summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/preauth/cksum_body/cksum_body.exports4
-rw-r--r--src/plugins/preauth/cksum_body/cksum_body_main.c140
-rw-r--r--src/plugins/preauth/encrypted_challenge/encrypted_challenge.exports4
-rw-r--r--src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c113
-rw-r--r--src/plugins/preauth/fast_factor.h22
-rw-r--r--src/plugins/preauth/pkinit/pkinit.exports4
-rw-r--r--src/plugins/preauth/pkinit/pkinit_clnt.c140
-rw-r--r--src/plugins/preauth/pkinit/pkinit_srv.c108
-rw-r--r--src/plugins/preauth/securid_sam2/securid_sam2_main.c42
-rw-r--r--src/plugins/preauth/wpse/wpse.exports4
-rw-r--r--src/plugins/preauth/wpse/wpse_main.c136
11 files changed, 389 insertions, 328 deletions
diff --git a/src/plugins/preauth/cksum_body/cksum_body.exports b/src/plugins/preauth/cksum_body/cksum_body.exports
index 98e96c399..df335ca64 100644
--- a/src/plugins/preauth/cksum_body/cksum_body.exports
+++ b/src/plugins/preauth/cksum_body/cksum_body.exports
@@ -1,2 +1,2 @@
-preauthentication_client_1
-preauthentication_server_1
+clpreauth_cksum_body_initvt
+kdcpreauth_cksum_body_initvt
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c
index 2759045b0..e79b84a12 100644
--- a/src/plugins/preauth/cksum_body/cksum_body_main.c
+++ b/src/plugins/preauth/cksum_body/cksum_body_main.c
@@ -80,18 +80,18 @@ client_get_flags(krb5_context kcontext, krb5_preauthtype pa_type)
static krb5_error_code
client_process(krb5_context kcontext,
- void *client_plugin_context,
- void *client_request_context,
+ krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq,
krb5_get_init_creds_opt *opt,
- preauth_get_client_data_proc client_get_data_proc,
- struct _krb5_preauth_client_rock *rock,
+ krb5_clpreauth_get_data_fn client_get_data_proc,
+ krb5_clpreauth_rock rock,
krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data *pa_data,
krb5_prompter_fct prompter,
void *prompter_data,
- preauth_get_as_key_proc gak_fct,
+ krb5_clpreauth_get_as_key_fn gak_fct,
void *gak_data,
krb5_data *salt, krb5_data *s2kparams,
krb5_keyblock *as_key,
@@ -229,7 +229,7 @@ client_process(krb5_context kcontext,
static krb5_error_code
client_gic_opt(krb5_context kcontext,
- void *plugin_context,
+ krb5_clpreauth_moddata moddata,
krb5_get_init_creds_opt *opt,
const char *attr,
const char *value)
@@ -243,7 +243,8 @@ client_gic_opt(krb5_context kcontext,
/* Initialize and tear down the server-side module, and do stat tracking. */
static krb5_error_code
-server_init(krb5_context kcontext, void **module_context, const char **realmnames)
+server_init(krb5_context kcontext, krb5_kdcpreauth_moddata *moddata_out,
+ const char **realmnames)
{
struct server_stats *stats;
stats = malloc(sizeof(struct server_stats));
@@ -251,14 +252,14 @@ server_init(krb5_context kcontext, void **module_context, const char **realmname
return ENOMEM;
stats->successes = 0;
stats->failures = 0;
- *module_context = stats;
+ *moddata_out = (krb5_kdcpreauth_moddata)stats;
return 0;
}
static void
-server_fini(krb5_context kcontext, void *module_context)
+server_fini(krb5_context kcontext, krb5_kdcpreauth_moddata moddata)
{
struct server_stats *stats;
- stats = module_context;
+ stats = (struct server_stats *)moddata;
if (stats != NULL) {
#ifdef DEBUG
fprintf(stderr, "Total: %d clients failed, %d succeeded.\n",
@@ -275,8 +276,8 @@ server_get_edata(krb5_context kcontext,
krb5_kdc_req *request,
struct _krb5_db_entry_new *client,
struct _krb5_db_entry_new *server,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_module_context,
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
krb5_pa_data *data)
{
krb5_data *key_data;
@@ -287,7 +288,7 @@ server_get_edata(krb5_context kcontext,
/* Retrieve the client's keys. */
key_data = NULL;
if ((*server_get_entry_data)(kcontext, request, client,
- krb5plugin_preauth_keys, &key_data) != 0) {
+ krb5_kdcpreauth_keys, &key_data) != 0) {
#ifdef DEBUG
fprintf(stderr, "Error retrieving client keys.\n");
#endif
@@ -335,9 +336,9 @@ server_verify(krb5_context kcontext,
krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply,
krb5_pa_data *data,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_module_context,
- void **pa_request_context,
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq *modreq_out,
krb5_data **e_data,
krb5_authdata ***authz_data)
{
@@ -356,7 +357,7 @@ server_verify(krb5_context kcontext,
test_svr_req_ctx *svr_req_ctx;
krb5_authdata **my_authz_data = NULL;
- stats = pa_module_context;
+ stats = (struct server_stats *)moddata;
#ifdef DEBUG
fprintf(stderr, "cksum_body: server_verify\n");
@@ -392,7 +393,7 @@ server_verify(krb5_context kcontext,
/* Pull up the client's keys. */
key_data = NULL;
if ((*server_get_entry_data)(kcontext, request, client,
- krb5plugin_preauth_keys, &key_data) != 0) {
+ krb5_kdcpreauth_keys, &key_data) != 0) {
#ifdef DEBUG
fprintf(stderr, "Error retrieving client keys.\n");
#endif
@@ -449,7 +450,7 @@ server_verify(krb5_context kcontext,
* will probably work if it's us on both ends, though. */
req_body = NULL;
if ((*server_get_entry_data)(kcontext, request, client,
- krb5plugin_preauth_request_body,
+ krb5_kdcpreauth_request_body,
&req_body) != 0) {
krb5_free_keyblock(kcontext, key);
stats->failures++;
@@ -572,7 +573,7 @@ server_verify(krb5_context kcontext,
svr_req_ctx);
#endif
}
- *pa_request_context = svr_req_ctx;
+ *modreq_out = (krb5_kdcpreauth_modreq)svr_req_ctx;
/* Note that preauthentication succeeded. */
enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
@@ -591,9 +592,9 @@ server_return(krb5_context kcontext,
struct _krb5_key_data *client_key,
krb5_keyblock *encrypting_key,
