/* Authors: Sumit Bose Copyright (C) 2011, 2012, 2013 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . */ /* A short documentation about authdata plugins can be found in * http://http://k5wiki.kerberos.org/wiki/Projects/VerifyAuthData */ #include #include #include "krb5_authdata_int.h" #include "sss_cli.h" struct sssd_context { krb5_data data; }; static krb5_error_code sssdpac_init(krb5_context kcontext, void **plugin_context) { *plugin_context = NULL; return 0; } static void sssdpac_flags(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags) { *flags = AD_USAGE_KDC_ISSUED | AD_USAGE_TGS_REQ; } static void sssdpac_fini(krb5_context kcontext, void *plugin_context) { return; } static krb5_error_code sssdpac_request_init(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void **request_context) { struct sssd_context *sssdctx; sssdctx = (struct sssd_context *)calloc(1, sizeof(*sssdctx)); if (sssdctx == NULL) { return ENOMEM; } *request_context = sssdctx; return 0; } static krb5_error_code sssdpac_import_authdata(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_authdata **authdata, krb5_boolean kdc_issued, krb5_const_principal kdc_issuer) { char *data = NULL; struct sssd_context *sssdctx = (struct sssd_context *)request_context; if (authdata[0] == NULL) { return EINVAL; } if (authdata[0]->length > 0) { data = malloc(sizeof(char) * authdata[0]->length); if (data == NULL) { return ENOMEM; } memcpy(data, authdata[0]->contents, authdata[0]->length); } if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } sssdctx->data.length = authdata[0]->length; sssdctx->data.data = data; return 0; } static void sssdpac_request_fini(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; if (sssdctx != NULL) { if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } free(sssdctx); } } static krb5_error_code sssdpac_verify(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, const krb5_auth_context *auth_context, const krb5_keyblock *key, const krb5_ap_req *req) { krb5_error_code kerr; int ret; krb5_pac pac; struct sssd_context *sssdctx = (struct sssd_context *)request_context; struct sss_cli_req_data sss_data; int errnop; if (sssdctx == NULL || sssdctx->data.data == NULL) { return EINVAL; } kerr = krb5_pac_parse(kcontext, sssdctx->data.data, sssdctx->data.length, &pac); if (kerr != 0) { return EINVAL; } kerr = krb5_pac_verify(kcontext, pac, req->ticket->enc_part2->times.authtime, req->ticket->enc_part2->client, key, NULL); if (kerr != 0) { return EINVAL; } sss_data.len = sssdctx->data.length; sss_data.data = sssdctx->data.data; ret = sss_pac_make_request(SSS_PAC_ADD_PAC_USER, &sss_data, NULL, NULL, &errnop); if (ret != 0) { /* Ignore the error */ } return 0; } static krb5_error_code sssdpac_size(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, size_t *sizep) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; *sizep += sizeof(krb5_int32); *sizep += sssdctx->data.length; *sizep += sizeof(krb5_int32); return 0; } static krb5_error_code sssdpac_externalize(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain) { krb5_error_code code = 0; struct sssd_context *sssdctx = (struct sssd_context *)request_context; size_t required = 0; krb5_octet *bp; size_t remain; bp = *buffer; remain = *lenremain; if (sssdctx->data.data != NULL) { sssdpac_size(kcontext, context, plugin_context, request_context, &required); if (required <= remain) { krb5_ser_pack_int32((krb5_int32)sssdctx->data.length, &bp, &remain); krb5_ser_pack_bytes((krb5_octet *)sssdctx->data.data, (size_t)sssdctx->data.length, &bp, &remain); krb5_ser_pack_int32(0, &bp, &remain); } else { code = ENOMEM; } } else { krb5_ser_pack_int32(0, &bp, &remain); /* length */ krb5_ser_pack_int32(0, &bp, &remain); /* verified */ } *buffer = bp; *lenremain = remain; return code; } static krb5_error_code sssdpac_internalize(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; krb5_error_code code; krb5_int32 ibuf; krb5_octet *bp; size_t remain; krb5_data data; bp = *buffer; remain = *lenremain; /* length */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) { return code; } if (ibuf != 0) { data.length = ibuf; data.data = malloc(sizeof(char) * ibuf); if (data.data == NULL) { return ENOMEM; } memcpy(data.data, bp, ibuf); bp += ibuf; remain -= ibuf; } else { data.length = 0; data.data = NULL; } /* verified */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) { return code; } if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } sssdctx->data.length = data.length; sssdctx->data.data = data.data; *buffer = bp; *lenremain = remain; return 0; } static krb5_authdatatype sssdpac_ad_types[] = { KRB5_AUTHDATA_WIN2K_PAC, 0 }; krb5plugin_authdata_client_ftable_v0 authdata_client_0 = { ((void *)((uintptr_t)("sssd_sssdpac"))), sssdpac_ad_types, sssdpac_init, sssdpac_fini, sssdpac_flags, sssdpac_request_init, sssdpac_request_fini, NULL, NULL, NULL, NULL, NULL, sssdpac_import_authdata, NULL, NULL, sssdpac_verify, sssdpac_size, sssdpac_externalize, sssdpac_internalize, NULL }; 144 145 
/** BEGIN COPYRIGHT BLOCK
 * This Program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; version 2 of the License.
 * 
 * This Program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License along with
 * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place, Suite 330, Boston, MA 02111-1307 USA.
 * 
 * In addition, as a special exception, Red Hat, Inc. gives You the additional
 * right to link the code of this Program with code not covered under the GNU
 * General Public License ("Non-GPL Code") and to distribute linked combinations
 * including the two, subject to the limitations in this paragraph. Non-GPL Code
 * permitted under this exception must only link to the code of this Program
 * through those well defined interfaces identified in the file named EXCEPTION
 * found in the source code files (the "Approved Interfaces"). The files of
 * Non-GPL Code may instantiate templates or use macros or inline functions from
 * the Approved Interfaces without causing the resulting work to be covered by
 * the GNU General Public License. Only Red Hat, Inc. may make changes or
 * additions to the list of Approved Interfaces. You must obey the GNU General
 * Public License in all respects for all of the Program code and other code used
 * in conjunction with the Program except the Non-GPL Code covered by this
 * exception. If you modify this file, you may extend this exception to your
 * version of the file, but you are not obligated to do so. If you do not wish to
 * provide this exception without modification, you must delete this exception
 * statement from your version and license this file solely under the GPL without
 * exception. 
 * 
 * 
 * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
 * Copyright (C) 2005 Red Hat, Inc.
 * All rights reserved.
 * END COPYRIGHT BLOCK **/
/* repl_ext.c - manages operation extensions created by the 
 *              replication system
 */


