Implement krb5_auth_con_set_checksum_func, an API for setting a

callback to specify the data to be checksummed by krb5_mk_req after
the auth_context has been set up.  Mainly useful for GSSAPI.

Ticket: 1054
Status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15084 dc483132-0cff-0310-8789-dd5450dbe970

8 files changed, 76 insertions, 1 deletions

diff --git a/src/include/ChangeLog b/src/include/ChangeLog
index 2b6e7d46e7..76a2a95ec0 100644
--- a/src/include/ChangeLog
+++ b/src/include/ChangeLog
@@ -1,3 +1,8 @@
+2003-01-06  Sam Hartman  <hartmans@mit.edu>
+
+	* krb5.hin: Add support for setting a callback to generate the
+	data  checksummed by mk_req
+
 2003-01-03  Ezra Peisach  <epeisach@bu.edu>
 
 	* fake-addrinfo.h (freeaddrinfo): Do not free a NULL pointer.
diff --git a/src/include/krb5.hin b/src/include/krb5.hin
index 9d2d1ef8e0..e238f7a600 100644
--- a/src/include/krb5.hin
+++ b/src/include/krb5.hin
@@ -1,7 +1,7 @@
 /*
  * include/krb5.h
  *
- * Copyright 1989,1990,1995,2001 by the Massachusetts Institute of Technology.
+ * Copyright 1989,1990,1995,2001, 2003  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
@@ -1159,6 +1159,13 @@ typedef struct krb5_replay_data {
 #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR	0x00000004
 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR	0x00000008
 
+/* type of function used as a callback to generate checksum data for
+	* mk_req*/
+
+typedef krb5_error_code KRB5_CALLCONV
+(* krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *,
+			       krb5_data **);
+
 /*
  * end "safepriv.h"
  */
@@ -2103,6 +2110,14 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags
 		krb5_auth_context,
 		krb5_int32 *);
 
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context,
+				 krb5_mk_req_checksum_func, void *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context,
+				 krb5_mk_req_checksum_func *, void **);
+
 krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs
 	(krb5_context,
 		krb5_auth_context,
diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog
index 96bc29cb18..ebebb73344 100644
--- a/src/lib/ChangeLog
+++ b/src/lib/ChangeLog
@@ -1,3 +1,7 @@
+2003-01-06  Sam Hartman  <hartmans@mit.edu>
+
+	* krb5_32.def: Export krb5_auth_con_*_checksum_func
+
 2002-12-02  Tom Yu  <tlyu@mit.edu>
 
 	* win_glue.c: Put kadm_err.et references back in.
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index b0a1ec724c..e12afdce68 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,16 @@
+2003-01-06  Sam Hartman  <hartmans@mit.edu>
+
+	* mk_req_ext.c (krb5_mk_req_extended): Inf no in_data is provided
+	but krb5_auth_con_set_checksum_func has been called, then use that
+	callback to generate the in_data.
+
+	* auth_con.c (krb5_auth_con_init): Initialize checksum_func fields
+	(krb5_auth_con_set_checksum_func):  new function-- set the mk_req
+	checksum function 
+	(krb5_auth_con_get_checksum_func): return the same
+
+	* auth_con.h: Add checksum_func and checksum_func_data
+
 2002-12-23  Ezra Peisach  <epeisach@bu.edu>
 
 	* t_kerb.c: Include string.h for strcmp prototype.
diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index 7c60785ad1..09ccf9808e 100644
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -38,6 +38,8 @@ krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context)
 
     (*auth_context)->req_cksumtype = context->default_ap_req_sumtype;
     (*auth_context)->safe_cksumtype = context->default_safe_sumtype;
+    (*auth_context) -> checksum_func = NULL;
+    (*auth_context)->checksum_func_data = NULL;
     (*auth_context)->magic = KV5M_AUTH_CONTEXT;
     return 0;
 }
@@ -335,3 +337,25 @@ krb5_auth_con_getpermetypes(krb5_context context, krb5_auth_context auth_context
 
     return(0);
 }
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_set_checksum_func( krb5_context context,
+				 krb5_auth_context  auth_context,
+				 krb5_mk_req_checksum_func func,
+				 void *data)
+{
+  auth_context->checksum_func = func;
+  auth_context->checksum_func_data = data;
+  return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_auth_con_get_checksum_func( krb5_context context,
+				 krb5_auth_context auth_context,
+				 krb5_mk_req_checksum_func *func,
+				 void **data)
+{
+  *func = auth_context->checksum_func;
+  *data = auth_context->checksum_func_data;
+  return 0;
+}
diff --git a/src/lib/krb5/krb/auth_con.h b/src/lib/krb5/krb/auth_con.h
index e6704169ed..d83d6b86e8 100644
--- a/src/lib/krb5/krb/auth_con.h
+++ b/src/lib/krb5/krb/auth_con.h
@@ -21,6 +21,8 @@ struct _krb5_auth_context {
     krb5_pointer	i_vector;		/* mk_priv, rd_priv only */
     krb5_rcache		rcache;
     krb5_enctype      * permitted_etypes;	/* rd_req */
+  krb5_mk_req_checksum_func checksum_func;
+  void *checksum_func_data;
 };
 
 
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 5e07f7b667..c2cd63b914 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -140,7 +140,17 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
 	    goto cleanup;
     }
 
+    if (!in_data &&(*auth_context)->checksum_func) {
+      
     if (in_data) {
+      retval = (*auth_context)->checksum_func( context,
+					    *auth_context,
+					    (*auth_context)->checksum_func_data,
+					    &in_data);
+      if (retval)
+	goto cleanup_cksum;
+    }
+
 	if ((*auth_context)->req_cksumtype == 0x8003) {
 	    /* XXX Special hack for GSSAPI */
 	    checksum.checksum_type = 0x8003;
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
index 2e9d5fc3fc..79f4cc74ae 100644
--- a/src/lib/krb5_32.def
+++ b/src/lib/krb5_32.def
@@ -181,6 +181,8 @@ EXPORTS
 	krb5_auth_con_getauthenticator
 	krb5_auth_con_set_req_cksumtype
 	krb5_auth_con_setrcache
+krb5_auth_con_set_checksum_func
+krb5_auth_con_get_checksum_func
 ;
 	krb5_cc_default
 	krb5_cc_default_name