diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-10-03 19:14:05 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-10-03 19:14:05 +0000 |
| commit | 1329c7742c951596efbf06186828a14155194993 (patch) | |
| tree | fba87b0a350a2b71a6b1f0912ca2b1f563cfce90 /src/plugins/preauth/wpse | |
| parent | e10f8035338e23009c042ef2fd188f351794b43e (diff) | |
| download | krb5-1329c7742c951596efbf06186828a14155194993.tar.gz krb5-1329c7742c951596efbf06186828a14155194993.tar.xz krb5-1329c7742c951596efbf06186828a14155194993.zip | |
Make kdcpreauth verify respond via callback
From npmccallum@redhat.com with changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25294 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/preauth/wpse')
| -rw-r--r-- | src/plugins/preauth/wpse/wpse_main.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c index 866286c1b..3c10e1416 100644 --- a/src/plugins/preauth/wpse/wpse_main.c +++ b/src/plugins/preauth/wpse/wpse_main.c @@ -259,7 +259,7 @@ server_get_edata(krb5_context kcontext, } /* Verify a request from a client. */ -static krb5_error_code +static void server_verify(krb5_context kcontext, struct _krb5_db_entry_new *client, krb5_data *req_pkt, @@ -268,30 +268,34 @@ server_verify(krb5_context kcontext, krb5_pa_data *data, krb5_kdcpreauth_get_data_fn server_get_entry_data, krb5_kdcpreauth_moddata moddata, - krb5_kdcpreauth_modreq *modreq_out, - krb5_data **e_data, - krb5_authdata ***authz_data) + krb5_kdcpreauth_verify_respond_fn respond, + void *arg) { krb5_int32 nnonce; krb5_data *test_edata; krb5_authdata **my_authz_data; + krb5_kdcpreauth_modreq modreq; #ifdef DEBUG fprintf(stderr, "wpse: server_verify()!\n"); #endif /* Verify the preauth data. */ - if (data->length != 4) - return KRB5KDC_ERR_PREAUTH_FAILED; + if (data->length != 4) { + (*respond)(arg, KRB5KDC_ERR_PREAUTH_FAILED, NULL, NULL, NULL); + return; + } memcpy(&nnonce, data->contents, 4); nnonce = ntohl(nnonce); - if (memcmp(&nnonce, &request->nonce, 4) != 0) - return KRB5KDC_ERR_PREAUTH_FAILED; + if (memcmp(&nnonce, &request->nonce, 4) != 0) { + (*respond)(arg, KRB5KDC_ERR_PREAUTH_FAILED, NULL, NULL, NULL); + return; + } /* Note that preauthentication succeeded. */ enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH; enc_tkt_reply->flags |= TKT_FLG_HW_AUTH; /* Allocate a context. Useful for verifying that we do in fact do * per-request cleanup. */ - *modreq_out = malloc(4); + modreq = malloc(4); /* * Return some junk authorization data just to exercise the @@ -322,13 +326,15 @@ server_verify(krb5_context kcontext, my_authz_data[0] = malloc(sizeof(krb5_authdata)); if (my_authz_data[0] == NULL) { free(my_authz_data); - return ENOMEM; + (*respond)(arg, ENOMEM, modreq, NULL, NULL); + return; } my_authz_data[0]->contents = malloc(AD_ALLOC_SIZE); if (my_authz_data[0]->contents == NULL) { free(my_authz_data[0]); free(my_authz_data); - return ENOMEM; + (*respond)(arg, ENOMEM, modreq, NULL, NULL); + return; } memset(my_authz_data[0]->contents, '\0', AD_ALLOC_SIZE); my_authz_data[0]->magic = KV5M_AUTHDATA; @@ -338,7 +344,6 @@ server_verify(krb5_context kcontext, snprintf(my_authz_data[0]->contents + sizeof(ad_header), AD_ALLOC_SIZE - sizeof(ad_header), "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); - *authz_data = my_authz_data; #ifdef DEBUG fprintf(stderr, "Returning %d bytes of authorization data\n", AD_ALLOC_SIZE); @@ -351,13 +356,14 @@ server_verify(krb5_context kcontext, test_edata->data = malloc(20); if (test_edata->data == NULL) { free(test_edata); + test_edata = NULL; } else { test_edata->length = 20; memset(test_edata->data, '#', 20); /* fill it with junk */ - *e_data = test_edata; } } - return 0; + + (*respond)(arg, 0, modreq, test_edata, my_authz_data); } /* Create the response for a client. */ |