Implement GSS naming extensions and authdata verification

Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming extensions and verification of authorization data. ticket: 6572 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2009-10-09 18:29:34 +0000
committer: Greg Hudson <ghudson@mit.edu> 2009-10-09 18:29:34 +0000
commit: 17ffdd0e93271072369e479f440ddf85e020580a (patch)
tree: cdaf4944a478128a1d53d854063a7d809b7c6aae /src/include/krb5
parent: 6ad74ac369b09df7d29ca8e09b0af946b4819523 (diff)
download: krb5-17ffdd0e93271072369e479f440ddf85e020580a.tar.gz
krb5-17ffdd0e93271072369e479f440ddf85e020580a.tar.xz
krb5-17ffdd0e93271072369e479f440ddf85e020580a.zip
2 files changed, 191 insertions, 6 deletions
diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h
index e8c9fce2d..449b7f890 100644
--- a/src/include/krb5/authdata_plugin.h
+++ b/src/include/krb5/authdata_plugin.h
@@ -7,7 +7,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -21,7 +21,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * AuthorizationData plugin definitions for Kerberos 5.
  */
 
@@ -68,7 +68,7 @@ struct _krb5_db_entry_new;
  * functions.
  */
 /* extern krb5plugin_authdata_ftable_v0 authdata_server_0; */
-typedef struct krb5plugin_authdata_ftable_v0 {
+typedef struct krb5plugin_authdata_server_ftable_v0 {
     /* Not-usually-visible name. */
     char *name;
 
@@ -107,9 +107,11 @@ typedef struct krb5plugin_authdata_ftable_v0 {
 				     krb5_data *req_pkt,
 				     krb5_kdc_req *request,
 				     krb5_enc_tkt_part *enc_tkt_reply);
-} krb5plugin_authdata_ftable_v0;
+} krb5plugin_server_authdata_ftable_v0;
 
-typedef struct krb5plugin_authdata_ftable_v1 {
+typedef krb5plugin_server_authdata_ftable_v0 krb5plugin_authdata_ftable_v0;
+
+typedef struct krb5plugin_authdata_server_ftable_v1 {
     /* Not-usually-visible name. */
     char *name;
 
