diff options
author | Ken Raeburn <raeburn@mit.edu> | 2008-08-25 19:43:03 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2008-08-25 19:43:03 +0000 |
commit | 2f2343584826983a4920fbad2a0248a42b584cf8 (patch) | |
tree | fb1dac3ca2b6bbd66bb701336d5fa52498b5b78e /src/plugins/authdata | |
parent | 57bd520a5037c2194adefb80cc7c13a06dbee42d (diff) | |
download | krb5-2f2343584826983a4920fbad2a0248a42b584cf8.tar.gz krb5-2f2343584826983a4920fbad2a0248a42b584cf8.tar.xz krb5-2f2343584826983a4920fbad2a0248a42b584cf8.zip |
Incorporate Apple's patch
Add a test authorization data scheme, in both built-in and plugin
forms; built-in version is #ifdef'ed out. Update configury to create
the build directory for the plugin, but don't build or install it by
default.
Create the new (and normally empty) authorization data plugin
directory at install time.
Add some (normally disabled) code to log authz data from rd_req.
Fix up some comments that still refer to preauth plugins. Add some
details in comments on the API, and why it's private for now.
Make the plugin init context support work, by not passing null
pointers.
ticket: 5565
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20691 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/authdata')
-rw-r--r-- | src/plugins/authdata/greet/Makefile.in | 47 | ||||
-rw-r--r-- | src/plugins/authdata/greet/greet.exports | 1 | ||||
-rw-r--r-- | src/plugins/authdata/greet/greet_auth.c | 97 |
3 files changed, 145 insertions, 0 deletions
diff --git a/src/plugins/authdata/greet/Makefile.in b/src/plugins/authdata/greet/Makefile.in new file mode 100644 index 000000000..ef5f903c0 --- /dev/null +++ b/src/plugins/authdata/greet/Makefile.in @@ -0,0 +1,47 @@ +thisconfigdir=../../.. +myfulldir=plugins/authdata/greet +mydir=plugins/authdata/greet +BUILDTOP=$(REL)..$(S)..$(S).. +KRB5_RUN_ENV = @KRB5_RUN_ENV@ +KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ; +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) +MODULE_INSTALL_DIR = $(KRB5_AD_MODULE_DIR) +DEFS=@DEFS@ + +LOCALINCLUDES = -I../../../include/krb5 + +LIBBASE=greet +LIBMAJOR=0 +LIBMINOR=0 +SO_EXT=.so +#RELDIR=../plugins/preauth/wpse +# Depends on nothing +SHLIB_EXPDEPS = +SHLIB_EXPLIBS= + +SHLIB_DIRS=-L$(TOPLIBD) +SHLIB_RDIRS=$(KRB5_LIBDIR) +STOBJLISTS=OBJS.ST +STLIBOBJS= greet_auth.o + +SRCS= greet_auth.c + +all-unix:: $(LIBBASE)$(SO_EXT) +install-unix:: install-libs +clean-unix:: clean-libs clean-libobjs + +clean:: + $(RM) lib$(LIBBASE)$(SO_EXT) + +@libnover_frag@ +@libobj_frag@ + +# +++ Dependency line eater +++ +# +# Makefile dependencies follow. This must be the last section in +# the Makefile.in file +# +greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/authdata_plugin.h \ + greet_auth.c diff --git a/src/plugins/authdata/greet/greet.exports b/src/plugins/authdata/greet/greet.exports new file mode 100644 index 000000000..1189effc3 --- /dev/null +++ b/src/plugins/authdata/greet/greet.exports @@ -0,0 +1 @@ +authdata_server_0 diff --git a/src/plugins/authdata/greet/greet_auth.c b/src/plugins/authdata/greet/greet_auth.c new file mode 100644 index 000000000..a9d359eaa --- /dev/null +++ b/src/plugins/authdata/greet/greet_auth.c @@ -0,0 +1,97 @@ +/* + * plugins/authdata/greet/ + * + * Copyright 2008 by the Massachusetts Institute of Technology. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * Sample authorization data plugin + */ + +#include <string.h> +#include <errno.h> +#include <krb5/authdata_plugin.h> + +typedef struct krb5_db_entry krb5_db_entry; + +static krb5_error_code +greet_init(krb5_context ctx, void **blob) +{ + *blob = "hello"; + return 0; +} + +static void +greet_fini(krb5_context ctx, void *blob) +{ +} + +static krb5_error_code +greet_authdata(krb5_context ctx, krb5_db_entry *client, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_enc_tkt_part * enc_tkt_reply) +{ +#define GREET_SIZE (20) + + char *p; + krb5_authdata *a; + size_t count; + krb5_authdata **new_ad; + + p = calloc(1, GREET_SIZE); + a = calloc(1, sizeof(*a)); + + if (p == NULL || a == NULL) { + free(p); + free(a); + return ENOMEM; + } + strcpy(p, "hello there"); + a->magic = KV5M_AUTHDATA; + a->ad_type = -42; + a->length = GREET_SIZE; + a->contents = p; + if (enc_tkt_reply->authorization_data == 0) { + count = 0; + } else { + for (count = 0; enc_tkt_reply->authorization_data[count] != 0; count++) + ; + } + new_ad = realloc(enc_tkt_reply->authorization_data, + (count+2) * sizeof(krb5_authdata *)); + if (new_ad == NULL) { + free(p); + free(a); + return ENOMEM; + } + enc_tkt_reply->authorization_data = new_ad; + new_ad[count] = a; + new_ad[count+1] = NULL; + return 0; +} + +krb5plugin_authdata_ftable_v0 authdata_server_0 = { + "greet", + greet_init, + greet_fini, + greet_authdata, +}; |