Make clpreauth flags function optional

With one exception (KRB5_PADATA_PKINIT_KX), every padata type
processed by a clpreauth module is now a real preauthentication type.
Reduce the amount of boilerplate required for a clpreauth module by
making the flags method optional if all of the preauth types
advertised by the module are real.

diff --git a/src/include/krb5/clpreauth_plugin.h b/src/include/krb5/clpreauth_plugin.h
index efe006b9a3e9f08f81429ef51f8073f090c28336..0106734ad734f1b34a8fb32cbbc71be41ad0dbad 100644 (file)
--- a/src/include/krb5/clpreauth_plugin.h
+++ b/src/include/krb5/clpreauth_plugin.h
@@ -178,9 +178,11 @@ typedef void
                           krb5_clpreauth_moddata moddata);
 
 /*
- * Mandatory: Return flags indicating if the module is a "real" or an "info"
- * mechanism, and so on.  This function is called for each entry in the
- * client_pa_type_list.
+ * Optional (mandatory before MIT krb5 1.12): pa_type will be a member of the
+ * vtable's pa_type_list.  Return PA_REAL if pa_type is a real
+ * preauthentication type or PA_INFO if it is an informational type.  If this
+ * function is not defined in 1.12 or later, all pa_type values advertised by
+ * the module will be assumed to be real.
  */
 typedef int
 (*krb5_clpreauth_get_flags_fn)(krb5_context context, krb5_preauthtype pa_type);

diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index fbf7a442419d2ce2d6e96ca339ddd9b38d3b75e6..d25a3a98e6ccfcd1746b3f6de2701bf7bcde3f6a 100644 (file)
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -249,6 +249,8 @@ static int
 clpreauth_is_real(krb5_context context, clpreauth_handle h,
                   krb5_preauthtype pa_type)
 {
+    if (h->vt.flags == NULL)
+        return 1;
     return (h->vt.flags(context, pa_type) & PA_REAL) != 0;
 }
 

diff --git a/src/lib/krb5/krb/preauth_ec.c b/src/lib/krb5/krb/preauth_ec.c
index bd72322d6b9d308154ec504214e1acd3598404f4..b1978336a063829a1fcf2e23adfa48d2d590e0de 100644 (file)
--- a/src/lib/krb5/krb/preauth_ec.c
+++ b/src/lib/krb5/krb/preauth_ec.c
@@ -33,12 +33,6 @@
 #include <krb5/clpreauth_plugin.h>
 #include "int-proto.h"
 
-static int
-ec_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 static krb5_error_code
 ec_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
                   krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
@@ -166,7 +160,6 @@ clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "encrypted_challenge";
     vt->pa_type_list = ec_types;
-    vt->flags = ec_flags;
     vt->prep_questions = ec_prep_questions;
     vt->process = ec_process;
     return 0;

diff --git a/src/lib/krb5/krb/preauth_encts.c b/src/lib/krb5/krb/preauth_encts.c
index 88647e2da7f9bd63ac8f7dde958f94063cb74d19..b8295aaf4da8e7831413ae10dc3e007006711589 100644 (file)
--- a/src/lib/krb5/krb/preauth_encts.c
+++ b/src/lib/krb5/krb/preauth_encts.c
@@ -29,12 +29,6 @@
 #include <krb5/clpreauth_plugin.h>
 #include "int-proto.h"
 
-static int
-encts_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 static krb5_error_code
 encts_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
                      krb5_clpreauth_modreq modreq,
@@ -137,7 +131,6 @@ clpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "encrypted_timestamp";
     vt->pa_type_list = encts_pa_types;
-    vt->flags = encts_flags;
     vt->prep_questions = encts_prep_questions;
     vt->process = encts_process;
     return 0;

diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c
index 4823b7db19c8dd7478c6a54bdf31c4df38109b22..e610d47a9414884bd9f3d182e41f744e13620082 100644 (file)
--- a/src/lib/krb5/krb/preauth_otp.c
+++ b/src/lib/krb5/krb/preauth_otp.c
@@ -978,12 +978,6 @@ filter_config_tokeninfos(krb5_context context,
     return 0;
 }
 
-static int
-otp_client_get_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 static void
 otp_client_request_init(krb5_context context, krb5_clpreauth_moddata moddata,
                         krb5_clpreauth_modreq *modreq_out)
@@ -1164,7 +1158,6 @@ clpreauth_otp_initvt(krb5_context context, int maj_ver, int min_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "otp";
     vt->pa_type_list = otp_client_supported_pa_types;
-    vt->flags = otp_client_get_flags;
     vt->request_init = otp_client_request_init;
     vt->prep_questions = otp_client_prep_questions;
     vt->process = otp_client_process;

diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c
index 53f360121101685a1596f94f2b0f8f338beee3dc..c52564e35eebbc03a1fe1f08c74358769dbdb888 100644 (file)
--- a/src/lib/krb5/krb/preauth_sam2.c
+++ b/src/lib/krb5/krb/preauth_sam2.c
@@ -30,12 +30,6 @@
 #include "int-proto.h"
 #include "init_creds_ctx.h"
 
-static int
-sam2_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 /* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */
 
 #define SAMDATA(kdata, str, maxsize)                                    \
@@ -431,7 +425,6 @@ clpreauth_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "sam2";
     vt->pa_type_list = sam2_pa_types;
-    vt->flags = sam2_flags;
     vt->process = sam2_process;
     return 0;
 }