]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 17d34e9) | patch
Add KDC policy pluggable interface 682/head
authorRobbie Harwood <rharwood@redhat.com>
Tue, 27 Jun 2017 21:15:39 +0000 (17:15 -0400)
committerGreg Hudson <ghudson@mit.edu>
Fri, 18 Aug 2017 15:49:01 +0000 (11:49 -0400)
commitd0969f6a8170344031ef58fd2a161190f1edfb96
tree7a0c2b8e25fa3a1fb98df573f388605d8093fb09tree
parent17d34e956ec454c36573e0cb07a7dc3f3328c99ccommit | diff
Add KDC policy pluggable interface

Add the header include/krb5/kdcpolicy_plugin.h, defining a pluggable
interface for modules to deny AS and TGS requests and set maximum
ticket lifetimes.  This interface replaces the policy.c stub functions.

Add check_kdcpolicy_as() and check_kdcpolicy_tgs() as entry functions.
Call them after auth indicators and ticket lifetimes have been
determined.

Add a test module and a test script with basic kdcpolicy tests.  Add
plugin interface documentation in doc/plugindev/policy.rst.

Also authored by Matt Rogers <mrogers@redhat.com>.

ticket: 8606 (new)
23 files changed:
doc/plugindev/index.rst diff | blob | blame | history
doc/plugindev/kdcpolicy.rst [new file with mode: 0644] blob
src/Makefile.in diff | blob | blame | history
src/configure.in diff | blob | blame | history
src/include/Makefile.in diff | blob | blame | history
src/include/k5-int.h diff | blob | blame | history
src/include/k5-trace.h diff | blob | blame | history
src/include/krb5/kdcpolicy_plugin.h [new file with mode: 0644] blob
src/kdc/do_as_req.c diff | blob | blame | history
src/kdc/do_tgs_req.c diff | blob | blame | history
src/kdc/kdc_util.c diff | blob | blame | history
src/kdc/kdc_util.h diff | blob | blame | history
src/kdc/main.c diff | blob | blame | history
src/kdc/policy.c diff | blob | blame | history
src/kdc/policy.h diff | blob | blame | history
src/kdc/tgs_policy.c diff | blob | blame | history
src/lib/krb5/krb/plugin.c diff | blob | blame | history
src/plugins/kdcpolicy/test/Makefile.in [new file with mode: 0644] blob
src/plugins/kdcpolicy/test/deps [new file with mode: 0644] blob
src/plugins/kdcpolicy/test/main.c [new file with mode: 0644] blob
src/plugins/kdcpolicy/test/policy_test.exports [new file with mode: 0644] blob
src/tests/Makefile.in diff | blob | blame | history
src/tests/t_kdcpolicy.py [new file with mode: 0644] blob
Mirror of https://github.com/krb5/krb5.git