Add check_policy_as and check_policy_tgs to the DAL table with

corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and CHECK_POLICY_TGS methods of db_invoke. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2010-07-13 00:53:46 +0000
committer: Greg Hudson <ghudson@mit.edu> 2010-07-13 00:53:46 +0000
commit: 80a3846c5c7b04625b112b2ee555292f8347dd52 (patch)
tree: 300bfea2a49cc92cc6cd774f7541ccfc81a3e5cc /src/plugins
parent: 0d34b37b7abcdd2eba13d45df5feadf135e4602a (diff)
download: krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.tar.gz
krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.tar.xz
krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.zip
9 files changed, 50 insertions, 52 deletions
diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c
index c2748861f..a95d47dfc 100644
--- a/src/plugins/kdb/db2/db2_exp.c
+++ b/src/plugins/kdb/db2/db2_exp.c
@@ -180,6 +180,12 @@ WRAP_K (krb5_db2_promote_db,
         ( krb5_context kcontext, char *conf_section, char **db_args ),
         (kcontext, conf_section, db_args));
 
+WRAP_K (krb5_db2_check_policy_as,
+        (krb5_context kcontext, krb5_kdc_req *request, krb5_db_entry *client,
+         krb5_db_entry *server, krb5_timestamp kdc_time, const char **status,
+         krb5_data *e_data),
+        (kcontext, request, client, server, kdc_time, status, e_data));
+
 WRAP_K (krb5_db2_invoke,
         (krb5_context kcontext,
          unsigned int method,
@@ -243,5 +249,7 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = {
     /* blah blah blah */ 0,0,0,0,0,
     /* promote_db */                    wrap_krb5_db2_promote_db,
     0, 0, 0, 0,
+    /* check_policy_as */               wrap_krb5_db2_check_policy_as,
+    0,
     /* invoke */                        wrap_krb5_db2_invoke
 };
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index 707bf842b..a53e26258 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -1635,3 +1635,17 @@ errout:
 
     return retval;
 }
+
+krb5_error_code
+krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                         krb5_db_entry *client, krb5_db_entry *server,
+                         krb5_timestamp kdc_time, const char **status,
+                         krb5_data *e_data)
+{
+    krb5_error_code retval;
+
+    retval = krb5_db2_lockout_check_policy(kcontext, client, kdc_time);
+    if (retval == KRB5KDC_ERR_CLIENT_REVOKED)
+        *status = "LOCKED_OUT";
+    return retval;
+}
diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h
index 6096dc4b1..0bddcf4a5 100644
--- a/src/plugins/kdb/db2/kdb_db2.h
+++ b/src/plugins/kdb/db2/kdb_db2.h
@@ -146,6 +146,12 @@ krb5_db2_lockout_audit(krb5_context context,
                        krb5_timestamp stamp,
                        krb5_error_code status);
 
+krb5_error_code
+krb5_db2_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                         krb5_db_entry *client, krb5_db_entry *server,
+                         krb5_timestamp kdc_time, const char **status,
+                         krb5_data *e_data);
+
 /* methods */
 krb5_error_code
 krb5_db2_invoke(krb5_context context,
diff --git a/src/plugins/kdb/db2/kdb_ext.c b/src/plugins/kdb/db2/kdb_ext.c
index 1895b70e4..8f7ad9427 100644
--- a/src/plugins/kdb/db2/kdb_ext.c
+++ b/src/plugins/kdb/db2/kdb_ext.c
@@ -35,29 +35,6 @@
 #include "kdb_db2.h"
 
 static krb5_error_code
-krb5_db2_check_policy_as(krb5_context context,
-                         unsigned int method,
-                         const krb5_data *request,
-                         krb5_data *response)
-{
-    const kdb_check_policy_as_req *req;
-    kdb_check_policy_as_rep *rep;
-    krb5_error_code code;
-
-    req = (const kdb_check_policy_as_req *)request->data;
-    rep = (kdb_check_policy_as_rep *)response->data;
-
-    rep->status = NULL;
-
-    code = krb5_db2_lockout_check_policy(context, req->client,
-                                         req->kdc_time);
-    if (code == KRB5KDC_ERR_CLIENT_REVOKED)
-        rep->status = "LOCKED_OUT";
-
-    return code;
-}
-
-static krb5_error_code
 krb5_db2_audit_as(krb5_context context,
                   unsigned int method,
                   const krb5_data *request,
@@ -83,9 +60,6 @@ krb5_db2_invoke(krb5_context context,
     krb5_error_code code = KRB5_PLUGIN_OP_NOTSUPP;
 
