Allow the KDB to see and modify auth indicators

Amend the sign_authdata method signature to include a modifiable auth_indicators array. Bump the DAL major version and the libkdb5 soname. Add a test case using the test KDB module. ticket: 8823 (new)
author: Greg Hudson <ghudson@mit.edu> 2019-08-07 17:51:17 -0400
committer: Greg Hudson <ghudson@mit.edu> 2019-08-26 20:18:40 -0400
commit: 7196c03f18f14695abeb5ae4923004469b172f0f (patch)
tree: 13d1eb6163015b8ad140edbebee0252c1b7979b6 /src/lib/kdb
parent: 570967e11bd5ea60a82fc8157ad7d07602402ebb (diff)
download: krb5-7196c03f18f14695abeb5ae4923004469b172f0f.zip
krb5-7196c03f18f14695abeb5ae4923004469b172f0f.tar.gz
krb5-7196c03f18f14695abeb5ae4923004469b172f0f.tar.bz2
2 files changed, 4 insertions, 8 deletions
diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in
index b77bf49..25da081 100644
--- a/src/lib/kdb/Makefile.in
+++ b/src/lib/kdb/Makefile.in
@@ -5,7 +5,7 @@ LOCALINCLUDES= -I.
 
 # Keep LIBMAJOR in sync with KRB5_KDB_API_VERSION in include/kdb.h.
 LIBBASE=kdb5
-LIBMAJOR=9
+LIBMAJOR=10
 LIBMINOR=0
 LIBINITFUNC=kdb_init_lock_list
 LIBFINIFUNC=kdb_fini_lock_list
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index b910bd3..3058b47 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -323,12 +323,7 @@ copy_vtable(const kdb_vftabl *in, kdb_vftabl *out)
     out->refresh_config = in->refresh_config;
     out->check_allowed_to_delegate = in->check_allowed_to_delegate;
     out->free_principal_e_data = in->free_principal_e_data;
-
-    /* Copy fields for minor version 1 (major version 7). */
-    assert(KRB5_KDB_DAL_MAJOR_VERSION == 7);
-    out->get_s4u_x509_principal = NULL;
-    if (in->min_ver >= 1)
-        out->get_s4u_x509_principal = in->get_s4u_x509_principal;
+    out->get_s4u_x509_principal = in->get_s4u_x509_principal;
 
     /* Set defaults for optional fields. */
     if (out->fetch_master_key == NULL)
@@ -2599,6 +2594,7 @@ krb5_db_sign_authdata(krb5_context kcontext, unsigned int flags,
                       krb5_keyblock *client_key, krb5_keyblock *server_key,
                       krb5_keyblock *krbtgt_key, krb5_keyblock *session_key,
                       krb5_timestamp authtime, krb5_authdata **tgt_auth_data,
+                      krb5_data ***auth_indicators,
                       krb5_authdata ***signed_auth_data)
 {
     krb5_error_code status = 0;
@@ -2613,7 +2609,7 @@ krb5_db_sign_authdata(krb5_context kcontext, unsigned int flags,
     return v->sign_authdata(kcontext, flags, client_princ, client, server,
                             krbtgt, client_key, server_key, krbtgt_key,
                             session_key, authtime, tgt_auth_data,
-                            signed_auth_data);
+                            auth_indicators, signed_auth_data);
 }
 
 krb5_error_code
author	Greg Hudson <ghudson@mit.edu>	2019-08-07 17:51:17 -0400
committer	Greg Hudson <ghudson@mit.edu>	2019-08-26 20:18:40 -0400
commit	7196c03f18f14695abeb5ae4923004469b172f0f (patch)
tree	13d1eb6163015b8ad140edbebee0252c1b7979b6 /src/lib/kdb
parent	570967e11bd5ea60a82fc8157ad7d07602402ebb (diff)
download	krb5-7196c03f18f14695abeb5ae4923004469b172f0f.zip krb5-7196c03f18f14695abeb5ae4923004469b172f0f.tar.gz krb5-7196c03f18f14695abeb5ae4923004469b172f0f.tar.bz2