krb5_pa_data **send_pa,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_module_context,
- void **pa_request_context)
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq modreq)
{
/* We don't need to send data back on the return trip. */
*send_pa = NULL;
@@ -601,34 +602,32 @@ server_return(krb5_context kcontext,
}
/* Test server request context freeing */
-static krb5_error_code
-server_free_reqctx(krb5_context kcontext,
- void *pa_module_context,
- void **pa_request_context)
+static void
+server_free_modreq(krb5_context kcontext,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq modreq)
{
test_svr_req_ctx *svr_req_ctx;
#ifdef DEBUG
- fprintf(stderr, "server_free_reqctx: entered!\n");
+ fprintf(stderr, "server_free_modreq: entered!\n");
#endif
- if (pa_request_context == NULL)
- return 0;
+ if (modreq == NULL)
+ return;
- svr_req_ctx = *pa_request_context;
+ svr_req_ctx = (test_svr_req_ctx *)modreq;
if (svr_req_ctx == NULL)
- return 0;
+ return;
if (svr_req_ctx->value1 != 111111 || svr_req_ctx->value2 != 222222) {
- fprintf(stderr, "server_free_reqctx: got invalid req context "
+ fprintf(stderr, "server_free_modreq: got invalid req context "
"at %p with values %d and %d\n",
svr_req_ctx, svr_req_ctx->value1, svr_req_ctx->value2);
- return EINVAL;
+ return;
}
#ifdef DEBUG
- fprintf(stderr, "server_free_reqctx: freeing context at %p\n", svr_req_ctx);
+ fprintf(stderr, "server_free_modreq: freeing context at %p\n", svr_req_ctx);
#endif
free(svr_req_ctx);
- *pa_request_context = NULL;
- return 0;
}
static int
@@ -644,28 +643,47 @@ static krb5_preauthtype supported_server_pa_types[] = {
KRB5_PADATA_CKSUM_BODY_REQ, 0,
};
-struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
- "cksum_body", /* name */
- &supported_client_pa_types[0], /* pa_type_list */
- NULL, /* enctype_list */
- NULL, /* plugin init function */
- NULL, /* plugin fini function */
- client_get_flags, /* get flags function */
- NULL, /* request init function */
- NULL, /* request fini function */
- client_process, /* process function */
- NULL, /* try_again function */
- client_gic_opt /* get init creds opt function */
-};
+krb5_error_code
+clpreauth_cksum_body_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
+krb5_error_code
+kdcpreauth_cksum_body_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
-struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
- "cksum_body",
- &supported_server_pa_types[0],
- server_init,
- server_fini,
- server_get_flags,
- server_get_edata,
- server_verify,
- server_return,
- server_free_reqctx
-};
+krb5_error_code
+clpreauth_cksum_body_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable)
+{
+ krb5_clpreauth_vtable vt;
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_clpreauth_vtable)vtable;
+ vt->name = "cksum_body";
+ vt->pa_type_list = supported_client_pa_types;
+ vt->flags = client_get_flags;
+ vt->process = client_process;
+ vt->gic_opts = client_gic_opt;
+ return 0;
+}
+
+krb5_error_code
+kdcpreauth_cksum_body_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable)
+{
+ krb5_kdcpreauth_vtable vt;
+
+ if (maj_ver != -1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_kdcpreauth_vtable)vtable;
+ vt->name = "cksum_body";
+ vt->pa_type_list = supported_server_pa_types;
+ vt->init = server_init;
+ vt->fini = server_fini;
+ vt->flags = server_get_flags;
+ vt->edata = server_get_edata;
+ vt->verify = server_verify;
+ vt->return_padata = server_return;
+ vt->free_modreq = server_free_modreq;
+ return 0;
+}
diff --git a/src/plugins/preauth/encrypted_challenge/encrypted_challenge.exports b/src/plugins/preauth/encrypted_challenge/encrypted_challenge.exports
index 98e96c399..651dcea1c 100644
--- a/src/plugins/preauth/encrypted_challenge/encrypted_challenge.exports
+++ b/src/plugins/preauth/encrypted_challenge/encrypted_challenge.exports
@@ -1,2 +1,2 @@
-preauthentication_client_1
-preauthentication_server_1
+clpreauth_encrypted_challenge_initvt
+kdcpreauth_encrypted_challenge_initvt
diff --git a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
index 833385c63..58a659246 100644
--- a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
+++ b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
@@ -41,14 +41,14 @@ preauth_flags(krb5_context context, krb5_preauthtype pa_type)
}
static krb5_error_code
-process_preauth(krb5_context context, void *plugin_context,
- void *request_context, krb5_get_init_creds_opt *opt,
- preauth_get_client_data_proc get_data_proc,
- struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request,
+process_preauth(krb5_context context, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
+ krb5_clpreauth_get_data_fn get_data_proc,
+ krb5_clpreauth_rock rock, krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request, krb5_pa_data *padata,
krb5_prompter_fct prompter, void *prompter_data,
- preauth_get_as_key_proc gak_fct, void *gak_data,
+ krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data,
krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key,
krb5_pa_data ***out_padata)
{
@@ -63,7 +63,8 @@ process_preauth(krb5_context context, void *plugin_context,
retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key);
if (retval || armor_key == NULL)
return 0;
- retval = get_data_proc(context, rock, krb5plugin_preauth_client_get_etype, &etype_data);
+ retval = get_data_proc(context, rock, krb5_clpreauth_get_etype,
+ &etype_data);
if (retval == 0) {
enctype = *((krb5_enctype *)etype_data->data);
if (as_key->length == 0 ||as_key->enctype != enctype)
@@ -163,8 +164,7 @@ process_preauth(krb5_context context, void *plugin_context,
if (armor_key)
krb5_free_keyblock(context, armor_key);
