Add "get_data" function to the client preauth plugin interface

Modify the client preauth plugin interface to pass in a function pointer and data pointer so the plugin may request information otherwise unavailable. ticket: new Tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18790 dc483132-0cff-0310-8789-dd5450dbe970
author: Kevin Coffman <kwc@citi.umich.edu> 2006-11-09 20:40:29 +0000
committer: Kevin Coffman <kwc@citi.umich.edu> 2006-11-09 20:40:29 +0000
commit: a01105065c1e6d28870205337cbe01b26b1cafde (patch)
tree: 4b28bd09621f21b5085c3283b0d55befd6cdb81e /src/lib
parent: af11fb8369ed3db1e7c98844f926a0d4292d1567 (diff)
download: krb5-a01105065c1e6d28870205337cbe01b26b1cafde.tar.gz
krb5-a01105065c1e6d28870205337cbe01b26b1cafde.tar.xz
krb5-a01105065c1e6d28870205337cbe01b26b1cafde.zip
2 files changed, 81 insertions, 5 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 947984f62a..a71d98d410 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -865,6 +865,7 @@ krb5_get_init_creds(krb5_context context,
     krb5_kdc_rep *local_as_reply;
     krb5_timestamp time_now;
     krb5_enctype etype = 0;
+    krb5_preauth_client_rock get_data_rock;
 
     /* initialize everything which will be freed at cleanup */
 
@@ -1091,6 +1092,9 @@ krb5_get_init_creds(krb5_context context,
     if (ret)
         goto cleanup;
 
+    get_data_rock.magic = CLIENT_ROCK_MAGIC;
+    get_data_rock.as_reply = NULL;
+
     /* now, loop processing preauth data and talking to the kdc */
     for (loopcount = 0; loopcount < MAX_IN_TKT_LOOPS; loopcount++) {
 	if (!err_reply) {
@@ -1106,7 +1110,8 @@ krb5_get_init_creds(krb5_context context,
 				       preauth_to_use, &request.padata,
 				       &salt, &s2kparams, &etype, &as_key,
 				       prompter, prompter_data,
-				       gak_fct, gak_data)))
+				       gak_fct, gak_data,
+				       &get_data_rock)))
 	        goto cleanup;
 	} else {
 	    /* retrying after an error other than PREAUTH_NEEDED, using e-data
@@ -1119,7 +1124,8 @@ krb5_get_init_creds(krb5_context context,
 					 err_reply,
 					 &salt, &s2kparams, &etype, &as_key,
 					 prompter, prompter_data,
-					 gak_fct, gak_data)) {
+					 gak_fct, gak_data,
+					 &get_data_rock)) {
 		/* couldn't come up with anything better */
 	        ret = err_reply->error + ERROR_TABLE_BASE_krb5;
 	        krb5_free_error(context, err_reply);
@@ -1193,12 +1199,14 @@ krb5_get_init_creds(krb5_context context,
     if ((ret = sort_krb5_padata_sequence(context, &request.server->realm,
 					 local_as_reply->padata)))
 	goto cleanup;
+    get_data_rock.as_reply = local_as_reply;
     if ((ret = krb5_do_preauth(context,
 			       &request,
 			       encoded_request_body, encoded_previous_request,
 			       local_as_reply->padata, &kdc_padata,
 			       &salt, &s2kparams, &etype, &as_key, prompter,
-			       prompter_data, gak_fct, gak_data)))
+			       prompter_data, gak_fct, gak_data,
+			       &get_data_rock)))
 	goto cleanup;
 
     /* XXX For 1.1.1 and prior KDC's, when SAM is used w/ USE_SAD_AS_KEY,
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index 64823732fb..b2a513e203 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -327,6 +327,66 @@ grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size,
     return 0;
 }
 