#include "repl.h"

/* structure with information for each extension */
typedef struct repl_ext
{
	char *object_name;				/* name of the object extended   */
	int object_type;				/* handle to the extended object */
	int handle;					    /* extension handle              */
} repl_ext;

/* ----------------------------- Supplier ----------------------------- */

static repl_ext repl_sup_ext_list [REPL_EXT_ALL];

/* initializes replication extensions */
void repl_sup_init_ext ()
{
    int rc;
		
	/* populate the extension list */
	repl_sup_ext_list[REPL_SUP_EXT_OP].object_name = SLAPI_EXT_OPERATION;
	
	rc = slapi_register_object_extension(repl_plugin_name,
	                     SLAPI_EXT_OPERATION, 
						 supplier_operation_extension_constructor, 
					     supplier_operation_extension_destructor, 
						 &repl_sup_ext_list[REPL_SUP_EXT_OP].object_type,
					     &repl_sup_ext_list[REPL_SUP_EXT_OP].handle);

	if(rc!=0)
	{
	    PR_ASSERT(0); /* JCMREPL Argh */
	}
}

void* repl_sup_get_ext (ext_type type, void *object)
{
	/* find the requested extension */
	repl_ext ext = repl_sup_ext_list [type];

	void* data = slapi_get_object_extension(ext.object_type, object, ext.handle);

	return data;
}

/* ----------------------------- Consumer ----------------------------- */

static repl_ext repl_con_ext_list [REPL_EXT_ALL];

/* initializes replication extensions */
void repl_con_init_ext ()
{
    int rc;
	
	/* populate the extension list */
	repl_con_ext_list[REPL_CON_EXT_OP].object_name = SLAPI_EXT_OPERATION;
	rc = slapi_register_object_extension(repl_plugin_name,
	                     SLAPI_EXT_OPERATION, 
						 consumer_operation_extension_constructor, 
					     consumer_operation_extension_destructor, 
						 &repl_con_ext_list[REPL_CON_EXT_OP].object_type,
					     &repl_con_ext_list[REPL_CON_EXT_OP].handle);
	if(rc!=0)
	{
	    PR_ASSERT(0); /* JCMREPL Argh */
	}
						 
	repl_con_ext_list[REPL_CON_EXT_CONN].object_name = SLAPI_EXT_CONNECTION;
	rc = slapi_register_object_extension(repl_plugin_name,
	                     SLAPI_EXT_CONNECTION, 
						 consumer_connection_extension_constructor, 
					     consumer_connection_extension_destructor, 
						 &repl_con_ext_list[REPL_CON_EXT_CONN].object_type,
					     &repl_con_ext_list[REPL_CON_EXT_CONN].handle);
	if(rc!=0)
	{
	    PR_ASSERT(0); /* JCMREPL Argh */
	}

    repl_con_ext_list[REPL_CON_EXT_MTNODE].object_name = SLAPI_EXT_MTNODE;
	rc = slapi_register_object_extension(repl_plugin_name,
	                     SLAPI_EXT_MTNODE, 
						 multimaster_mtnode_extension_constructor, 
					     multimaster_mtnode_extension_destructor, 
						 &repl_con_ext_list[REPL_CON_EXT_MTNODE].object_type,
					     &repl_con_ext_list[REPL_CON_EXT_MTNODE].handle);
	if(rc!=0)
	{
	    PR_ASSERT(0); /* JCMREPL Argh */
	}
}

void* repl_con_get_ext (ext_type type, void *object)
{
	/* find the requested extension */
	repl_ext ext = repl_con_ext_list [type];

	void* data = slapi_get_object_extension(ext.object_type, object, ext.handle);

	return data;
}
generated by cgit (git 2.34.1) at 2026-04-19 12:45:28 +0000