diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-12-28 19:59:10 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-12-28 19:59:10 +0000 |
| commit | 2ac5e971bc33535cc37edf4668cbdfa9f3e3b7a8 (patch) | |
| tree | 6ba97faac21b05e0033aff568b91170bfcaa97d9 /src/lib | |
| parent | 635ee3a9cd28c7af0a0b7cf43a292ae7255c9a2b (diff) | |
| download | krb5-2ac5e971bc33535cc37edf4668cbdfa9f3e3b7a8.tar.gz krb5-2ac5e971bc33535cc37edf4668cbdfa9f3e3b7a8.tar.xz krb5-2ac5e971bc33535cc37edf4668cbdfa9f3e3b7a8.zip | |
Add a new profile variable preauth_module_dir, which specifies
directories to look for preauth plugins in prior to the hardcoded
locations. Undocumented for now since, like db_module_dir, this is
mostly intended for the test suite.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23531 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/preauth2.c | 53 |
1 files changed, 48 insertions, 5 deletions
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 8b9cd36cd..d1d2827de 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -45,7 +45,9 @@ #endif #if TARGET_OS_MAC -static const char *objdirs[] = { KRB5_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/preauth", NULL }; /* should be a list */ +static const char *objdirs[] = { KRB5_PLUGIN_BUNDLE_DIR, + LIBDIR "/krb5/plugins/preauth", + NULL }; #else static const char *objdirs[] = { LIBDIR "/krb5/plugins/preauth", NULL }; #endif @@ -68,6 +70,50 @@ typedef struct _pa_types_t { int flags; } pa_types_t; +/* Open plugin directories for preauth modules. */ +static krb5_error_code +open_preauth_plugin_dirs(krb5_context kcontext) +{ + static const char *path[] = { + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_PREAUTH_MODULE_DIR, NULL, + }; + char **profpath = NULL; + const char **plugindirs = NULL; + size_t nprofdirs, nobjdirs; + krb5_error_code retval; + + /* Fetch the list of paths specified in the profile, if any. */ + retval = profile_get_values(kcontext->profile, path, &profpath); + if (retval != 0 && retval != PROF_NO_RELATION) + return retval; + + /* Count the number of profile dirs. */ + nprofdirs = 0; + if (profpath) { + while (profpath[nprofdirs] != NULL) + nprofdirs++; + } + + nobjdirs = sizeof(objdirs) / sizeof(*objdirs); + plugindirs = k5alloc((nprofdirs + nobjdirs) * sizeof(char *), &retval); + if (retval != 0) + goto cleanup; + + /* Concatenate the profile and hardcoded directory lists. */ + if (profpath) + memcpy(plugindirs, profpath, nprofdirs * sizeof(char *)); + memcpy(plugindirs + nprofdirs, objdirs, nobjdirs * sizeof(char *)); + + retval = krb5int_open_plugin_dirs(plugindirs, NULL, + &kcontext->preauth_plugins, + &kcontext->err); + +cleanup: + profile_free_list(profpath); + free(plugindirs); + return retval; +} + /* Create the per-krb5_context context. This means loading the modules * if we haven't done that yet (applications which never obtain initial * credentials should never hit this routine), breaking up the module's @@ -90,11 +136,8 @@ krb5_init_preauth_context(krb5_context kcontext) /* load the plugins for the current context */ if (PLUGIN_DIR_OPEN(&kcontext->preauth_plugins) == 0) { - if (krb5int_open_plugin_dirs(objdirs, NULL, - &kcontext->preauth_plugins, - &kcontext->err) != 0) { + if (open_preauth_plugin_dirs(kcontext) != 0) return; - } } /* pull out the module function tables for all of the modules */ |