krb5_authdata_context context,
const krb5_data *attribute);
+krb5_error_code KRB5_CALLCONV krb5_authdata_import_attributes
+(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_flags usage,
+ krb5_authdata **pauthdata);
+
krb5_error_code KRB5_CALLCONV krb5_authdata_export_attributes
(krb5_context kcontext,
krb5_authdata_context context,
void *request_context);
typedef krb5_error_code
-(*authdata_client_request_verify_proc)(krb5_context context,
- void *plugin_context,
- void *request_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *req,
- krb5_flags flags,
- krb5_authdata **authdata);
+(*authdata_client_import_attributes_proc)(krb5_context context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *req,
+ krb5_authdata **authdata);
typedef krb5_error_code
(*authdata_client_get_attribute_types_proc)(krb5_context context,
authdata_client_plugin_flags_proc flags;
authdata_client_request_init_proc request_init;
authdata_client_request_fini_proc request_fini;
- authdata_client_request_verify_proc request_verify;
authdata_client_get_attribute_types_proc get_attribute_types;
authdata_client_get_attribute_proc get_attribute;
authdata_client_set_attribute_proc set_attribute;
authdata_client_delete_attribute_proc delete_attribute;
+ authdata_client_import_attributes_proc import_attributes;
authdata_client_export_attributes_proc export_attributes;
authdata_client_export_internal_proc export_internal;
authdata_client_free_internal_proc free_internal;
}
#endif
-krb5_error_code
-krb5int_verify_authdata(krb5_context kcontext,
- krb5_authdata_context context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *ap_req,
- krb5_flags flags)
+static krb5_error_code
+import_verify_authdata_attributes(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_flags usage,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *ap_req,
+ krb5_authdata **ticket_authdata)
{
int i;
krb5_error_code code;
- krb5_ticket *ticket = ap_req->ticket;
- krb5_authenticator *authenticator = (*auth_context)->authentp;
+ krb5_authdata **authen_authdata = NULL;
+
+ if (auth_context != NULL)
+ authen_authdata = (*auth_context)->authentp->authorization_data;
+
+ if (ticket_authdata == NULL)
+ ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
krb5_authdata **authdata;
- if (module->ftable->request_verify == NULL)
+ if ((module->flags & usage) == 0)
+ continue;
+
+ if (module->ftable->import_attributes == NULL)
continue;
code = krb5int_find_authdata(kcontext,
- ticket->enc_part2->authorization_data,
- authenticator->authorization_data,
+ ticket_authdata,
+ authen_authdata,
module->ad_type,
&authdata);
if (code != 0 || authdata == NULL)
assert(authdata[0] != NULL);
- code = (*module->ftable->request_verify)(kcontext,
- module->plugin_context,
- *(module->request_context_pp),
- auth_context,
- key,
- ap_req,
- flags,
- authdata);
+ code = (*module->ftable->import_attributes)(kcontext,
+ module->plugin_context,
+ *(module->request_context_pp),
+ auth_context,
+ key,
+ ap_req,
+ authdata);
if (code != 0 && (module->flags & AD_INFORMATIONAL))
code = 0;
krb5_free_authdata(kcontext, authdata);
return code;
}
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_import_attributes(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_flags usage,
+ krb5_authdata **authdata)
+{
+ return import_verify_authdata_attributes(kcontext, context, usage,
+ NULL, NULL, NULL, authdata);
+}
+
+krb5_error_code
+krb5int_authdata_verify(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_flags usage,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *ap_req)
+{
+ return import_verify_authdata_attributes(kcontext, context, usage,
+ auth_context, key, ap_req, NULL);
+}
+
static krb5_error_code
merge_data_array_nocopy(krb5_data **dst, krb5_data *src, unsigned int *len)
{
/* authdata.c */
krb5_error_code
-krb5int_verify_authdata(krb5_context context,
- krb5_authdata_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *ap_req,
- krb5_flags flags);
+krb5int_authdata_verify(krb5_context context,
+ krb5_authdata_context,
+ krb5_flags usage,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *ap_req);
/* pac.c */
extern krb5plugin_authdata_client_ftable_v0 krb5int_mspac_authdata_client_ftable;
}
static krb5_error_code
-mspac_request_verify(krb5_context context,
- void *plugin_context,
- void *request_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *req,
- krb5_flags flags,
- krb5_authdata **authdata)
+mspac_import_attributes(krb5_context context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *req,
+ krb5_authdata **authdata)
{
krb5_error_code code;
struct mspac_context *pacctx = (struct mspac_context *)request_context;
if (code != 0)
return code;
- code = krb5_pac_verify(context,
- pacctx->pac,
- req->ticket->enc_part2->times.authtime,
- req->ticket->enc_part2->client,
- key,
- NULL);
+ if (req != NULL) {
+ assert(key != NULL);
+
+ code = krb5_pac_verify(context,
+ pacctx->pac,
+ req->ticket->enc_part2->times.authtime,
+ req->ticket->enc_part2->client,
+ key,
+ NULL);
+ }
#if 0
/*
assert(pacctx->pac->verified == FALSE);
code = 0;
}
-#else
- if (pacctx->pac->verified == TRUE || code != 0);
#endif
return code;
mspac_flags,
mspac_request_init,
mspac_request_fini,
- mspac_request_verify,
mspac_get_attribute_types,
mspac_get_attribute,
mspac_set_attribute,
NULL, /* delete_attribute_proc */
+ mspac_import_attributes,
mspac_export_attributes,
mspac_export_internal,
mspac_free_internal,
if ((retval = krb5_authdata_context_init(context,
&(*auth_context)->ad_context)))
goto cleanup;
- if ((retval = krb5int_verify_authdata(context,
+ if ((retval = krb5int_authdata_verify(context,
(*auth_context)->ad_context,
+ AD_USAGE_AP_REQ,
auth_context,
&decrypt_key,
- req,
- 0)))
+ req)))
goto cleanup;
}
krb5_authdata_export_attributes
krb5_authdata_export_internal
krb5_authdata_free_internal
+krb5_authdata_import_attributes
krb5_build_principal
krb5_build_principal_ext
krb5_build_principal_va
gss_buffer_set_t asserted = GSS_C_NO_BUFFER_SET;
gss_buffer_set_t complete = GSS_C_NO_BUFFER_SET;
unsigned int i;
+ gss_buffer_desc exported_name;
+
+ exported_name.value = NULL;
major = gss_inquire_name(minor,
name,
dumpAttribute(minor, name, &complete->elements[i]);
}
+ major = gss_export_name_composite(minor,
+ name,
+ &exported_name);
+ if (GSS_ERROR(major)) {
+ displayStatus("gss_export_name_composite", major, minor);
+ goto cleanup;
+ }
+
+ printf("Exported name:\n");
+
+ for (i = 0; i < exported_name.length; i++) {
+ if ((i % 32) == 0)
+ printf("\n");
+ printf("%02x", ((char *)exported_name.value)[i] & 0xFF);
+ }
+
+ printf("\n");
+
cleanup:
+ gss_release_buffer(&tmp, &exported_name);
gss_release_oid(&tmp, &mech);
gss_release_buffer_set(&tmp, &authenticated);
gss_release_buffer_set(&tmp, &asserted);