diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-10-09 18:29:34 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-10-09 18:29:34 +0000 |
commit | 17ffdd0e93271072369e479f440ddf85e020580a (patch) | |
tree | cdaf4944a478128a1d53d854063a7d809b7c6aae /src/kdc/kdc_authdata.c | |
parent | 6ad74ac369b09df7d29ca8e09b0af946b4819523 (diff) | |
download | krb5-17ffdd0e93271072369e479f440ddf85e020580a.zip krb5-17ffdd0e93271072369e479f440ddf85e020580a.tar.gz krb5-17ffdd0e93271072369e479f440ddf85e020580a.tar.bz2 |
Implement GSS naming extensions and authdata verification
Merge Luke's users/lhoward/authdata branch to trunk. Implements GSS naming
extensions and verification of authorization data.
ticket: 6572
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22875 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_authdata.c')
-rw-r--r-- | src/kdc/kdc_authdata.c | 47 |
1 files changed, 26 insertions, 21 deletions
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 504d3fb..82f934f 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -158,11 +158,10 @@ load_authdata_plugins(krb5_context context) } /* Count the valid modules. */ - module_count = sizeof(static_authdata_systems) - / sizeof(static_authdata_systems[0]); + module_count = 0; if (authdata_plugins_ftables_v1 != NULL) { - struct krb5plugin_authdata_ftable_v1 *ftable; + struct krb5plugin_authdata_server_ftable_v1 *ftable; for (i = 0; authdata_plugins_ftables_v1[i] != NULL; i++) { ftable = authdata_plugins_ftables_v1[i]; @@ -172,7 +171,7 @@ load_authdata_plugins(krb5_context context) } if (authdata_plugins_ftables_v0 != NULL) { - struct krb5plugin_authdata_ftable_v0 *ftable; + struct krb5plugin_authdata_server_ftable_v0 *ftable; for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) { ftable = authdata_plugins_ftables_v0[i]; @@ -181,6 +180,9 @@ load_authdata_plugins(krb5_context context) } } + module_count += sizeof(static_authdata_systems) + / sizeof(static_authdata_systems[0]); + /* Build the complete list of supported authdata options, and * leave room for a terminator entry. */ authdata_systems = calloc(module_count + 1, sizeof(krb5_authdata_systems)); @@ -189,25 +191,11 @@ load_authdata_plugins(krb5_context context) goto cleanup; } - /* Add the locally-supplied mechanisms to the dynamic list first. */ - for (i = 0, k = 0; - i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]); - i++) { - authdata_systems[k] = static_authdata_systems[i]; - /* Try to initialize the authdata system. If it fails, we'll remove it - * from the list of systems we'll be using. */ - server_init_proc = static_authdata_systems[i].init; - if ((server_init_proc != NULL) && - ((*server_init_proc)(context, &authdata_systems[k].plugin_context) != 0)) { - memset(&authdata_systems[k], 0, sizeof(authdata_systems[k])); - continue; - } - k++; - } + k = 0; /* Add dynamically loaded V1 plugins */ if (authdata_plugins_ftables_v1 != NULL) { - struct krb5plugin_authdata_ftable_v1 *ftable; + struct krb5plugin_authdata_server_ftable_v1 *ftable; for (i = 0; authdata_plugins_ftables_v1[i] != NULL; i++) { krb5_error_code initerr; @@ -245,7 +233,7 @@ load_authdata_plugins(krb5_context context) /* Add dynamically loaded V0 plugins */ if (authdata_plugins_ftables_v0 != NULL) { - struct krb5plugin_authdata_ftable_v0 *ftable; + struct krb5plugin_authdata_server_ftable_v0 *ftable; for (i = 0; authdata_plugins_ftables_v0[i] != NULL; i++) { krb5_error_code initerr; @@ -281,6 +269,22 @@ load_authdata_plugins(krb5_context context) } } + /* Add the locally-supplied mechanisms to the dynamic list first. */ + for (i = 0; + i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]); + i++) { + authdata_systems[k] = static_authdata_systems[i]; + /* Try to initialize the authdata system. If it fails, we'll remove it + * from the list of systems we'll be using. */ + server_init_proc = static_authdata_systems[i].init; + if ((server_init_proc != NULL) && + ((*server_init_proc)(context, &authdata_systems[k].plugin_context) != 0)) { + memset(&authdata_systems[k], 0, sizeof(authdata_systems[k])); + continue; + } + k++; + } + n_authdata_systems = k; /* Add the end-of-list marker. */ authdata_systems[k].name = "[end]"; @@ -526,6 +530,7 @@ handle_tgt_authdata (krb5_context context, server_key, /* U2U or server key */ enc_tkt_reply->times.authtime, tgs_req ? enc_tkt_request->authorization_data : NULL, + enc_tkt_reply->session, &db_authdata, &ad_entry, &ad_nprincs); |