if (etype_data != NULL)
- get_data_proc(context, rock, krb5plugin_preauth_client_free_etype,
- &etype_data);
+ get_data_proc(context, rock, krb5_clpreauth_free_etype, &etype_data);
return retval;
}
@@ -173,12 +173,13 @@ static krb5_error_code
kdc_include_padata(krb5_context context, krb5_kdc_req *request,
struct _krb5_db_entry_new *client,
struct _krb5_db_entry_new *server,
- preauth_get_entry_data_proc get_entry_proc,
- void *pa_module_context, krb5_pa_data *data)
+ krb5_kdcpreauth_get_data_fn get_data_proc,
+ krb5_kdcpreauth_moddata moddata, krb5_pa_data *data)
{
krb5_error_code retval = 0;
krb5_keyblock *armor_key = NULL;
- retval = fast_kdc_get_armor_key(context, get_entry_proc, request, client, &armor_key);
+ retval = fast_kdc_get_armor_key(context, get_data_proc, request, client,
+ &armor_key);
if (retval)
return retval;
if (armor_key == 0)
@@ -191,8 +192,9 @@ static krb5_error_code
kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
krb5_data *req_pkt, krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
- preauth_get_entry_data_proc get_entry_proc,
- void *pa_module_context, void **pa_request_context,
+ krb5_kdcpreauth_get_data_fn get_entry_proc,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq *modreq_out,
krb5_data **e_data, krb5_authdata ***authz_data)
{
krb5_error_code retval = 0;
@@ -205,6 +207,7 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
krb5_keyblock *client_keys = NULL;
krb5_data *client_data = NULL;
krb5_keyblock *challenge_key = NULL;
+ krb5_keyblock *kdc_challenge_key;
int i = 0;
plain.data = NULL;
@@ -228,7 +231,7 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
}
if (retval == 0)
retval = get_entry_proc(context, request, client,
- krb5plugin_preauth_keys, &client_data);
+ krb5_kdcpreauth_keys, &client_data);
if (retval == 0) {
client_keys = (krb5_keyblock *) client_data->data;
for (i = 0; client_keys[i].enctype&& (retval == 0); i++ ) {
@@ -273,9 +276,10 @@ kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
* considered this a success, so the return value is ignored.
*/
fast_kdc_replace_reply_key(context, get_entry_proc, request);
- krb5_c_fx_cf2_simple(context, armor_key, "kdcchallengearmor",
- &client_keys[i], "challengelongterm",
- (krb5_keyblock **) pa_request_context);
+ if (krb5_c_fx_cf2_simple(context, armor_key, "kdcchallengearmor",
+ &client_keys[i], "challengelongterm",
+ &kdc_challenge_key) == 0)
+ *modreq_out = (krb5_kdcpreauth_modreq)kdc_challenge_key;
} else { /*skew*/
retval = KRB5KRB_AP_ERR_SKEW;
}
@@ -302,11 +306,12 @@ kdc_return_preauth(krb5_context context, krb5_pa_data *padata,
krb5_kdc_req *request, krb5_kdc_rep *reply,
struct _krb5_key_data *client_keys,
krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
- preauth_get_entry_data_proc get_entry_proc,
- void *pa_module_context, void **pa_request_context)
+ krb5_kdcpreauth_get_data_fn get_entry_proc,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq modreq)
{
krb5_error_code retval = 0;
- krb5_keyblock *challenge_key = *pa_request_context;
+ krb5_keyblock *challenge_key = (krb5_keyblock *)modreq;
krb5_pa_enc_ts ts;
krb5_data *plain = NULL;
krb5_enc_data enc;
@@ -318,8 +323,6 @@ kdc_return_preauth(krb5_context context, krb5_pa_data *padata,
return 0;
if (challenge_key == NULL)
return 0;
- * pa_request_context = NULL; /*this function will free the
- * challenge key*/
enc.ciphertext.data = NULL; /* In case of error pass through */
retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
@@ -355,37 +358,45 @@ kdc_return_preauth(krb5_context context, krb5_pa_data *padata,
return retval;
}
-static int
-kdc_preauth_flags(krb5_context context, krb5_preauthtype patype)
+krb5_preauthtype supported_pa_types[] = {
+ KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
+
+krb5_error_code
+kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
+krb5_error_code
+clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable)
{
+ krb5_kdcpreauth_vtable vt;
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_kdcpreauth_vtable)vtable;
+ vt->name = "encrypted_challenge";
+ vt->pa_type_list = supported_pa_types;
+ vt->edata = kdc_include_padata;
+ vt->verify = kdc_verify_preauth;
+ vt->return_padata = kdc_return_preauth;
return 0;
}
-krb5_preauthtype supported_pa_types[] = {
- KRB5_PADATA_ENCRYPTED_CHALLENGE, 0};
-
-struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
- "Encrypted challenge",
- &supported_pa_types[0],
- NULL,
- NULL,
- kdc_preauth_flags,
- kdc_include_padata,
- kdc_verify_preauth,
- kdc_return_preauth,
- NULL
-};
+krb5_error_code
+clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable)
+{
+ krb5_clpreauth_vtable vt;
-struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
- "Encrypted Challenge", /* name */
- &supported_pa_types[0], /* pa_type_list */
- NULL, /* enctype_list */
- NULL, /* plugin init function */
- NULL, /* plugin fini function */
- preauth_flags, /* get flags function */
- NULL, /* request init function */
- NULL, /* request fini function */
- process_preauth, /* process function */
- NULL, /* try_again function */
- NULL /* get init creds opt function */
-};
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_clpreauth_vtable)vtable;
+ vt->name = "encrypted_challenge";
+ vt->pa_type_list = supported_pa_types;
+ vt->flags = preauth_flags;
+ vt->process = process_preauth;
+ return 0;
+}
diff --git a/src/plugins/preauth/fast_factor.h b/src/plugins/preauth/fast_factor.h
index 52f4fa2e8..f585bc22c 100644
--- a/src/plugins/preauth/fast_factor.h
+++ b/src/plugins/preauth/fast_factor.h
@@ -5,38 +5,36 @@
* Returns failure if the client library does not support FAST.
