Create e_data as pa_data in KDC interfaces

All current known uses of e_data are encoded as pa-data or typed-data. FAST requires that e_data be expressed as pa-data. Change the DAL and kdcpreauth interfaces so that e_data is returned as a sequence of pa-data elements. Add a preauth module flag to indicate that the sequence should be encoded as typed-data in non-FAST errors. ticket: 6969 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25298 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2011-10-04 20:16:07 +0000
committer: Greg Hudson <ghudson@mit.edu> 2011-10-04 20:16:07 +0000
commit: cbb4ede6d5a939f39f3325ad040406ac05c99713 (patch)
tree: 70eb9e23b1ac63b45b0596ec70609d742fde45d2 /src/plugins/kdb
parent: a046e6135690f97adfa6bb4065d7367cf6142c40 (diff)
download: krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.tar.gz
krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.tar.xz
krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.zip
6 files changed, 16 insertions, 8 deletions
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index f24b6575d..f63b12e05 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -1410,7 +1410,7 @@ krb5_error_code
 krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
                          krb5_db_entry *client, krb5_db_entry *server,
                          krb5_timestamp kdc_time, const char **status,
-                         krb5_data *e_data)
+                         krb5_pa_data ***e_data)
 {
     krb5_error_code retval;
 
diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h
index 30a53f70a..a2cedb8ea 100644
--- a/src/plugins/kdb/db2/kdb_db2.h
+++ b/src/plugins/kdb/db2/kdb_db2.h
@@ -135,7 +135,7 @@ krb5_error_code
 krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
                          krb5_db_entry *client, krb5_db_entry *server,
                          krb5_timestamp kdc_time, const char **status,
-                         krb5_data *e_data);
+                         krb5_pa_data ***e_data);
 
 void
 krb5_db2_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
diff --git a/src/plugins/kdb/hdb/kdb_hdb.h b/src/plugins/kdb/hdb/kdb_hdb.h
index 38f5001ad..210510194 100644
--- a/src/plugins/kdb/hdb/kdb_hdb.h
+++ b/src/plugins/kdb/hdb/kdb_hdb.h
@@ -171,7 +171,7 @@ kh_db_check_policy_as(krb5_context kcontext,
                       krb5_db_entry *server,
                       krb5_timestamp kdc_time,
                       const char **status,
-                      krb5_data *e_data);
+                      krb5_pa_data ***e_data);
 
 krb5_error_code
 kh_hdb_windc_init(krb5_context context,
diff --git a/src/plugins/kdb/hdb/kdb_windc.c b/src/plugins/kdb/hdb/kdb_windc.c
index baafd8d2f..a5d1567bf 100644
--- a/src/plugins/kdb/hdb/kdb_windc.c
+++ b/src/plugins/kdb/hdb/kdb_windc.c
@@ -495,10 +495,12 @@ kh_db_check_policy_as(krb5_context context,
                       krb5_db_entry *server,
                       krb5_timestamp kdc_time,
                       const char **status,
-                      krb5_data *e_data)
+                      krb5_pa_data ***e_data_out)
 {
     kh_db_context *kh = KH_DB_CONTEXT(context);
     krb5_error_code code;
+    krb5_data d;
+    krb5_pa_data **e_data;
     heim_octet_string he_data;
     KDC_REQ hkdcreq;
     Principal *hclient = NULL;
@@ -552,8 +554,14 @@ kh_db_check_policy_as(krb5_context context,
                                   KH_DB_ENTRY(client),
                                   &hkdcreq, &he_data);
 
-    e_data->data   = he_data.data;
-    e_data->length = he_data.length;
+    if (he_data.data != NULL) {
+        d = make_data(he_data.data, he_data.length);
+        code = decode_krb5_padata_sequence(&d, &e_data);
+        if (code == 0)
+            *e_data_out = e_data;
+        free(he_data.data);
+        code = 0;
+    }
 
 cleanup:
     kh_free_HostAddresses(context, hkdcreq.req_body.addresses);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index 7811bdb74..217c9ce3a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -541,7 +541,7 @@ krb5_error_code
 krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
                           krb5_db_entry *client, krb5_db_entry *server,
                           krb5_timestamp kdc_time, const char **status,
-                          krb5_data *e_data)
+                          krb5_pa_data ***e_data)
 {
     krb5_error_code retval;
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index 1f45b6c9c..51a6facb7 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -293,7 +293,7 @@ krb5_error_code
 krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
                           krb5_db_entry *client, krb5_db_entry *server,
                           krb5_timestamp kdc_time, const char **status,
-                          krb5_data *e_data);
+                          krb5_pa_data ***e_data);
 
 void
 krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
author	Greg Hudson <ghudson@mit.edu>	2011-10-04 20:16:07 +0000
committer	Greg Hudson <ghudson@mit.edu>	2011-10-04 20:16:07 +0000
commit	cbb4ede6d5a939f39f3325ad040406ac05c99713 (patch)
tree	70eb9e23b1ac63b45b0596ec70609d742fde45d2 /src/plugins/kdb
parent	a046e6135690f97adfa6bb4065d7367cf6142c40 (diff)
download	krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.tar.gz krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.tar.xz krb5-cbb4ede6d5a939f39f3325ad040406ac05c99713.zip