5 // Created by Claudio Bisegni on 20/03/10.
6 // Copyright 2010 INFN. All rights reserved.
11 @implementation Krb5Util
12 +(KLStatus) getNewTicketIfNotPresent {
13 KLPrincipal princ = nil;
14 KLStatus kstatus = noErr;
16 KLBoolean outFoundValidTickets = false;
17 KLLoginOptions inLoginOptions = nil;
20 kstatus = KLCacheHasValidTickets(nil, kerberosVersion_All, &outFoundValidTickets, nil, nil);
21 if(!outFoundValidTickets) {
22 kstatus = KLCreateLoginOptions(&inLoginOptions);
24 @throw [NSException exceptionWithName:@"Krb5Util"
25 reason:@"getNewTicketIfNotPresent"
29 KLSize sizel = sizeof (valuel);
31 KLSize size = sizeof (value);
32 kstatus = KLGetDefaultLoginOption (loginOption_DefaultTicketLifetime, &valuel, &sizel);
35 kstatus = KLLoginOptionsSetTicketLifetime
36 (inLoginOptions, valuel);
38 kstatus = KLGetDefaultLoginOption
39 (loginOption_DefaultRenewableTicket, &value,
43 ((kstatus = KLGetDefaultLoginOption
44 (loginOption_DefaultRenewableLifetime,
45 &value, &size)) == noErr))
46 kstatus = KLLoginOptionsSetRenewableLifetime
47 (inLoginOptions, value);
49 kstatus = KLLoginOptionsSetRenewableLifetime(inLoginOptions, 0L);
51 kstatus = KLGetDefaultLoginOption
52 (loginOption_DefaultForwardableTicket, &value,
56 kstatus = KLLoginOptionsSetForwardable
57 (inLoginOptions, value);
59 kstatus = KLGetDefaultLoginOption
60 (loginOption_DefaultProxiableTicket, &value,
64 kstatus = KLLoginOptionsSetProxiable
65 (inLoginOptions, value);
67 kstatus = KLGetDefaultLoginOption
68 (loginOption_DefaultAddresslessTicket, &value,
72 kstatus = KLLoginOptionsSetAddressless
73 (inLoginOptions, value);
77 kstatus = KLAcquireNewInitialTickets(nil,
81 if(kstatus != noErr && kstatus != klUserCanceledErr)
82 @throw [NSException exceptionWithName:@"Krb5Util"
83 reason:@"getNewTicketIfNotPresent"
85 if (inLoginOptions != NULL) {
86 KLDisposeLoginOptions (inLoginOptions);
90 @catch (NSException * e) {
94 KLDisposeString (princName);
95 KLDisposePrincipal (princ);
100 +(KLStatus) renewTicket:(NSTimeInterval)secToExpire
101 renewTime:(NSTimeInterval)renewTime {
102 KLPrincipal princ = nil;
103 KLStatus kstatus = noErr;
104 char *princName = 0L;
105 KLTime expireStartTime;
106 KLLoginOptions inLoginOptions;
107 KLLifetime inTicketLifetime = renewTime;
108 NSDate *expirationDate = nil;
110 //prepare the login option
111 kstatus = KLCreateLoginOptions(&inLoginOptions);
112 //set the lifetime of ticket
113 kstatus = KLLoginOptionsSetTicketLifetime (inLoginOptions, inTicketLifetime);
114 kstatus = KLLoginOptionsSetRenewableLifetime (inLoginOptions, 0L);
115 kstatus = KLLoginOptionsSetTicketStartTime (inLoginOptions, 0);
116 //set the preference renewable time
117 //kstatus = KLLoginOptionsSetRenewableLifetime (inLoginOptions, inTicketLifetime);
118 //check the start time
119 kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime);
120 expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime];
122 //NSLog(@"Ticket Expiration time: %@", [expirationDate description]);
123 NSTimeInterval secondToExpireTime = [expirationDate timeIntervalSinceNow];
124 if(secondToExpireTime <= secToExpire) {
125 #if defined(MAC_OS_X_VERSION_10_7) && (MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6)
128 krb5_ccache id = NULL;
129 static dispatch_once_t once = 0;
130 static krb5_context kcontext;
131 krb5_principal me=NULL;
132 krb5_principal server=NULL;
135 dispatch_once(&once, ^{
136 krb5_init_context(&kcontext);
139 krb5_timeofday(kcontext, &now);
140 memset((char *)&in, 0, sizeof(in));
141 in.times.starttime = 0;
142 in.times.endtime = now + inTicketLifetime;
143 in.times.renew_till = now + inTicketLifetime;
145 krb5_cc_default(kcontext, &id);
147 ret = krb5_cc_get_principal(kcontext, id,
152 ret = krb5_build_principal_ext(kcontext, &server,
153 krb5_princ_realm(kcontext,
155 krb5_princ_realm(kcontext,
158 krb5_princ_realm(kcontext,
160 krb5_princ_realm(kcontext,
166 ret = krb5_get_renewed_creds(kcontext, &in, me, id, server);
169 ret = krb5_cc_initialize (kcontext, id, me);
170 ret = krb5_cc_store_cred(kcontext, id, &in);
171 krb5_cc_close(kcontext,id);
173 krb5_free_principal(kcontext, server);
175 KLPrincipal klprinc = nil;
176 kstatus = KLRenewInitialTickets ( klprinc, inLoginOptions, nil, nil);
180 /* handoff to growl agent? */
181 kstatus = KLTicketExpirationTime (nil, kerberosVersion_All, &expireStartTime);
182 expirationDate = [NSDate dateWithTimeIntervalSince1970:expireStartTime];
183 BuildNotificationInfo(@"Ticket Renewed Unitl %@", expirationDate, callbackInfo->dcref, callbackInfo->regref, callbackInfo->icon);
187 @catch (NSException * e) {
191 KLDisposeString (princName);
192 KLDisposePrincipal (princ);
193 KLDisposeLoginOptions(inLoginOptions);