireTime = [expirationDate timeIntervalSinceNow];
125 if(secondToExpireTime <= secToExpire) {
126 #if defined(MAC_OS_X_VERSION_10_7) && (MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6)
129 krb5_ccache id = NULL;
130 static dispatch_once_t once = 0;
131 static krb5_context kcontext;
132 krb5_principal me=NULL;
133 krb5_principal server=NULL;
136 dispatch_once(&once, ^{
137 krb5_init_context(&kcontext);
140 krb5_timeofday(kcontext, &now);
141 memset((char *)&in, 0, sizeof(in));
142 in.times.starttime = 0;
143 in.times.endtime = now + inTicketLifetime;
144 in.times.renew_till = now + inTicketLifetime;
146 krb5_cc_default(kcontext, &id);
148 ret = krb5_cc_get_principal(kcontext, id,
152 if ((ret == 0) && (in.client)) {
153 ret = krb5_build_principal_ext(kcontext, &server,
154 krb5_princ_realm(kcontext,
156 krb5_princ_realm(kcontext,
159 krb5_princ_realm(kcontext,
161 krb5_princ_realm(kcontext,
164 if (ret == 0 && server) {
166 ret = krb5_get_renewed_creds(kcontext, &in, me, id, server);
168 ret = krb5_cc_initialize (kcontext, id, me);
169 ret = krb5_cc_store_cred(kcontext, id, &in);
170 krb5_cc_close(kcontext,id);
174 krb5_free_principal(kcontext, server);
176 KLPrincipal klprinc = nil;
177 kstatus = KLRenewInitialTickets ( klprinc, inLoginOptions, nil, nil);
181 @catch (NSException * e) {
185 KLDisposeString (princName);
186 KLDisposePrincipal (princ);
187 KLDisposeLoginOptions(inLoginOptions);