*/
static inline krb5_error_code
-fast_get_armor_key(krb5_context context, preauth_get_client_data_proc get_data,
- struct _krb5_preauth_client_rock *rock,
- krb5_keyblock **armor_key)
+fast_get_armor_key(krb5_context context, krb5_clpreauth_get_data_fn get_data,
+ krb5_clpreauth_rock rock, krb5_keyblock **armor_key)
{
krb5_error_code retval = 0;
krb5_data *data;
- retval = get_data(context, rock, krb5plugin_preauth_client_fast_armor, &data);
+ retval = get_data(context, rock, krb5_clpreauth_fast_armor, &data);
if (retval == 0) {
*armor_key = (krb5_keyblock *) data->data;
data->data = NULL;
- get_data(context, rock, krb5plugin_preauth_client_free_fast_armor,
- &data);
+ get_data(context, rock, krb5_clpreauth_free_fast_armor, &data);
}
return retval;
}
static inline krb5_error_code
fast_kdc_get_armor_key(krb5_context context,
- preauth_get_entry_data_proc get_entry,
+ krb5_kdcpreauth_get_data_fn get_entry,
krb5_kdc_req *request,
struct _krb5_db_entry_new *client,
krb5_keyblock **armor_key)
{
krb5_error_code retval;
krb5_data *data;
- retval = get_entry(context, request, client, krb5plugin_preauth_fast_armor,
+ retval = get_entry(context, request, client, krb5_kdcpreauth_fast_armor,
&data);
if (retval == 0) {
*armor_key = (krb5_keyblock *) data->data;
data->data = NULL;
get_entry(context, request, client,
- krb5plugin_preauth_free_fast_armor, &data);
+ krb5_kdcpreauth_free_fast_armor, &data);
}
return retval;
}
@@ -45,7 +43,7 @@ fast_kdc_get_armor_key(krb5_context context,
static inline krb5_error_code
fast_kdc_replace_reply_key(krb5_context context,
- preauth_get_entry_data_proc get_data,
+ krb5_kdcpreauth_get_data_fn get_data,
krb5_kdc_req *request)
{
return 0;
@@ -53,8 +51,8 @@ fast_kdc_replace_reply_key(krb5_context context,
static inline krb5_error_code
fast_set_kdc_verified(krb5_context context,
- preauth_get_client_data_proc get_data,
- struct _krb5_preauth_client_rock *rock)
+ krb5_clpreauth_get_data_fn get_data,
+ krb5_clpreauth_rock rock)
{
return 0;
}
diff --git a/src/plugins/preauth/pkinit/pkinit.exports b/src/plugins/preauth/pkinit/pkinit.exports
index 98e96c399..e77fa3ef0 100644
--- a/src/plugins/preauth/pkinit/pkinit.exports
+++ b/src/plugins/preauth/pkinit/pkinit.exports
@@ -1,2 +1,2 @@
-preauthentication_client_1
-preauthentication_server_1
+clpreauth_pkinit_initvt
+kdcpreauth_pkinit_initvt
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 6888c1b07..cf95bd57b 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -71,7 +71,8 @@ pkinit_as_rep_parse(krb5_context context, pkinit_context plgctx,
krb5_kdc_req *request, const krb5_data *as_rep,
krb5_keyblock *key_block, krb5_enctype etype, krb5_data *);
-static void pkinit_client_plugin_fini(krb5_context context, void *blob);
+static void pkinit_client_plugin_fini(krb5_context context,
+ krb5_clpreauth_moddata moddata);
static krb5_error_code
pa_pkinit_gen_req(krb5_context context,
@@ -975,31 +976,25 @@ pkinit_client_profile(krb5_context context,
}
static krb5_error_code
-pkinit_client_process(krb5_context context,
- void *plugin_context,
- void *request_context,
+pkinit_client_process(krb5_context context, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq,
krb5_get_init_creds_opt *gic_opt,
- preauth_get_client_data_proc get_data_proc,
- struct _krb5_preauth_client_rock *rock,
- krb5_kdc_req *request,
+ krb5_clpreauth_get_data_fn get_data_proc,
+ krb5_clpreauth_rock rock, krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data *in_padata,
- krb5_prompter_fct prompter,
- void *prompter_data,
- preauth_get_as_key_proc gak_fct,
- void *gak_data,
- krb5_data *salt,
- krb5_data *s2kparams,
- krb5_keyblock *as_key,
- krb5_pa_data ***out_padata)
+ krb5_prompter_fct prompter, void *prompter_data,
+ krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data,
+ krb5_data *salt, krb5_data *s2kparams,
+ krb5_keyblock *as_key, krb5_pa_data ***out_padata)
{
krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
krb5_enctype enctype = -1;
krb5_data *cdata = NULL;
int processing_request = 0;
- pkinit_context plgctx = (pkinit_context)plugin_context;
- pkinit_req_context reqctx = (pkinit_req_context)request_context;
+ pkinit_context plgctx = (pkinit_context)moddata;
+ pkinit_req_context reqctx = (pkinit_req_context)modreq;
krb5_keyblock *armor_key = NULL;
pkiDebug("pkinit_client_process %p %p %p %p\n",
@@ -1061,16 +1056,15 @@ pkinit_client_process(krb5_context context,
/*
* Get the enctype of the reply.
