diff options
| author | Tom Yu <tlyu@mit.edu> | 2007-01-30 21:38:47 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2007-01-30 21:38:47 +0000 |
| commit | 1f857634ae3b549e8c328727adbdaa9e9f403d4f (patch) | |
| tree | b844c1d94274f80180c4c439d1a2bdf75115be08 /src/plugins | |
| parent | ebcf51877b1a69217830ebfe4047bc8a27fe4436 (diff) | |
| download | krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.zip krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.tar.gz krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.tar.bz2 | |
get_init_creds_opt extensibility
r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500
First cut at making the get_init_creds_opt structure extendable
and adding library functions to set options for preauthentication
plugins.
This does *not* include a compatibility function to work like
Heimdal's krb5_get_init_creds_opt_set_pkinit() function.
Hopefully, the test code that doesn't belong in kinit.c is
obvious.
r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500
Remove extra "user_id" parameter.
Add function which duplicates the Heimdal interface (if we can agree on
what the matching attribute names should be).
r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500
Update to use the simplified interface for krb5_get_init_creds_opt_set_pa()
Add code in kinit to process "-X" options as preauth options and pass
them along.
r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500
Move prototypes for get_init_creds_opt_get_pa() and
krb5_get_init_creds_opt_free_pa() into the
preauth_plugin.h header rather than krb5.hin.
ticket: new
status: open
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/preauth/cksum_body/cksum_body_main.c | 39 | ||||
| -rw-r--r-- | src/plugins/preauth/wpse/wpse_main.c | 17 |
2 files changed, 55 insertions, 1 deletions
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index 6b46b00..cd19daf 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -78,6 +78,7 @@ static krb5_error_code client_process(krb5_context kcontext, void *client_plugin_context, void *client_request_context, + krb5_get_init_creds_opt *opt, preauth_get_client_data_proc client_get_data_proc, struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, @@ -99,6 +100,27 @@ client_process(krb5_context kcontext, krb5_error_code status = 0; krb5_int32 cksumtype, *enctypes; unsigned int i, n_enctypes, cksumtype_count; + int num_gic_info = 0; + krb5_gic_opt_pa_data *gic_info; + + status = krb5_get_init_creds_opt_get_pa(kcontext, opt, + &num_gic_info, &gic_info); + if (status && status != ENOENT) { +#ifdef DEBUG + fprintf(stderr, "Error from krb5_get_init_creds_opt_get_pa: %s\n", + error_message(status)); +#endif + return status; + } +#ifdef DEBUG + fprintf(stderr, "(cksum_body) Got the following gic options:\n"); +#endif + for (i = 0; i < num_gic_info; i++) { +#ifdef DEBUG + fprintf(stderr, " '%s' = '%s'\n", gic_info[i].attr, gic_info[i].value); +#endif + } + krb5_get_init_creds_opt_free_pa(kcontext, num_gic_info, gic_info); memset(&checksum, 0, sizeof(checksum)); @@ -193,6 +215,20 @@ client_process(krb5_context kcontext, return 0; } +static krb5_error_code +client_gic_opt(krb5_context kcontext, + void *plugin_context, + krb5_get_init_creds_opt *opt, + const char *attr, + const char *value) +{ +#ifdef DEBUG + fprintf(stderr, "(cksum_body) client_gic_opt: received '%s' = '%s'\n", + attr, value); +#endif + return 0; +} + /* Initialize and tear down the server-side module, and do stat tracking. */ static krb5_error_code server_init(krb5_context kcontext, void **module_context) @@ -200,7 +236,7 @@ server_init(krb5_context kcontext, void **module_context) struct server_stats *stats; stats = malloc(sizeof(struct server_stats)); if (stats == NULL) - return ENOMEM; + return ENOMEM; stats->successes = 0; stats->failures = 0; *module_context = stats; @@ -506,6 +542,7 @@ struct krb5plugin_preauth_client_ftable_v0 preauthentication_client_0 = { NULL, /* request fini function */ client_process, /* process function */ NULL, /* try_again function */ + client_gic_opt /* get init creds opt function */ }; struct krb5plugin_preauth_server_ftable_v0 preauthentication_server_0 = { diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c index 46ea662..f858063 100644 --- a/src/plugins/preauth/wpse/wpse_main.c +++ b/src/plugins/preauth/wpse/wpse_main.c @@ -90,6 +90,7 @@ static krb5_error_code client_process(krb5_context kcontext, void *plugin_context, void *request_context, + krb5_get_init_creds_opt *opt, preauth_get_client_data_proc client_get_data_proc, struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, @@ -208,6 +209,21 @@ client_req_cleanup(krb5_context kcontext, void *plugin_context, void *req_contex return; } +static krb5_error_code +client_gic_opt(krb5_context kcontext, + void *plugin_context, + krb5_get_init_creds_opt *opt, + const char *attr, + const char *value) +{ +#ifdef DEBUG + fprintf(stderr, "(wpse) client_gic_opt: received '%s' = '%s'\n", + attr, value); +#endif + return 0; +} + + /* Free state. */ static krb5_error_code server_free_pa_request_context(krb5_context kcontext, void *plugin_context, @@ -378,6 +394,7 @@ struct krb5plugin_preauth_client_ftable_v0 preauthentication_client_0 = { client_req_cleanup, /* request fini function */ client_process, /* process function */ NULL, /* try_again function */ + client_gic_opt /* get init creds opts function */ }; struct krb5plugin_preauth_server_ftable_v0 preauthentication_server_0 = { |