@@ -155,6 +157,173 @@ typedef struct krb5plugin_authdata_ftable_v1 {
 				     krb5_const_principal for_user_princ,
 				     krb5_enc_tkt_part *enc_tkt_request,
 				     krb5_enc_tkt_part *enc_tkt_reply);
-} krb5plugin_authdata_ftable_v1;
+} krb5plugin_authdata_server_ftable_v1;
+
+typedef krb5plugin_authdata_server_ftable_v1 krb5plugin_authdata_ftable_v1;
+
+typedef krb5_error_code
+(*authdata_client_plugin_init_proc)(krb5_context context,
+				    void **plugin_context);
+
+#define AD_USAGE_AS_REQ		0x01
+#define AD_USAGE_TGS_REQ	0x02
+#define AD_USAGE_AP_REQ		0x04
+#define AD_USAGE_KDC_ISSUED	0x08
+#define AD_USAGE_MASK		0x0F
+#define AD_INFORMATIONAL	0x10
+
+struct _krb5_authdata_context;
+
+typedef void
+(*authdata_client_plugin_flags_proc)(krb5_context kcontext,
+				     void *plugin_context,
+				     krb5_authdatatype ad_type,
+				     krb5_flags *flags);
+
+typedef void
+(*authdata_client_plugin_fini_proc)(krb5_context kcontext,
+				    void *plugin_context);
+
+typedef krb5_error_code
+(*authdata_client_request_init_proc)(krb5_context kcontext,
+				     struct _krb5_authdata_context *context,
+				     void *plugin_context,
+				     void **request_context);
+
+typedef void
+(*authdata_client_request_fini_proc)(krb5_context kcontext,
+				     struct _krb5_authdata_context *context,
+				     void *plugin_context,
+				     void *request_context);
+
+typedef krb5_error_code
+(*authdata_client_import_authdata_proc)(krb5_context kcontext,
+					struct _krb5_authdata_context *context,
+					void *plugin_context,
+					void *request_context,
+					krb5_authdata **authdata,
+					krb5_boolean kdc_issued_flag,
+					krb5_const_principal issuer);
+
+typedef krb5_error_code
+(*authdata_client_export_authdata_proc)(krb5_context kcontext,
+					struct _krb5_authdata_context *context,
+					void *plugin_context,
+					void *request_context,
+					krb5_flags usage,
+					krb5_authdata ***authdata);
+
+typedef krb5_error_code
+(*authdata_client_get_attribute_types_proc)(krb5_context kcontext,
+					    struct _krb5_authdata_context *context,
+					    void *plugin_context,
+					    void *request_context,
+					    krb5_data **attrs);
+
+typedef krb5_error_code
+(*authdata_client_get_attribute_proc)(krb5_context kcontext,
+				      struct _krb5_authdata_context *context,
+				      void *plugin_context,
+				      void *request_context,
+				      const krb5_data *attribute,
+				      krb5_boolean *authenticated,
+				      krb5_boolean *complete,
+				      krb5_data *value,
+				      krb5_data *display_value,
+				      int *more);
+
+typedef krb5_error_code
+(*authdata_client_set_attribute_proc)(krb5_context kcontext,
+				      struct _krb5_authdata_context *context,
+				      void *plugin_context,
+				      void *request_context,
+				      krb5_boolean complete,
+				      const krb5_data *attribute,
+				      const krb5_data *value);
+
+typedef krb5_error_code
+(*authdata_client_delete_attribute_proc)(krb5_context kcontext,
+					 struct _krb5_authdata_context *context,
+					 void *plugin_context,
+					 void *request_context,
+					 const krb5_data *attribute);
+
+typedef krb5_error_code
+(*authdata_client_export_internal_proc)(krb5_context kcontext,
+					struct _krb5_authdata_context *context,
+					void *plugin_context,
+					void *request_context,
+					krb5_boolean restrict_authenticated,
+					void **ptr);
+
+typedef void
+(*authdata_client_free_internal_proc)(krb5_context kcontext,
+				      struct _krb5_authdata_context *context,
+				      void *plugin_context,
+				      void *request_context,
+				      void *ptr);
+
+typedef krb5_error_code
+(*authdata_client_verify_proc)(krb5_context kcontext,
+			       struct _krb5_authdata_context *context,
+			       void *plugin_context,
+			       void *request_context,
+			       const krb5_auth_context *auth_context,
+			       const krb5_keyblock *key,
+			       const krb5_ap_req *req);
+
+typedef krb5_error_code
+(*authdata_client_size_proc)(krb5_context kcontext,
+			     struct _krb5_authdata_context *context,
+			     void *plugin_context,
+			     void *request_context,
+			     size_t *sizep);
+
+typedef krb5_error_code
+(*authdata_client_externalize_proc)(krb5_context kcontext,
+				    struct _krb5_authdata_context *context,
+				    void *plugin_context,
+				    void *request_context,
+				    krb5_octet **buffer,
+				    size_t *lenremain);
+
+typedef krb5_error_code
+(*authdata_client_internalize_proc)(krb5_context kcontext,
+				    struct _krb5_authdata_context *context,
+				    void *plugin_context,
+				    void *request_context,
+				    krb5_octet **buffer,
+				    size_t *lenremain);
+
+typedef krb5_error_code
+(*authdata_client_copy_proc)(krb5_context kcontext,
+			     struct _krb5_authdata_context *context,
+			     void *plugin_context,
+			     void *request_context,
+			     void *dst_plugin_context,
+			     void *dst_request_context);
+
+typedef struct krb5plugin_authdata_client_ftable_v0 {
+    char *name;
+    krb5_authdatatype *ad_type_list;
+    authdata_client_plugin_init_proc init;
+    authdata_client_plugin_fini_proc fini;
+    authdata_client_plugin_flags_proc flags;
+    authdata_client_request_init_proc request_init;
+    authdata_client_request_fini_proc request_fini;
+    authdata_client_get_attribute_types_proc get_attribute_types;
+    authdata_client_get_attribute_proc get_attribute;
+    authdata_client_set_attribute_proc set_attribute;
+    authdata_client_delete_attribute_proc delete_attribute;
+    authdata_client_export_authdata_proc export_authdata;
+    authdata_client_import_authdata_proc import_authdata;
+    authdata_client_export_internal_proc export_internal;
+    authdata_client_free_internal_proc free_internal;
+    authdata_client_verify_proc verify;
+    authdata_client_size_proc size;
+    authdata_client_externalize_proc externalize;
+    authdata_client_internalize_proc internalize;
+    authdata_client_copy_proc copy; /* optional */
+} krb5plugin_authdata_client_ftable_v0;
 
 #endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 8111c5bb6..81bc1cf6e 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -2575,6 +2575,22 @@ krb5_encode_authdata_container(krb5_context context,
     krb5_authdata ***container);
 
 /*
+ * AD-KDCIssued
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_make_authdata_kdc_issued(krb5_context context,
+    const krb5_keyblock *key,
+    krb5_const_principal issuer,
+    krb5_authdata *const *authdata,
+    krb5_authdata ***ad_kdcissued);
+krb5_error_code KRB5_CALLCONV
+krb5_verify_authdata_kdc_issued(krb5_context context,
+    const krb5_keyblock *key,
+    const krb5_authdata *ad_kdcissued,
+    krb5_principal *issuer,
+    krb5_authdata ***authdata);
+
+/*
  * Windows PAC
  */
 struct krb5_pac_data;
author	Greg Hudson <ghudson@mit.edu>	2009-10-09 18:29:34 +0000
committer	Greg Hudson <ghudson@mit.edu>	2009-10-09 18:29:34 +0000
commit	17ffdd0e93271072369e479f440ddf85e020580a (patch)
tree	cdaf4944a478128a1d53d854063a7d809b7c6aae /src/include/krb5
parent	6ad74ac369b09df7d29ca8e09b0af946b4819523 (diff)
download	krb5-17ffdd0e93271072369e479f440ddf85e020580a.tar.gz krb5-17ffdd0e93271072369e479f440ddf85e020580a.tar.xz krb5-17ffdd0e93271072369e479f440ddf85e020580a.zip