*/
- retval = (*get_data_proc)(context, rock,
- krb5plugin_preauth_client_get_etype, &cdata);
+ retval = (*get_data_proc)(context, rock, krb5_clpreauth_get_etype,
+ &cdata);
if (retval) {
pkiDebug("get_data_proc returned %d (%s)\n",
retval, error_message(retval));
return retval;
}
enctype = *((krb5_enctype *)cdata->data);
- (*get_data_proc)(context, rock,
- krb5plugin_preauth_client_free_etype, &cdata);
+ (*get_data_proc)(context, rock, krb5_clpreauth_free_etype, &cdata);
retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request,
in_padata, enctype, as_key,
encoded_previous_request);
@@ -1082,29 +1076,22 @@ pkinit_client_process(krb5_context context,
}
static krb5_error_code
-pkinit_client_tryagain(krb5_context context,
- void *plugin_context,
- void *request_context,
+pkinit_client_tryagain(krb5_context context, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq,
krb5_get_init_creds_opt *gic_opt,
- preauth_get_client_data_proc get_data_proc,
- struct _krb5_preauth_client_rock *rock,
- krb5_kdc_req *request,
+ krb5_clpreauth_get_data_fn get_data_proc,
+ krb5_clpreauth_rock rock, krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
- krb5_pa_data *in_padata,
- krb5_error *err_reply,
- krb5_prompter_fct prompter,
- void *prompter_data,
- preauth_get_as_key_proc gak_fct,
- void *gak_data,
- krb5_data *salt,
- krb5_data *s2kparams,
- krb5_keyblock *as_key,
- krb5_pa_data ***out_padata)
+ krb5_pa_data *in_padata, krb5_error *err_reply,
+ krb5_prompter_fct prompter, void *prompter_data,
+ krb5_clpreauth_get_as_key_fn gak_fct, void *gak_data,
+ krb5_data *salt, krb5_data *s2kparams,
+ krb5_keyblock *as_key, krb5_pa_data ***out_padata)
{
krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
- pkinit_context plgctx = (pkinit_context)plugin_context;
- pkinit_req_context reqctx = (pkinit_req_context)request_context;
+ pkinit_context plgctx = (pkinit_context)moddata;
+ pkinit_req_context reqctx = (pkinit_req_context)modreq;
krb5_typed_data **typed_data = NULL;
krb5_data scratch;
krb5_external_principal_identifier **krb5_trusted_certifiers = NULL;
@@ -1202,14 +1189,14 @@ static krb5_preauthtype supported_client_pa_types[] = {
static void
pkinit_client_req_init(krb5_context context,
- void *plugin_context,
- void **request_context)
+ krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq *modreq_out)
{
krb5_error_code retval = ENOMEM;
pkinit_req_context reqctx = NULL;
- pkinit_context plgctx = plugin_context;
+ pkinit_context plgctx = (pkinit_context)moddata;
- *request_context = NULL;
+ *modreq_out = NULL;
reqctx = malloc(sizeof(*reqctx));
if (reqctx == NULL)
@@ -1244,7 +1231,7 @@ pkinit_client_req_init(krb5_context context,
if (retval)
goto cleanup;
- *request_context = (void *) reqctx;
+ *modreq_out = (krb5_clpreauth_modreq)reqctx;
pkiDebug("%s: returning reqctx at %p\n", __FUNCTION__, reqctx);
cleanup:
@@ -1264,11 +1251,10 @@ cleanup:
}
static void
-pkinit_client_req_fini(krb5_context context,
- void *plugin_context,
- void *request_context)
+pkinit_client_req_fini(krb5_context context, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq)
{
- pkinit_req_context reqctx = request_context;
+ pkinit_req_context reqctx = (pkinit_req_context)modreq;
pkiDebug("%s: received reqctx at %p\n", __FUNCTION__, reqctx);
if (reqctx == NULL)
@@ -1295,7 +1281,8 @@ pkinit_client_req_fini(krb5_context context,
}
static int
-pkinit_client_plugin_init(krb5_context context, void **blob)
+pkinit_client_plugin_init(krb5_context context,
+ krb5_clpreauth_moddata *moddata_out)
{
krb5_error_code retval = ENOMEM;
pkinit_context ctx = NULL;
@@ -1325,21 +1312,21 @@ pkinit_client_plugin_init(krb5_context context, void **blob)
if (retval)
goto errout;
- *blob = ctx;
+ *moddata_out = (krb5_clpreauth_moddata)ctx;
pkiDebug("%s: returning plgctx at %p\n", __FUNCTION__, ctx);
errout:
if (retval)
- pkinit_client_plugin_fini(context, ctx);
+ pkinit_client_plugin_fini(context, (krb5_clpreauth_moddata)ctx);
return retval;
}
static void
-pkinit_client_plugin_fini(krb5_context context, void *blob)
+pkinit_client_plugin_fini(krb5_context context, krb5_clpreauth_moddata moddata)
{
- pkinit_context ctx = blob;
+ pkinit_context ctx = (pkinit_context)moddata;
if (ctx == NULL || ctx->magic != PKINIT_CTX_MAGIC) {
pkiDebug("pkinit_lib_fini: got bad plgctx (%p)!\n", ctx);
@@ -1425,14 +1412,13 @@ handle_gic_opt(krb5_context context,
}
static krb5_error_code
-pkinit_client_gic_opt(krb5_context context,
- void *plugin_context,
+pkinit_client_gic_opt(krb5_context context, krb5_clpreauth_moddata moddata,
krb5_get_init_creds_opt *gic_opt,
const char *attr,
const char *value)
{
krb5_error_code retval;
- pkinit_context plgctx = plugin_context;
+ pkinit_context plgctx = (pkinit_context)moddata;
pkiDebug("(pkinit) received '%s' = '%s'\n", attr, value);
retval = handle_gic_opt(context, plgctx, attr, value);
@@ -1442,20 +1428,28 @@ pkinit_client_gic_opt(krb5_context context,
return 0;
}
-/* Only necessary for static plugin linking support. */
-#include "k5-plugin.h"
-
-struct krb5plugin_preauth_client_ftable_v1
-PLUGIN_SYMBOL_NAME(krb5_preauth, preauthentication_client_1) = {
- "pkinit", /* name */
- supported_client_pa_types, /* pa_type_list */
- NULL, /* enctype_list */
- pkinit_client_plugin_init, /* (*init) */
- pkinit_client_plugin_fini, /* (*fini) */
- pkinit_client_get_flags, /* (*flags) */
- pkinit_client_req_init, /* (*client_req_init) */
- pkinit_client_req_fini, /* (*client_req_fini) */
- pkinit_client_process, /* (*process) */
- pkinit_client_tryagain, /* (*tryagain) */
- pkinit_client_gic_opt /* (*gic_opt) */
-};
+krb5_error_code
+clpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+ krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+ krb5_plugin_vtable vtable)
+{
+ krb5_clpreauth_vtable vt;
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_clpreauth_vtable)vtable;
+ vt->name = "pkinit";
+ vt->pa_type_list = supported_client_pa_types;
+ vt->init = pkinit_client_plugin_init;
+ vt->fini = pkinit_client_plugin_fini;
+ vt->flags = pkinit_client_get_flags;
+ vt->request_init = pkinit_client_req_init;
+ vt->request_fini = pkinit_client_req_fini;
+ vt->process = pkinit_client_process;
+ vt->tryagain = pkinit_client_tryagain;
+ vt->gic_opts = pkinit_client_gic_opt;
+ return 0;
+}
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 2a33e9331..d87d57031 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -50,10 +50,12 @@ pkinit_server_plugin_fini_realm(krb5_context context,
pkinit_kdc_context plgctx);
static void
-pkinit_server_plugin_fini(krb5_context context, void *blob);
+pkinit_server_plugin_fini(krb5_context context,
+ krb5_kdcpreauth_moddata moddata);
static pkinit_kdc_context
-pkinit_find_realm_context(krb5_context context, void *pa_plugin_context,
+pkinit_find_realm_context(krb5_context context,
+ krb5_kdcpreauth_moddata moddata,
krb5_principal princ);
static krb5_error_code
@@ -97,12 +99,12 @@ cleanup:
static krb5_error_code
pkinit_server_get_edata(krb5_context context,
- krb5_kdc_req * request,
- struct _krb5_db_entry_new * client,
- struct _krb5_db_entry_new * server,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_plugin_context,
- krb5_pa_data * data)
+ krb5_kdc_req *request,
+ struct _krb5_db_entry_new *client,
+ struct _krb5_db_entry_new *server,
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_pa_data *data)
{
krb5_error_code retval = 0;
pkinit_kdc_context plgctx = NULL;
@@ -123,8 +125,7 @@ pkinit_server_get_edata(krb5_context context,
* If we don't have a realm context for the given realm,
* don't tell the client that we support pkinit!
