diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-07-13 15:53:23 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-07-13 15:53:23 +0000 |
| commit | bc45e6ec043183dded03744c3f36531464353e78 (patch) | |
| tree | 4b1b11d1531506f9821c792fa17918211996f78f /src/plugins/kdb | |
| parent | 80a3846c5c7b04625b112b2ee555292f8347dd52 (diff) | |
| download | krb5-bc45e6ec043183dded03744c3f36531464353e78.tar.gz krb5-bc45e6ec043183dded03744c3f36531464353e78.tar.xz krb5-bc45e6ec043183dded03744c3f36531464353e78.zip | |
Add audit_as_req to the DAL with a corresponding libkdb5 API,
replacing the AUDIT_AS_REQ method of db_invoke. Remove the
AUDIT_TGS_REQ method of db_invoke without adding a replacement, as
there was no KDC support for it. (It can be added at a later time if
necessary.)
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24185 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/kdb')
| -rw-r--r-- | src/plugins/kdb/db2/db2_exp.c | 7 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 8 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/kdb_db2.h | 5 | ||||
| -rw-r--r-- | src/plugins/kdb/db2/kdb_ext.c | 29 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_exp.c | 1 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c | 20 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 8 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 5 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports | 1 |
9 files changed, 36 insertions, 48 deletions
diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index a95d47dfcb..80c55b24f9 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -186,6 +186,12 @@ WRAP_K (krb5_db2_check_policy_as, krb5_data *e_data), (kcontext, request, client, server, kdc_time, status, e_data)); +WRAP_K (krb5_db2_audit_as_req, + (krb5_context kcontext, krb5_kdc_req *request, krb5_db_entry *client, + krb5_db_entry *server, krb5_timestamp authtime, + krb5_error_code error_code), + (kcontext, request, client, server, authtime, error_code)); + WRAP_K (krb5_db2_invoke, (krb5_context kcontext, unsigned int method, @@ -251,5 +257,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = { 0, 0, 0, 0, /* check_policy_as */ wrap_krb5_db2_check_policy_as, 0, + /* audit_as_req */ wrap_krb5_db2_audit_as_req, /* invoke */ wrap_krb5_db2_invoke }; diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index a53e26258a..8c6c97afc3 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -1649,3 +1649,11 @@ krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, *status = "LOCKED_OUT"; return retval; } + +krb5_error_code +krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + krb5_timestamp authtime, krb5_error_code error_code) +{ + return krb5_db2_lockout_audit(kcontext, client, authtime, error_code); +} diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h index 0bddcf4a59..0c8095a936 100644 --- a/src/plugins/kdb/db2/kdb_db2.h +++ b/src/plugins/kdb/db2/kdb_db2.h @@ -152,6 +152,11 @@ krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, krb5_timestamp kdc_time, const char **status, krb5_data *e_data); +krb5_error_code +krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + krb5_timestamp authtime, krb5_error_code error_code); + /* methods */ krb5_error_code krb5_db2_invoke(krb5_context context, diff --git a/src/plugins/kdb/db2/kdb_ext.c b/src/plugins/kdb/db2/kdb_ext.c index 8f7ad94278..a27aa2ca7c 100644 --- a/src/plugins/kdb/db2/kdb_ext.c +++ b/src/plugins/kdb/db2/kdb_ext.c @@ -34,38 +34,11 @@ #include <errno.h> #include "kdb_db2.h" -static krb5_error_code -krb5_db2_audit_as(krb5_context context, - unsigned int method, - const krb5_data *request, - krb5_data *response) -{ - const kdb_audit_as_req *req; - krb5_error_code code; - - req = (const kdb_audit_as_req *)request->data; - - code = krb5_db2_lockout_audit(context, req->client, - req->authtime, req->error_code); - - return code; -} - krb5_error_code krb5_db2_invoke(krb5_context context, unsigned int method, const krb5_data *req, krb5_data *rep) { - krb5_error_code code = KRB5_PLUGIN_OP_NOTSUPP; - - switch (method) { - case KRB5_KDB_METHOD_AUDIT_AS: - code = krb5_db2_audit_as(context, method, req, rep); - break; - default: - break; - } - - return code; + return KRB5_PLUGIN_OP_NOTSUPP; } diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c index 8236406c2f..3bd6c67501 100644 --- a/src/plugins/kdb/ldap/ldap_exp.c +++ b/src/plugins/kdb/ldap/ldap_exp.c @@ -86,6 +86,7 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = { /* check_transited_realms */ NULL, /* check_policy_as */ krb5_ldap_check_policy_as, /* check_policy_tgs */ NULL, + /* audit_as_req */ krb5_ldap_audit_as_req, /* invoke */ krb5_ldap_invoke, }; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c index 0330e15e8a..75b4543347 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c @@ -35,23 +35,6 @@ #include "kdb_ldap.h" static krb5_error_code -krb5_ldap_audit_as(krb5_context context, - unsigned int method, - const krb5_data *request, - krb5_data *response) -{ - const kdb_audit_as_req *req; - krb5_error_code code; - - req = (const kdb_audit_as_req *)request->data; - - code = krb5_ldap_lockout_audit(context, req->client, - req->authtime, req->error_code); - - return code; -} - -static krb5_error_code krb5_ldap_check_allowed_to_delegate(krb5_context context, unsigned int method, const krb5_data *request, @@ -94,9 +77,6 @@ krb5_ldap_invoke(krb5_context context, krb5_error_code code = KRB5_PLUGIN_OP_NOTSUPP; switch (method) { - case KRB5_KDB_METHOD_AUDIT_AS: - code = krb5_ldap_audit_as(context, method, req, rep); - break; case KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE: code = krb5_ldap_check_allowed_to_delegate(context, method, req, rep); break; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 7127ce4a03..185e1f3300 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -541,3 +541,11 @@ krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, *status = "LOCKED_OUT"; return retval; } + +krb5_error_code +krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + krb5_timestamp authtime, krb5_error_code error_code) +{ + return krb5_ldap_lockout_audit(kcontext, client, authtime, error_code); +} diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 8e935e1937..6c795d6564 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -302,6 +302,11 @@ krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request, krb5_timestamp kdc_time, const char **status, krb5_data *e_data); +krb5_error_code +krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request, + krb5_db_entry *client, krb5_db_entry *server, + krb5_timestamp authtime, krb5_error_code error_code); + /* DAL functions */ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports index affdb38bb9..6692c71699 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports +++ b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports @@ -45,4 +45,5 @@ krb5_ldap_create krb5_ldap_set_mkey_list krb5_ldap_get_mkey_list krb5_ldap_check_policy_as +krb5_ldap_audit_as_req krb5_ldap_invoke |