     switch (method) {
-    case KRB5_KDB_METHOD_CHECK_POLICY_AS:
-        code = krb5_db2_check_policy_as(context, method, req, rep);
-        break;
     case KRB5_KDB_METHOD_AUDIT_AS:
         code = krb5_db2_audit_as(context, method, req, rep);
         break;
diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c
index 3228aa06e..8236406c2 100644
--- a/src/plugins/kdb/ldap/ldap_exp.c
+++ b/src/plugins/kdb/ldap/ldap_exp.c
@@ -84,6 +84,8 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = {
     /* encrypt_key_data */                  NULL,
     /* sign_authdata */                     NULL,
     /* check_transited_realms */            NULL,
+    /* check_policy_as */                   krb5_ldap_check_policy_as,
+    /* check_policy_tgs */                  NULL,
     /* invoke */                            krb5_ldap_invoke,
 
 };
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
index fdbb1a17a..0330e15e8 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
@@ -35,29 +35,6 @@
 #include "kdb_ldap.h"
 
 static krb5_error_code
-krb5_ldap_check_policy_as(krb5_context context,
-                          unsigned int method,
-                          const krb5_data *request,
-                          krb5_data *response)
-{
-    const kdb_check_policy_as_req *req;
-    kdb_check_policy_as_rep *rep;
-    krb5_error_code code;
-
-    req = (const kdb_check_policy_as_req *)request->data;
-    rep = (kdb_check_policy_as_rep *)response->data;
-
-    rep->status = NULL;
-
-    code = krb5_ldap_lockout_check_policy(context, req->client,
-                                          req->kdc_time);
-    if (code == KRB5KDC_ERR_CLIENT_REVOKED)
-        rep->status = "LOCKED_OUT";
-
-    return code;
-}
-
-static krb5_error_code
 krb5_ldap_audit_as(krb5_context context,
                    unsigned int method,
                    const krb5_data *request,
@@ -117,9 +94,6 @@ krb5_ldap_invoke(krb5_context context,
     krb5_error_code code = KRB5_PLUGIN_OP_NOTSUPP;
 
     switch (method) {
-    case KRB5_KDB_METHOD_CHECK_POLICY_AS:
-        code = krb5_ldap_check_policy_as(context, method, req, rep);
-        break;
     case KRB5_KDB_METHOD_AUDIT_AS:
         code = krb5_ldap_audit_as(context, method, req, rep);
         break;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index 633de85d2..7127ce4a0 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -527,3 +527,17 @@ kldap_ensure_initialized(void)
 {
     return CALL_INIT_FUNCTION (kldap_init_fn);
 }
+
+krb5_error_code
+krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                          krb5_db_entry *client, krb5_db_entry *server,
+                          krb5_timestamp kdc_time, const char **status,
+                          krb5_data *e_data)
+{
+    krb5_error_code retval;
+
+    retval = krb5_ldap_lockout_check_policy(kcontext, client, kdc_time);
+    if (retval == KRB5KDC_ERR_CLIENT_REVOKED)
+        *status = "LOCKED_OUT";
+    return retval;
+}
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index 35dd12e02..8e935e193 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -296,6 +296,11 @@ has_modify_increment(krb5_context, char *);
 krb5_error_code
 krb5_ldap_free_server_context_params(krb5_ldap_context *ldap_context);
 
+krb5_error_code
+krb5_ldap_check_policy_as(krb5_context kcontext, krb5_kdc_req *request,
+                          krb5_db_entry *client, krb5_db_entry *server,
+                          krb5_timestamp kdc_time, const char **status,
+                          krb5_data *e_data);
 
 /* DAL functions */
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
index 7f285ce94..affdb38bb 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
+++ b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
@@ -44,4 +44,5 @@ krb5_ldap_unlock
 krb5_ldap_create
 krb5_ldap_set_mkey_list
 krb5_ldap_get_mkey_list
+krb5_ldap_check_policy_as
 krb5_ldap_invoke
author	Greg Hudson <ghudson@mit.edu>	2010-07-13 00:53:46 +0000
committer	Greg Hudson <ghudson@mit.edu>	2010-07-13 00:53:46 +0000
commit	80a3846c5c7b04625b112b2ee555292f8347dd52 (patch)
tree	300bfea2a49cc92cc6cd774f7541ccfc81a3e5cc /src/plugins
parent	0d34b37b7abcdd2eba13d45df5feadf135e4602a (diff)
download	krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.tar.gz krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.tar.xz krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.zip