*/
- plgctx = pkinit_find_realm_context(context, pa_plugin_context,
- request->server);
+ plgctx = pkinit_find_realm_context(context, moddata, request->server);
if (plgctx == NULL)
retval = EINVAL;
@@ -292,9 +293,9 @@ pkinit_server_verify_padata(krb5_context context,
krb5_kdc_req * request,
krb5_enc_tkt_part * enc_tkt_reply,
krb5_pa_data * data,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_plugin_context,
- void **pa_request_context,
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq *modreq_out,
krb5_data **e_data,
krb5_authdata ***authz_data)
{
@@ -328,11 +329,10 @@ pkinit_server_verify_padata(krb5_context context,
return EINVAL;
}
- if (pa_plugin_context == NULL || e_data == NULL)
+ if (moddata == NULL || e_data == NULL)
return EINVAL;
- plgctx = pkinit_find_realm_context(context, pa_plugin_context,
- request->server);
+ plgctx = pkinit_find_realm_context(context, moddata, request->server);
if (plgctx == NULL)
return 0;
@@ -562,7 +562,7 @@ pkinit_server_verify_padata(krb5_context context,
}
/* remember to set the PREAUTH flag in the reply */
enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
- *pa_request_context = reqctx;
+ *modreq_out = (krb5_kdcpreauth_modreq)reqctx;
reqctx = NULL;
cleanup:
@@ -668,9 +668,9 @@ pkinit_server_return_padata(krb5_context context,
struct _krb5_key_data * client_key,
krb5_keyblock * encrypting_key,
krb5_pa_data ** send_pa,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_plugin_context,
- void **pa_request_context)
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq modreq)
{
krb5_error_code retval = 0;
krb5_data scratch = {0, 0, NULL};
@@ -708,20 +708,19 @@ pkinit_server_return_padata(krb5_context context,
if (padata->length <= 0 || padata->contents == NULL)
return 0;
- if (pa_request_context == NULL || *pa_request_context == NULL) {
+ if (modreq == NULL) {
pkiDebug("missing request context \n");
return EINVAL;
}
- plgctx = pkinit_find_realm_context(context, pa_plugin_context,
- request->server);
+ plgctx = pkinit_find_realm_context(context, moddata, request->server);
if (plgctx == NULL) {
pkiDebug("Unable to locate correct realm context\n");
return ENOENT;
}
pkiDebug("pkinit_return_padata: entered!\n");
- reqctx = (pkinit_kdc_req_context)*pa_request_context;
+ reqctx = (pkinit_kdc_req_context)modreq;
if (encrypting_key->contents) {
free(encrypting_key->contents);
@@ -1169,13 +1168,14 @@ errout:
}
static pkinit_kdc_context
-pkinit_find_realm_context(krb5_context context, void *pa_plugin_context,
+pkinit_find_realm_context(krb5_context context,
+ krb5_kdcpreauth_moddata moddata,
krb5_principal princ)
{
int i;
- pkinit_kdc_context *realm_contexts = pa_plugin_context;
+ pkinit_kdc_context *realm_contexts = (pkinit_kdc_context *)moddata;
- if (pa_plugin_context == NULL)
+ if (moddata == NULL)
return NULL;
for (i = 0; realm_contexts[i] != NULL; i++) {
@@ -1254,7 +1254,8 @@ errout:
}
static int
-pkinit_server_plugin_init(krb5_context context, void **blob,
+pkinit_server_plugin_init(krb5_context context,
+ krb5_kdcpreauth_moddata *moddata_out,
const char **realmnames)
{
krb5_error_code retval = ENOMEM;
@@ -1289,13 +1290,15 @@ pkinit_server_plugin_init(krb5_context context, void **blob,
goto errout;
}
- *blob = realm_contexts;
+ *moddata_out = (krb5_kdcpreauth_moddata)realm_contexts;
retval = 0;
pkiDebug("%s: returning context at %p\n", __FUNCTION__, realm_contexts);
errout:
- if (retval)
- pkinit_server_plugin_fini(context, realm_contexts);
+ if (retval) {
+ pkinit_server_plugin_fini(context,
+ (krb5_kdcpreauth_moddata)realm_contexts);
+ }
return retval;
}
@@ -1316,9 +1319,10 @@ pkinit_server_plugin_fini_realm(krb5_context context, pkinit_kdc_context plgctx)
}
static void
-pkinit_server_plugin_fini(krb5_context context, void *blob)
+pkinit_server_plugin_fini(krb5_context context,
+ krb5_kdcpreauth_moddata moddata)
{
- pkinit_kdc_context *realm_contexts = blob;
+ pkinit_kdc_context *realm_contexts = (pkinit_kdc_context *)moddata;
int i;
if (realm_contexts == NULL)
@@ -1379,18 +1383,26 @@ pkinit_fini_kdc_req_context(krb5_context context, void *ctx)
free(reqctx);
}
-/* Only necessary for static plugin linking support. */
-#include "k5-plugin.h"
-
-struct krb5plugin_preauth_server_ftable_v1
-PLUGIN_SYMBOL_NAME(krb5_pkinit, preauthentication_server_1) = {
- "pkinit", /* name */
- supported_server_pa_types, /* pa_type_list */
- pkinit_server_plugin_init, /* (*init_proc) */
- pkinit_server_plugin_fini, /* (*fini_proc) */
- pkinit_server_get_flags, /* (*flags_proc) */
- pkinit_server_get_edata, /* (*edata_proc) */
- pkinit_server_verify_padata,/* (*verify_proc) */
- pkinit_server_return_padata,/* (*return_proc) */
- NULL, /* (*freepa_reqcontext_proc) */
-};
+krb5_error_code
+kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+ krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_pkinit_initvt(krb5_context context, int maj_ver, int min_ver,
+ krb5_plugin_vtable vtable)
+{
+ krb5_kdcpreauth_vtable vt;
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_kdcpreauth_vtable)vtable;
+ vt->name = "pkinit";
+ vt->pa_type_list = supported_server_pa_types;
+ vt->init = pkinit_server_plugin_init;
+ vt->fini = pkinit_server_plugin_fini;