+/*
+ * Retrieve a specific piece of information required by the plugin and
+ * return it in a new krb5_data item.  There are separate request_types
+ * to obtain the data and free it.
+ *
+ * This may require massaging data into a contrived format, but it will
+ * hopefully keep us from having to reveal library-internal functions
+ * or data to the plugin modules.
+ */
+
+static krb5_error_code
+client_data_proc(krb5_context kcontext,
+		 krb5_preauth_client_rock *rock,
+		 krb5_int32 request_type,
+		 krb5_data **retdata)
+{
+    krb5_data *ret;
+    char *data;
+
+    if (rock->magic != CLIENT_ROCK_MAGIC)
+	return EINVAL;
+    if (retdata == NULL)
+	return EINVAL;
+
+    switch (request_type) {
+    case krb5plugin_preauth_client_get_etype:
+	{
+	    krb5_enctype *eptr;
+	    if (rock->as_reply == NULL)
+		return ENOENT;
+	    ret = malloc(sizeof(krb5_data));
+	    if (ret == NULL)
+		return ENOMEM;
+	    data = malloc(sizeof(krb5_enctype));
+	    if (data == NULL) {
+		free(ret);
+		return ENOMEM;
+	    }
+	    ret->data = data;
+	    ret->length = sizeof(krb5_enctype);
+	    eptr = (krb5_enctype *)data;
+	    *eptr = rock->as_reply->enc_part.enctype;
+	    *retdata = ret;
+	    return 0;
+	}
+	break;
+    case krb5plugin_preauth_client_free_etype:
+	ret = *retdata;
+	if (ret == NULL)
+	    return 0;
+	if (ret->data)
+	    free(ret->data);
+	free(ret);
+	return 0;
+	break;
+    default:
+	return EINVAL;
+    }
+}
+
 /* Tweak the request body, for now adding any enctypes which the module claims
  * to add support for to the list, but in the future perhaps doing more
  * involved things. */
@@ -370,6 +430,7 @@ krb5_run_preauth_plugins(krb5_context kcontext,
 			 krb5_data *salt,
 			 krb5_data *s2kparams,
 			 void *gak_data,
+			 krb5_preauth_client_rock *get_data_rock,
 			 krb5_keyblock *as_key,
 			 krb5_pa_data ***out_pa_list,
 			 int *out_pa_list_size,
@@ -413,6 +474,8 @@ krb5_run_preauth_plugins(krb5_context kcontext,
 	ret = module->client_process(kcontext,
 				     module->plugin_context,
 				     module->request_context,
+				     client_data_proc,
+				     get_data_rock,
 				     request,
 				     encoded_request_body,
 				     encoded_previous_request,
@@ -1221,7 +1284,8 @@ krb5_do_preauth_tryagain(krb5_context kcontext,
 			 krb5_enctype *etype,
 			 krb5_keyblock *as_key,
 			 krb5_prompter_fct prompter, void *prompter_data,
-			 krb5_gic_get_as_key_fct gak_fct, void *gak_data)
+			 krb5_gic_get_as_key_fct gak_fct, void *gak_data,
+			 krb5_preauth_client_rock *get_data_rock)
 {
     krb5_error_code ret;
     krb5_pa_data *out_padata;
@@ -1251,6 +1315,8 @@ krb5_do_preauth_tryagain(krb5_context kcontext,
 	    if ((*module->client_tryagain)(kcontext,
 					   module->plugin_context,
 					   module->request_context,
+					   client_data_proc,
+					   get_data_rock,
 					   request,
 					   encoded_request_body,
 					   encoded_previous_request,
@@ -1283,7 +1349,8 @@ krb5_do_preauth(krb5_context context,
 		krb5_enctype *etype,
 		krb5_keyblock *as_key,
 		krb5_prompter_fct prompter, void *prompter_data,
-		krb5_gic_get_as_key_fct gak_fct, void *gak_data)
+		krb5_gic_get_as_key_fct gak_fct, void *gak_data,
+		krb5_preauth_client_rock *get_data_rock)
 {
     int h, i, j, out_pa_list_size;
     int seen_etype_info2 = 0;
@@ -1471,6 +1538,7 @@ krb5_do_preauth(krb5_context context,
 						   gak_fct,
 						   salt, s2kparams,
 						   gak_data,
+						   get_data_rock,
 						   as_key,
 						   &out_pa_list,
 						   &out_pa_list_size,
author	Kevin Coffman <kwc@citi.umich.edu>	2006-11-09 20:40:29 +0000
committer	Kevin Coffman <kwc@citi.umich.edu>	2006-11-09 20:40:29 +0000
commit	a01105065c1e6d28870205337cbe01b26b1cafde (patch)
tree	4b28bd09621f21b5085c3283b0d55befd6cdb81e /src/lib
parent	af11fb8369ed3db1e7c98844f926a0d4292d1567 (diff)
download	krb5-a01105065c1e6d28870205337cbe01b26b1cafde.tar.gz krb5-a01105065c1e6d28870205337cbe01b26b1cafde.tar.xz krb5-a01105065c1e6d28870205337cbe01b26b1cafde.zip