diff options
| author | Greg Hudson <ghudson@mit.edu> | 2012-10-27 11:55:36 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-12-19 14:24:22 -0500 |
| commit | 5fa526b9db4940a221606f36e25e36ca525a47ab (patch) | |
| tree | 8d3f5151e82f45f3a285e8d82257d22bf67887f4 /src | |
| parent | 5c23bce0e8d3328bb36bc85ee10cfac486b8ae9b (diff) | |
| download | krb5-5fa526b9db4940a221606f36e25e36ca525a47ab.zip krb5-5fa526b9db4940a221606f36e25e36ca525a47ab.tar.gz krb5-5fa526b9db4940a221606f36e25e36ca525a47ab.tar.bz2 | |
Make clpreauth flags function optional
With one exception (KRB5_PADATA_PKINIT_KX), every padata type
processed by a clpreauth module is now a real preauthentication type.
Reduce the amount of boilerplate required for a clpreauth module by
making the flags method optional if all of the preauth types
advertised by the module are real.
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/krb5/clpreauth_plugin.h | 8 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth2.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth_ec.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth_encts.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth_otp.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth_sam2.c | 7 |
6 files changed, 7 insertions, 31 deletions
diff --git a/src/include/krb5/clpreauth_plugin.h b/src/include/krb5/clpreauth_plugin.h index efe006b..0106734 100644 --- a/src/include/krb5/clpreauth_plugin.h +++ b/src/include/krb5/clpreauth_plugin.h @@ -178,9 +178,11 @@ typedef void krb5_clpreauth_moddata moddata); /* - * Mandatory: Return flags indicating if the module is a "real" or an "info" - * mechanism, and so on. This function is called for each entry in the - * client_pa_type_list. + * Optional (mandatory before MIT krb5 1.12): pa_type will be a member of the + * vtable's pa_type_list. Return PA_REAL if pa_type is a real + * preauthentication type or PA_INFO if it is an informational type. If this + * function is not defined in 1.12 or later, all pa_type values advertised by + * the module will be assumed to be real. */ typedef int (*krb5_clpreauth_get_flags_fn)(krb5_context context, krb5_preauthtype pa_type); diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index fbf7a44..d25a3a9 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -249,6 +249,8 @@ static int clpreauth_is_real(krb5_context context, clpreauth_handle h, krb5_preauthtype pa_type) { + if (h->vt.flags == NULL) + return 1; return (h->vt.flags(context, pa_type) & PA_REAL) != 0; } diff --git a/src/lib/krb5/krb/preauth_ec.c b/src/lib/krb5/krb/preauth_ec.c index bd72322..b197833 100644 --- a/src/lib/krb5/krb/preauth_ec.c +++ b/src/lib/krb5/krb/preauth_ec.c @@ -33,12 +33,6 @@ #include <krb5/clpreauth_plugin.h> #include "int-proto.h" -static int -ec_flags(krb5_context context, krb5_preauthtype pa_type) -{ - return PA_REAL; -} - static krb5_error_code ec_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt, @@ -166,7 +160,6 @@ clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver, vt = (krb5_clpreauth_vtable)vtable; vt->name = "encrypted_challenge"; vt->pa_type_list = ec_types; - vt->flags = ec_flags; vt->prep_questions = ec_prep_questions; vt->process = ec_process; return 0; diff --git a/src/lib/krb5/krb/preauth_encts.c b/src/lib/krb5/krb/preauth_encts.c index 88647e2..b8295aa 100644 --- a/src/lib/krb5/krb/preauth_encts.c +++ b/src/lib/krb5/krb/preauth_encts.c @@ -29,12 +29,6 @@ #include <krb5/clpreauth_plugin.h> #include "int-proto.h" -static int -encts_flags(krb5_context context, krb5_preauthtype pa_type) -{ - return PA_REAL; -} - static krb5_error_code encts_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq modreq, @@ -137,7 +131,6 @@ clpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver, vt = (krb5_clpreauth_vtable)vtable; vt->name = "encrypted_timestamp"; vt->pa_type_list = encts_pa_types; - vt->flags = encts_flags; vt->prep_questions = encts_prep_questions; vt->process = encts_process; return 0; diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c index 4823b7d..e610d47 100644 --- a/src/lib/krb5/krb/preauth_otp.c +++ b/src/lib/krb5/krb/preauth_otp.c @@ -978,12 +978,6 @@ filter_config_tokeninfos(krb5_context context, return 0; } -static int -otp_client_get_flags(krb5_context context, krb5_preauthtype pa_type) -{ - return PA_REAL; -} - static void otp_client_request_init(krb5_context context, krb5_clpreauth_moddata moddata, krb5_clpreauth_modreq *modreq_out) @@ -1164,7 +1158,6 @@ clpreauth_otp_initvt(krb5_context context, int maj_ver, int min_ver, vt = (krb5_clpreauth_vtable)vtable; vt->name = "otp"; vt->pa_type_list = otp_client_supported_pa_types; - vt->flags = otp_client_get_flags; vt->request_init = otp_client_request_init; vt->prep_questions = otp_client_prep_questions; vt->process = otp_client_process; diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c index 53f3601..c52564e 100644 --- a/src/lib/krb5/krb/preauth_sam2.c +++ b/src/lib/krb5/krb/preauth_sam2.c @@ -30,12 +30,6 @@ #include "int-proto.h" #include "init_creds_ctx.h" -static int -sam2_flags(krb5_context context, krb5_preauthtype pa_type) -{ - return PA_REAL; -} - /* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */ #define SAMDATA(kdata, str, maxsize) \ @@ -431,7 +425,6 @@ clpreauth_sam2_initvt(krb5_context context, int maj_ver, int min_ver, vt = (krb5_clpreauth_vtable)vtable; vt->name = "sam2"; vt->pa_type_list = sam2_pa_types; - vt->flags = sam2_flags; vt->process = sam2_process; return 0; } |