+ vt->flags = pkinit_server_get_flags;
+ vt->edata = pkinit_server_get_edata;
+ vt->verify = pkinit_server_verify_padata;
+ vt->return_padata = pkinit_server_return_padata;
+ return 0;
+}
diff --git a/src/plugins/preauth/securid_sam2/securid_sam2_main.c b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
index 49b497ef0..6bc65e85e 100644
--- a/src/plugins/preauth/securid_sam2/securid_sam2_main.c
+++ b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
@@ -116,8 +116,8 @@ static krb5_error_code
kdc_include_padata(krb5_context context, krb5_kdc_req *request,
struct _krb5_db_entry_new *client,
struct _krb5_db_entry_new *server,
- preauth_get_entry_data_proc get_entry_proc,
- void *pa_module_context, krb5_pa_data *pa_data)
+ krb5_kdcpreauth_get_data_fn get_entry_proc,
+ krb5_kdcpreauth_moddata moddata, krb5_pa_data *pa_data)
{
krb5_error_code retval;
krb5_data *client_keys_data = NULL;
@@ -138,7 +138,7 @@ kdc_include_padata(krb5_context context, krb5_kdc_req *request,
if (retval)
return retval;
retval = get_entry_proc(context, request, client,
- krb5plugin_preauth_keys, &client_keys_data);
+ krb5_kdcpreauth_keys, &client_keys_data);
if (retval)
goto cleanup;
client_key = (krb5_keyblock *) client_keys_data->data;
@@ -206,8 +206,9 @@ static krb5_error_code
kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
krb5_data *req_pkt, krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *pa_data,
- preauth_get_entry_data_proc get_entry_proc,
- void *pa_module_context, void **opaque,
+ krb5_kdcpreauth_get_data_fn get_entry_proc,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq *modreq_out,
krb5_data **e_data, krb5_authdata ***authz_data)
{
krb5_error_code retval, saved_retval = 0;
@@ -294,14 +295,23 @@ kdc_preauth_flags(krb5_context context, krb5_preauthtype patype)
krb5_preauthtype supported_pa_types[] = {
KRB5_PADATA_SAM_RESPONSE_2, 0};
-struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
- "SAM2",
- &supported_pa_types[0],
- NULL,
- NULL,
- kdc_preauth_flags,
- kdc_include_padata,
- kdc_verify_preauth,
- NULL,
- NULL
-};
+krb5_error_code
+kdcpreauth_securid_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
+ krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcpreauth_securid_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
+ krb5_plugin_vtable vtable)
+{
+ krb5_kdcpreauth_vtable vt;
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_kdcpreauth_vtable)vtable;
+ vt->name = "securid_sam2";
+ vt->pa_type_list = supported_pa_types;
+ vt->flags = kdc_preauth_flags;
+ vt->edata = kdc_include_padata;
+ vt->verify = kdc_verify_preauth;
+ return 0;
+}
diff --git a/src/plugins/preauth/wpse/wpse.exports b/src/plugins/preauth/wpse/wpse.exports
index 98e96c399..4cc48a883 100644
--- a/src/plugins/preauth/wpse/wpse.exports
+++ b/src/plugins/preauth/wpse/wpse.exports
@@ -1,2 +1,2 @@
-preauthentication_client_1
-preauthentication_server_1
+clpreauth_wpse_initvt
+kdcpreauth_wpse_initvt
diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c
index 14e994d42..866286c1b 100644
--- a/src/plugins/preauth/wpse/wpse_main.c
+++ b/src/plugins/preauth/wpse/wpse_main.c
@@ -59,7 +59,7 @@ client_get_flags(krb5_context kcontext, krb5_preauthtype pa_type)
}
static krb5_error_code
-client_init(krb5_context kcontext, void **ctx)
+client_init(krb5_context kcontext, krb5_clpreauth_moddata *moddata_out)
{
int *pctx;
@@ -67,16 +67,16 @@ client_init(krb5_context kcontext, void **ctx)
if (pctx == NULL)
return ENOMEM;
*pctx = 0;
- *ctx = pctx;
+ *moddata_out = (krb5_clpreauth_moddata)pctx;
return 0;
}
static void
-client_fini(krb5_context kcontext, void *ctx)
+client_fini(krb5_context kcontext, krb5_clpreauth_moddata moddata)
{
int *pctx;
- pctx = ctx;
+ pctx = (int *)moddata;
if (pctx) {
#ifdef DEBUG
fprintf(stderr, "wpse module called total of %d times\n", *pctx);
@@ -87,18 +87,18 @@ client_fini(krb5_context kcontext, void *ctx)
static krb5_error_code
client_process(krb5_context kcontext,
- void *plugin_context,
- void *request_context,
+ krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq,
krb5_get_init_creds_opt *opt,
- preauth_get_client_data_proc client_get_data_proc,
- struct _krb5_preauth_client_rock *rock,
+ krb5_clpreauth_get_data_fn client_get_data_proc,
+ krb5_clpreauth_rock rock,
krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data *pa_data,
krb5_prompter_fct prompter,
void *prompter_data,
- preauth_get_as_key_proc gak_fct,
+ krb5_clpreauth_get_as_key_fn gak_fct,
void *gak_data,
krb5_data *salt, krb5_data *s2kparams,
krb5_keyblock *as_key,
@@ -115,7 +115,7 @@ client_process(krb5_context kcontext,
pa_data->length, pa_data->pa_type);
#endif
- pctx = plugin_context;
+ pctx = (int *)moddata;
if (pctx) {
(*pctx)++;
}
@@ -176,11 +176,12 @@ typedef struct _wpse_req_ctx
} wpse_req_ctx;
static void
-client_req_init(krb5_context kcontext, void *plugin_context, void **req_context_p)
+client_req_init(krb5_context kcontext, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq *modreq_out)
{
wpse_req_ctx *ctx;
- *req_context_p = NULL;
+ *modreq_out = NULL;
/* Allocate a request context. Useful for verifying that we do in fact
* do per-request cleanup. */
