/* Based on preauth2.c */
-#define DEBUG 1
-
#if TARGET_OS_MAC
static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/authdata", NULL }; /* should be a list */
#else
static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL };
#endif
-static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = { &krb5int_mspac_authdata_client_ftable, NULL };
+/* Internal authdata systems */
+static krb5plugin_authdata_client_ftable_v0 *authdata_systems[] = {
+ &krb5int_mspac_authdata_client_ftable,
+ NULL
+};
static inline int
count_ad_modules(krb5plugin_authdata_client_ftable_v0 *table)
context->modules[k].client_req_fini = table->request_fini;
rcpp = &context->modules[k].request_context;
+ /* For now, single request per context. That may change */
code = (*table->request_init)(kcontext,
plugin_context,
rcpp);
{
int i;
krb5_error_code code;
+ krb5_ticket *ticket = ap_req->ticket;
+ krb5_authenticator *authenticator = (*auth_context)->authentp;
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
continue;
code = krb5int_find_authdata(kcontext,
- ap_req->ticket->enc_part2->authorization_data,
- (*auth_context)->authentp->authorization_data,
+ ticket->enc_part2->authorization_data,
+ authenticator->authorization_data,
module->ad_type,
&authdata);
if (code != 0 || authdata == NULL)
for (i = 0; src[i].data != NULL; i++)
;
- *dst = (krb5_data *)realloc(*dst, (*len + i + 1) * sizeof(krb5_data));
+ *dst = realloc(*dst, (*len + i + 1) * sizeof(krb5_data));
if (*dst == NULL)
return ENOMEM;
if ((*module->ftable->get_attribute_types)(kcontext,
module->plugin_context,
*(module->request_context_pp),
- &asserted2,
- &verified2) != 0)
+ asserted_attrs ?
+ &asserted2 : NULL,
+ verified_attrs ?
+ &verified2 : NULL) != 0)
continue;
- code = merge_data_array_nocopy(&asserted, asserted2, &len);
- if (code != 0)
- break;
-
- code = merge_data_array_nocopy(&verified, verified2, &len);
- if (code != 0)
- break;
+ if (asserted_attrs != NULL) {
+ code = merge_data_array_nocopy(&asserted, asserted2, &len);
+ if (code != 0) {
+ krb5int_free_data_list(kcontext, asserted2);
+ break;
+ }
+ if (asserted2 != NULL)
+ free(asserted2);
+ }
- if (asserted2 != NULL)
- free(asserted2);
- if (verified2 != NULL)
- free(verified2);
+ if (verified_attrs != NULL) {
+ code = merge_data_array_nocopy(&verified, verified2, &len);
+ if (code != 0) {
+ krb5int_free_data_list(kcontext, verified2);
+ break;
+ }
+ if (verified2 != NULL)
+ free(verified2);
+ }
}
if (code == 0) {
- *asserted_attrs = asserted;
- *verified_attrs = verified;
+ if (asserted_attrs != NULL)
+ *asserted_attrs = asserted;
+ if (verified_attrs != NULL)
+ *verified_attrs = verified;
}
return code;
int i;
krb5_error_code code = ENOENT;
- /* NB at present a plugin is presumed to be authoritative for an attribute */
+ /*
+ * NB at present a module is presumed to be authoritative for
+ * an attribute; not sure how to federate "more" across module
+ * yet
+ */
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
for (j = 0; authdata2[j] != NULL; j++)
;
- authdata = (krb5_authdata **)realloc(authdata, (len + j + 1) * sizeof(krb5_authdata *));
+ authdata = realloc(authdata, (len + j + 1) * sizeof(krb5_authdata *));
if (authdata == NULL)
return ENOMEM;
if (dst_module == NULL)
return ENOENT;
-#if 0
- if (dst_module->client_req_init != NULL) {
- code = (*dst_module->client_req_init)(kcontext,
- dst_module->plugin_context,
- dst_module->request_context_pp);
- if ((code != 0 && code != ENOMEM) &&
- (dst_module->flags & AD_INFORMATIONAL))
- code = 0;
- if (code != 0)
- return code;
- }
-#endif
-
if (src_module->ftable->export_internal == NULL ||
dst_module->ftable->import_internal == NULL)
return 0;
