(*authdata_client_import_attributes_proc)(krb5_context context,
void *plugin_context,
void *request_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *req,
krb5_authdata **authdata);
typedef krb5_error_code
void *request_context,
void *ptr);
+typedef krb5_error_code
+(*authdata_client_verify_proc)(krb5_context context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *req);
+
typedef struct krb5plugin_authdata_client_ftable_v0 {
char *name;
krb5_authdatatype *ad_type_list;
authdata_client_export_internal_proc export_internal;
authdata_client_free_internal_proc free_internal;
authdata_client_copy_context_proc copy_context;
+ authdata_client_verify_proc verify;
} krb5plugin_authdata_client_ftable_v0;
#endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */
free(context);
}
-static krb5_error_code
-k5_import_authdata_attributes(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_flags usage,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *ap_req,
- krb5_authdata **ticket_authdata)
+krb5_error_code KRB5_CALLCONV
+krb5_authdata_import_attributes(krb5_context kcontext,
+ krb5_authdata_context context,
+ krb5_flags usage,
+ krb5_authdata **authdata_to_import)
{
int i;
krb5_error_code code;
- krb5_authdata **authen_authdata = NULL;
-
- if (auth_context != NULL)
- authen_authdata = (*auth_context)->authentp->authorization_data;
-
- if (ticket_authdata == NULL)
- ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
for (i = 0; i < context->n_modules; i++) {
struct _krb5_authdata_context_module *module = &context->modules[i];
continue;
code = krb5int_find_authdata(kcontext,
- ticket_authdata,
- authen_authdata,
+ authdata_to_import,
+ NULL,
module->ad_type,
&authdata);
if (code != 0 || authdata == NULL)
code = (*module->ftable->import_attributes)(kcontext,
module->plugin_context,
*(module->request_context_pp),
- auth_context,
- key,
- ap_req,
authdata);
if (code != 0 && (module->flags & AD_INFORMATIONAL))
code = 0;
return code;
}
-krb5_error_code KRB5_CALLCONV
-krb5_authdata_import_attributes(krb5_context kcontext,
- krb5_authdata_context context,
- krb5_flags usage,
- krb5_authdata **authdata)
-{
- return k5_import_authdata_attributes(kcontext, context, usage,
- NULL, NULL, NULL, authdata);
-}
-
krb5_error_code
krb5int_authdata_verify(krb5_context kcontext,
krb5_authdata_context context,
const krb5_keyblock *key,
const krb5_ap_req *ap_req)
{
- return k5_import_authdata_attributes(kcontext, context, usage,
- auth_context, key, ap_req, NULL);
+ int i;
+ krb5_error_code code;
+ krb5_authdata **authen_authdata;
+ krb5_authdata **ticket_authdata;
+
+ authen_authdata = (*auth_context)->authentp->authorization_data;
+ ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
+
+ for (i = 0; i < context->n_modules; i++) {
+ struct _krb5_authdata_context_module *module = &context->modules[i];
+ krb5_authdata **authdata;
+
+ if ((module->flags & usage) == 0)
+ continue;
+
+ if (module->ftable->import_attributes == NULL)
+ continue;
+
+ code = krb5int_find_authdata(kcontext,
+ ticket_authdata,
+ authen_authdata,
+ module->ad_type,
+ &authdata);
+ if (code != 0 || authdata == NULL)
+ continue;
+
+ assert(authdata[0] != NULL);
+
+ code = (*module->ftable->import_attributes)(kcontext,
+ module->plugin_context,
+ *(module->request_context_pp),
+ authdata);
+ if (code == 0 && module->ftable->verify != NULL) {
+ code = (*module->ftable->verify)(kcontext,
+ module->plugin_context,
+ *(module->request_context_pp),
+ auth_context,
+ key,
+ ap_req);
+ }
+ if (code != 0 && (module->flags & AD_INFORMATIONAL))
+ code = 0;
+ krb5_free_authdata(kcontext, authdata);
+ if (code != 0)
+ break;
+ }
+
+ return code;
}
static krb5_error_code
mspac_import_attributes(krb5_context context,
void *plugin_context,
void *request_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *req,
krb5_authdata **authdata)
{
krb5_error_code code;
code = krb5_pac_parse(context, authdata[0]->contents,
authdata[0]->length, &pacctx->pac);
- if (code != 0)
- return code;
- if (req != NULL) {
- assert(key != NULL);
+ return code;
+}
- code = krb5_pac_verify(context,
- pacctx->pac,
- req->ticket->enc_part2->times.authtime,
- req->ticket->enc_part2->client,
- key,
- NULL);
- }
+static krb5_error_code
+mspac_verify(krb5_context context,
+ void *plugin_context,
+ void *request_context,
+ const krb5_auth_context *auth_context,
+ const krb5_keyblock *key,
+ const krb5_ap_req *req)
+{
+ krb5_error_code code;
+ struct mspac_context *pacctx = (struct mspac_context *)request_context;
+
+ if (pacctx->pac == NULL)
+ return EINVAL;
+
+ code = krb5_pac_verify(context,
+ pacctx->pac,
+ req->ticket->enc_part2->times.authtime,
+ req->ticket->enc_part2->client,
+ key,
+ NULL);
#if 0
/*
mspac_export_attributes,
mspac_export_internal,
mspac_free_internal,
- mspac_copy_context
+ mspac_copy_context,
+ mspac_verify
};
projects / thirdparty / krb5.git / commitdiff