@@ -190,13 +191,14 @@ client_req_init(krb5_context kcontext, void *plugin_context, void **req_context_
ctx->magic = WPSE_MAGIC;
ctx->value = 0xc0dec0de;
- *req_context_p = ctx;
+ *modreq_out = (krb5_clpreauth_modreq)ctx;
}
static void
-client_req_cleanup(krb5_context kcontext, void *plugin_context, void *req_context)
+client_req_cleanup(krb5_context kcontext, krb5_clpreauth_moddata moddata,
+ krb5_clpreauth_modreq modreq)
{
- wpse_req_ctx *ctx = (wpse_req_ctx *)req_context;
+ wpse_req_ctx *ctx = (wpse_req_ctx *)modreq;
if (ctx) {
#ifdef DEBUG
@@ -217,7 +219,7 @@ client_req_cleanup(krb5_context kcontext, void *plugin_context, void *req_contex
static krb5_error_code
client_gic_opt(krb5_context kcontext,
- void *plugin_context,
+ krb5_clpreauth_moddata moddata,
krb5_get_init_creds_opt *opt,
const char *attr,
const char *value)
@@ -231,15 +233,12 @@ client_gic_opt(krb5_context kcontext,
/* Free state. */
-static krb5_error_code
-server_free_pa_request_context(krb5_context kcontext, void *plugin_context,
- void **request_context)
+static void
+server_free_modreq(krb5_context kcontext,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq modreq)
{
- if (*request_context != NULL) {
- free(*request_context);
- *request_context = NULL;
- }
- return 0;
+ free(modreq);
}
/* Obtain and return any preauthentication data (which is destined for the
@@ -249,8 +248,8 @@ server_get_edata(krb5_context kcontext,
krb5_kdc_req *request,
struct _krb5_db_entry_new *client,
struct _krb5_db_entry_new *server,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_module_context,
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
krb5_pa_data *data)
{
/* Return zero bytes of data. */
@@ -267,9 +266,9 @@ server_verify(krb5_context kcontext,
krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply,
krb5_pa_data *data,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_module_context,
- void **pa_request_context,
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata,
+ krb5_kdcpreauth_modreq *modreq_out,
krb5_data **e_data,
krb5_authdata ***authz_data)
{
@@ -292,8 +291,7 @@ server_verify(krb5_context kcontext,
enc_tkt_reply->flags |= TKT_FLG_HW_AUTH;
/* Allocate a context. Useful for verifying that we do in fact do
* per-request cleanup. */
- if (*pa_request_context == NULL)
- *pa_request_context = malloc(4);
+ *modreq_out = malloc(4);
/*
* Return some junk authorization data just to exercise the
@@ -373,9 +371,8 @@ server_return(krb5_context kcontext,
struct _krb5_key_data *client_key,
krb5_keyblock *encrypting_key,
krb5_pa_data **send_pa,
- preauth_get_entry_data_proc server_get_entry_data,
- void *pa_module_context,
- void **pa_request_context)
+ krb5_kdcpreauth_get_data_fn server_get_entry_data,
+ krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq)
{
/* This module does a couple of dumb things. It tags its reply with
* the same type as the initial challenge (expecting the client to sort
@@ -447,28 +444,49 @@ server_get_flags(krb5_context kcontext, krb5_preauthtype pa_type)
static krb5_preauthtype supported_client_pa_types[] = {KRB5_PADATA_WPSE_REQ, 0};
static krb5_preauthtype supported_server_pa_types[] = {KRB5_PADATA_WPSE_REQ, 0};
-struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
- "wpse", /* name */
- &supported_client_pa_types[0], /* pa_type_list */
- NULL, /* enctype_list */
- client_init, /* plugin init function */
- client_fini, /* plugin fini function */
- client_get_flags, /* get flags function */
- client_req_init, /* request init function */
- client_req_cleanup, /* request fini function */
- client_process, /* process function */
- NULL, /* try_again function */
- client_gic_opt /* get init creds opts function */
-};
-
-struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
- "wpse",
- &supported_server_pa_types[0],
- NULL,
- NULL,
- server_get_flags,
- server_get_edata,
- server_verify,
- server_return,
- server_free_pa_request_context,
-};
+krb5_error_code
+clpreauth_wpse_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
+krb5_error_code
+kdcpreauth_wpse_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable);
+
+krb5_error_code
+clpreauth_wpse_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable)
+{
+ krb5_clpreauth_vtable vt;
+
+ if (maj_ver != 1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_clpreauth_vtable)vtable;
+ vt->name = "wpse";
+ vt->pa_type_list = supported_client_pa_types;
+ vt->init = client_init;
+ vt->fini = client_fini;
+ vt->flags = client_get_flags;
+ vt->request_init = client_req_init;
+ vt->request_fini = client_req_cleanup;
+ vt->process = client_process;
+ vt->gic_opts = client_gic_opt;
+ return 0;
+}
+
+krb5_error_code
+kdcpreauth_wpse_initvt(krb5_context context, int maj_ver,
+ int min_ver, krb5_plugin_vtable vtable)
+{
+ krb5_kdcpreauth_vtable vt;
+
+ if (maj_ver != -1)
+ return KRB5_PLUGIN_VER_NOTSUPP;
+ vt = (krb5_kdcpreauth_vtable)vtable;
+ vt->name = "wpse";
+ vt->pa_type_list = supported_server_pa_types;
+ vt->flags = server_get_flags;
+ vt->edata = server_get_edata;
+ vt->verify = server_verify;
+ vt->return_padata = server_return;
+ vt->free_modreq = server_free_modreq;
+ return 0;
+}
generated by cgit (git 2.34.1) at 2026-03-15 08:17:48 +0000