diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/preauth2.c | 103 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth_ec.c | 32 |
2 files changed, 27 insertions, 108 deletions
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 9807eeafd..8c43938ef 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -372,94 +372,24 @@ grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size, return 0; } -/* - * Retrieve a specific piece of information required by the plugin and - * return it in a new krb5_data item. There are separate request_types - * to obtain the data and free it. - * - * This may require massaging data into a contrived format, but it will - * hopefully keep us from having to reveal library-internal functions - * or data to the plugin modules. - */ - -static krb5_error_code -client_data_proc(krb5_context kcontext, krb5_clpreauth_rock rock, - krb5_int32 request_type, krb5_data **retdata) +static krb5_enctype +get_etype(krb5_context context, krb5_clpreauth_rock rock) { - krb5_data *ret; - krb5_error_code retval; - char *data; - - if (rock->magic != CLIENT_ROCK_MAGIC) - return EINVAL; - if (retdata == NULL) - return EINVAL; + return *rock->etype; +} - switch (request_type) { - case krb5_clpreauth_get_etype: - { - krb5_enctype *eptr; - ret = malloc(sizeof(krb5_data)); - if (ret == NULL) - return ENOMEM; - data = malloc(sizeof(krb5_enctype)); - if (data == NULL) { - free(ret); - return ENOMEM; - } - ret->data = data; - ret->length = sizeof(krb5_enctype); - eptr = (krb5_enctype *)data; - *eptr = *rock->etype; - *retdata = ret; - return 0; - } - break; - case krb5_clpreauth_free_etype: - ret = *retdata; - if (ret == NULL) - return 0; - if (ret->data) - free(ret->data); - free(ret); - return 0; - break; - case krb5_clpreauth_fast_armor: { - krb5_keyblock *key = NULL; - ret = calloc(1, sizeof(krb5_data)); - if (ret == NULL) - return ENOMEM; - retval = 0; - if (rock->fast_state->armor_key) - retval = krb5_copy_keyblock(kcontext, rock->fast_state->armor_key, - &key); - if (retval == 0) { - ret->data = (char *) key; - ret->length = key?sizeof(krb5_keyblock):0; - key = NULL; - } - if (retval == 0) { - *retdata = ret; - ret = NULL; - } - if (ret) - free(ret); - return retval; - } - case krb5_clpreauth_free_fast_armor: - ret = *retdata; - if (ret) { - if (ret->data) - krb5_free_keyblock(kcontext, (krb5_keyblock *) ret->data); - free(ret); - *retdata = NULL; - } - return 0; - default: - return EINVAL; - } +static krb5_keyblock * +fast_armor(krb5_context context, krb5_clpreauth_rock rock) +{ + return rock->fast_state->armor_key; } +static struct krb5_clpreauth_callbacks_st callbacks = { + 1, + get_etype, + fast_armor +}; + /* Tweak the request body, for now adding any enctypes which the module claims * to add support for to the list, but in the future perhaps doing more * involved things. */ @@ -545,7 +475,7 @@ run_preauth_plugins(krb5_context kcontext, ret = module->client_process(kcontext, module->moddata, *module->modreq_p, (krb5_get_init_creds_opt *)opte, - client_data_proc, preauth_rock, + &callbacks, preauth_rock, request, encoded_request_body, encoded_previous_request, in_padata, prompter, prompter_data, gak_fct, @@ -1535,8 +1465,7 @@ krb5_do_preauth_tryagain(krb5_context kcontext, if ((*module->client_tryagain)(kcontext, module->moddata, *module->modreq_p, (krb5_get_init_creds_opt *)opte, - client_data_proc, - preauth_rock, + &callbacks, preauth_rock, request, encoded_request_body, encoded_previous_request, diff --git a/src/lib/krb5/krb/preauth_ec.c b/src/lib/krb5/krb/preauth_ec.c index 94c928461..6ef397568 100644 --- a/src/lib/krb5/krb/preauth_ec.c +++ b/src/lib/krb5/krb/preauth_ec.c @@ -43,7 +43,7 @@ preauth_flags(krb5_context context, krb5_preauthtype pa_type) static krb5_error_code process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, - krb5_clpreauth_get_data_fn get_data_proc, + krb5_clpreauth_callbacks cb, krb5_clpreauth_rock rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, krb5_pa_data *padata, @@ -53,22 +53,16 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, krb5_pa_data ***out_padata) { krb5_error_code retval = 0; - krb5_enctype enctype = 0; - krb5_keyblock *challenge_key = NULL, *armor_key = NULL; - krb5_data *etype_data = NULL; + krb5_enctype enctype; + krb5_keyblock *challenge_key = NULL, *armor_key; - retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key); - if (retval || armor_key == NULL) - return 0; - retval = get_data_proc(context, rock, krb5_clpreauth_get_etype, - &etype_data); - if (retval == 0) { - enctype = *((krb5_enctype *)etype_data->data); - if (as_key->length == 0 ||as_key->enctype != enctype) - retval = gak_fct(context, request->client, - enctype, prompter, prompter_data, - salt, s2kparams, - as_key, gak_data); + armor_key = cb->fast_armor(context, rock); + enctype = cb->get_etype(context, rock); + if (as_key->length == 0 ||as_key->enctype != enctype) { + retval = gak_fct(context, request->client, + enctype, prompter, prompter_data, + salt, s2kparams, + as_key, gak_data); } if (retval == 0 && padata->length) { krb5_enc_data *enc = NULL; @@ -99,7 +93,7 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, if (scratch.data) krb5_free_data_contents(context, &scratch); if (retval == 0) - fast_set_kdc_verified(context, get_data_proc, rock); + fast_set_kdc_verified(context, cb, rock); if (enc) krb5_free_enc_data(context, enc); } else if (retval == 0) { /*No padata; we send*/ @@ -158,10 +152,6 @@ process_preauth(krb5_context context, krb5_clpreauth_moddata moddata, } if (challenge_key) krb5_free_keyblock(context, challenge_key); - if (armor_key) - krb5_free_keyblock(context, armor_key); - if (etype_data != NULL) - get_data_proc(context, rock, krb5_clpreauth_free_etype, &etype_data); return retval; } |