/* Authors: Sumit Bose Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . */ /* A short documentation about authdata plugins can be found in * http://http://k5wiki.kerberos.org/wiki/Projects/VerifyAuthData */ #include #include #include "krb5_authdata_int.h" #include "sss_cli.h" struct sssd_context { krb5_data data; }; static krb5_error_code sssdpac_init(krb5_context kcontext, void **plugin_context) { *plugin_context = NULL; return 0; } static void sssdpac_flags(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags) { *flags = AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL | AD_USAGE_TGS_REQ; } static void sssdpac_fini(krb5_context kcontext, void *plugin_context) { return; } static krb5_error_code sssdpac_request_init(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void **request_context) { struct sssd_context *sssdctx; sssdctx = (struct sssd_context *)calloc(1, sizeof(*sssdctx)); if (sssdctx == NULL) { return ENOMEM; } *request_context = sssdctx; return 0; } static krb5_error_code sssdpac_import_authdata(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_authdata **authdata, krb5_boolean kdc_issued, krb5_const_principal kdc_issuer) { struct sss_cli_req_data sss_data; int ret; uint8_t *repbuf; size_t replen; int errnop; char *data = NULL; struct sssd_context *sssdctx = (struct sssd_context *)request_context; if (authdata[0] == NULL) { return EINVAL; } sss_data.len = authdata[0]->length; sss_data.data = authdata[0]->contents; ret = sss_pac_make_request(SSS_PAC_ADD_PAC_USER, &sss_data, &repbuf, &replen, &errnop); if (ret != 0) { /* Ignore the error */ } if (authdata[0]->length > 0) { data = malloc(sizeof(char) * authdata[0]->length); if (data == NULL) { return ENOMEM; } memcpy(data, authdata[0]->contents, authdata[0]->length); } if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } sssdctx->data.length = authdata[0]->length; sssdctx->data.data = data; return 0; } static void sssdpac_request_fini(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; if (sssdctx != NULL) { if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } free(sssdctx); } } static krb5_error_code sssdpac_size(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, size_t *sizep) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; *sizep += sizeof(krb5_int32); *sizep += sssdctx->data.length; *sizep += sizeof(krb5_int32); return 0; } static krb5_error_code sssdpac_externalize(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain) { krb5_error_code code = 0; struct sssd_context *sssdctx = (struct sssd_context *)request_context; size_t required = 0; krb5_octet *bp; size_t remain; bp = *buffer; remain = *lenremain; if (sssdctx->data.data != NULL) { sssdpac_size(kcontext, context, plugin_context, request_context, &required); if (required <= remain) { krb5_ser_pack_int32((krb5_int32)sssdctx->data.length, &bp, &remain); krb5_ser_pack_bytes((krb5_octet *)sssdctx->data.data, (size_t)sssdctx->data.length, &bp, &remain); krb5_ser_pack_int32(0, &bp, &remain); } else { code = ENOMEM; } } else { krb5_ser_pack_int32(0, &bp, &remain); /* length */ krb5_ser_pack_int32(0, &bp, &remain); /* verified */ } *buffer = bp; *lenremain = remain; return code; } static krb5_error_code sssdpac_internalize(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, krb5_octet **buffer, size_t *lenremain) { struct sssd_context *sssdctx = (struct sssd_context *)request_context; krb5_error_code code; krb5_int32 ibuf; krb5_octet *bp; size_t remain; krb5_data data; bp = *buffer; remain = *lenremain; /* length */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) { return code; } if (ibuf != 0) { data.length = ibuf; data.data = malloc(sizeof(char) * ibuf); if (data.data == NULL) { return ENOMEM; } memcpy(data.data, bp, ibuf); bp += ibuf; remain -= ibuf; } else { data.length = 0; data.data = NULL; } /* verified */ code = krb5_ser_unpack_int32(&ibuf, &bp, &remain); if (code != 0) { return code; } if (sssdctx->data.data != NULL) { krb5_free_data_contents(kcontext, &sssdctx->data); } sssdctx->data.length = data.length; sssdctx->data.data = data.data; *buffer = bp; *lenremain = remain; return 0; } static krb5_authdatatype sssdpac_ad_types[] = { KRB5_AUTHDATA_WIN2K_PAC, 0 }; krb5plugin_authdata_client_ftable_v0 authdata_client_0 = { ((void *)((uintptr_t)("sssd_sssdpac"))), sssdpac_ad_types, sssdpac_init, sssdpac_fini, sssdpac_flags, sssdpac_request_init, sssdpac_request_fini, NULL, NULL, NULL, NULL, NULL, sssdpac_import_authdata, NULL, NULL, NULL, sssdpac_size, sssdpac_externalize, sssdpac_internalize, NULL };