From 1f857634ae3b549e8c328727adbdaa9e9f403d4f Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 30 Jan 2007 21:38:47 +0000 Subject: get_init_creds_opt extensibility r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500 First cut at making the get_init_creds_opt structure extendable and adding library functions to set options for preauthentication plugins. This does *not* include a compatibility function to work like Heimdal's krb5_get_init_creds_opt_set_pkinit() function. Hopefully, the test code that doesn't belong in kinit.c is obvious. r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500 Remove extra "user_id" parameter. Add function which duplicates the Heimdal interface (if we can agree on what the matching attribute names should be). r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500 Update to use the simplified interface for krb5_get_init_creds_opt_set_pa() Add code in kinit to process "-X" options as preauth options and pass them along. r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500 Move prototypes for get_init_creds_opt_get_pa() and krb5_get_init_creds_opt_free_pa() into the preauth_plugin.h header rather than krb5.hin. ticket: new status: open component: krb5-libs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/krb5/preauth_plugin.h | 48 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) (limited to 'src/include/krb5/preauth_plugin.h') diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index f8a9db1a17..7243a00b17 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -157,6 +157,17 @@ typedef krb5_error_code krb5_keyblock *as_key, void *gak_data); +/* + * Client function which receives krb5_get_init_creds_opt information. + * The attr and value information supplied should be copied locally by + * the module if it wishes to reference it after returning from this call. + */ +typedef krb5_error_code +(*supply_gic_opts_proc)(krb5_context context, + void *plugin_context, + krb5_get_init_creds_opt *opt, + const char *attr, + const char *value); /* * The function table / structure which a preauth client module must export as * "preauthentication_client_0". If the interfaces work correctly, future @@ -207,6 +218,7 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_error_code (*process)(krb5_context context, void *plugin_context, void *request_context, + krb5_get_init_creds_opt *opt, preauth_get_client_data_proc get_data_proc, struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, @@ -227,8 +239,9 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_error_code (*tryagain)(krb5_context context, void *plugin_context, void *request_context, + krb5_get_init_creds_opt *opt, preauth_get_client_data_proc get_data_proc, - struct _krb5_preauth_client_rock *rock, + struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, @@ -241,6 +254,12 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key, krb5_pa_data **out_pa_data); + /* + * Client function which receives krb5_get_init_creds_opt information. + * The attr and value information supplied should be copied locally by + * the module if it wishes to reference it after returning from this call. + */ + supply_gic_opts_proc gic_opts; } krb5plugin_preauth_client_ftable_v0; /* @@ -323,4 +342,31 @@ typedef struct krb5plugin_preauth_server_ftable_v0 { void *pa_module_context, void **request_pa_context); } krb5plugin_preauth_server_ftable_v0; + + +/* + * This function allows a preauth plugin to obtain preauth + * options. The preauth_data returned from this function + * should be freed by calling krb5_get_init_creds_opt_free_pa(). + * + * The 'opt' pointer supplied to this function must have been + * obtained using krb5_get_init_creds_opt_alloc() + */ +krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_opt_get_pa + (krb5_context context, + krb5_get_init_creds_opt *opt, + int *num_preauth_data, + krb5_gic_opt_pa_data **preauth_data); + +/* + * This function frees the preauth_data that was returned by + * krb5_get_init_creds_opt_get_pa(). + */ +void KRB5_CALLCONV +krb5_get_init_creds_opt_free_pa + (krb5_context context, + int num_preauth_data, + krb5_gic_opt_pa_data *preauth_data); + #endif /* KRB5_PREAUTH_PLUGIN_H_INCLUDED */ -- cgit