krb5_error_code code;
krb5_authdata_context dst;
+ /* This is a bit of a hack and potentially very expensive. */
+
code = krb5_authdata_context_init(kcontext, &dst);
if (code != 0)
return code;
if (code != 0)
break;
- fprintf(stderr, "AD Attribute %.*s Value Length %d Disp Value Length %d More %d\n",
+ fprintf(stderr, "AD Attribute %.*s Value Length %d "
+ "Disp Value Length %d More %d\n",
attr->length, attr->data, value.length, display_value.length, more);
krb5_free_data_contents(kcontext, &value);
unsigned int i, j;
krb5_data *attrs;
krb5_error_code code;
-
- *asserted = NULL;
- *verified = NULL;
+ krb5_data **outattrs;
if (pacctx->pac == NULL) {
- attrs = (krb5_data *)calloc(MSPAC_ATTRIBUTE_COUNT + 1, sizeof(krb5_data));
+ attrs = calloc(MSPAC_ATTRIBUTE_COUNT + 1, sizeof(krb5_data));
if (attrs == NULL)
return ENOMEM;
&mspac_attribute_types[i].attribute,
&attrs[i]);
if (code != 0) {
- free(attrs); /* XXX leak */
+ krb5int_free_data_list(context, attrs);
return code;
}
}
return 0;
}
- attrs = (krb5_data *)calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data));
+ outattrs = pacctx->pac->verified ? verified : asserted;
+ if (outattrs == NULL)
+ return EINVAL;
+
+ attrs = calloc(1 + pacctx->pac->pac->cBuffers + 1, sizeof(krb5_data));
if (attrs == NULL)
return ENOMEM;
if (code == 0) {
code = krb5int_copy_data_contents(context, &attr, &attrs[j++]);
if (code != 0) {
- free(attrs); /* XXX leak */
+ krb5int_free_data_list(context, attrs);
return code;
}
} else {
length = asprintf(&attrs[j].data, "mspac:%d",
pacctx->pac->pac->Buffers[i].ulType);
if (length < 0) {
- free(attrs); /* XXX leak */
+ krb5int_free_data_list(context, attrs);
return ENOMEM;
}
attrs[j++].length = length;
attrs[j].data = NULL;
attrs[j].length = 0;
- if (pacctx->pac->verified)
- *verified = attrs;
- else
- *asserted = attrs;
+ *outattrs = attrs;
return 0;
}
value->length = 0;
if (display_value != NULL) {
- display_value->data = NULL;
- display_value->length = 0;
+ display_value->data = NULL;
+ display_value->length = 0;
}
if (*more != -1 || pacctx->pac == NULL)
/* -1 is a magic type that refers to the entire PAC */
if (type == (krb5_ui_4)-1) {
- if (value != NULL)
+ if (value != NULL)
code = krb5int_copy_data_contents(context,
- &pacctx->pac->data,
- value);
- else
- code = 0;
+ &pacctx->pac->data,
+ value);
+ else
+ code = 0;
} else {
- if (value != NULL)
+ if (value != NULL)
code = krb5_pac_get_buffer(context, pacctx->pac, type, value);
- else
- code = k5_pac_locate_buffer(context, pacctx->pac, type, NULL);
+ else
+ code = k5_pac_locate_buffer(context, pacctx->pac, type, NULL);
}
if (code == 0) {
*authenticated = pacctx->pac->verified;
if (pacctx->pac == NULL)
return EINVAL;
- authdata = (krb5_authdata **)calloc(2, sizeof(krb5_authdata *));
+ authdata = calloc(2, sizeof(krb5_authdata *));
if (authdata == NULL)
return ENOMEM;
- authdata[0] = (krb5_authdata *)calloc(1, sizeof(krb5_authdata));
+ authdata[0] = calloc(1, sizeof(krb5_authdata));
if (authdata[0] == NULL) {
free(authdata);
return ENOMEM;
mspac_export_internal(krb5_context context,
void *plugin_context,
void *request_context,
- krb5_boolean restrict_authenticated,
+ krb5_boolean restrict_authenticated,
void **ptr)
{
struct mspac_context *pacctx = (struct mspac_context *)request_context;
return 0;
if (restrict_authenticated && (pacctx->pac->verified) == FALSE)
- return 0;
+ return 0;
code = krb5_pac_parse(context, pacctx->pac->data.data,
- pacctx->pac->data.length, &pac);
+ pacctx->pac->data.length, &pac);
if (code == 0) {
- pac->verified = pacctx->pac->verified;
- *ptr = pac;
+ pac->verified = pacctx->pac->verified;
+ *ptr = pac;
}
return code;
projects / thirdparty / krb5.git / commitdiff
