void KRB5_CALLCONV krb5int_free_data_list
(krb5_context context, krb5_data *data);
-#if 0
-krb5_error_code KRB5_CALLCONV krb5_authdata_request_context_init
-(krb5_context kcontext,
- krb5_flags usage);
-
-void KRB5_CALLCONV krb5_authdata_request_context_fini
-(krb5_context kcontext, krb5_authdata_context context);
-#endif
-
krb5_error_code KRB5_CALLCONV krb5_authdata_context_init
(krb5_context kcontext, krb5_authdata_context *pcontext);
struct _krb5_authdata_context *context,
void *plugin_context,
void *request_context,
- krb5_authdata **authdata);
+ krb5_authdata **authdata,
+ krb5_boolean kdc_issued_flag,
+ krb5_const_principal issuer);
typedef krb5_error_code
(*authdata_client_get_attribute_types_proc)(krb5_context kcontext,
void *request_context,
const krb5_auth_context *auth_context,
const krb5_keyblock *key,
- const krb5_ap_req *req,
- krb5_boolean kdc_issued_flag,
- krb5_const_principal issuer);
+ const krb5_ap_req *req);
typedef struct krb5plugin_authdata_client_ftable_v0 {
char *name;
in_creds.authdata = NULL;
in_creds.keyblock.enctype = 0;
+ /*
+ * cred->name is immutable, so there is no need to acquire
+ * cred->name->lock.
+ */
if (cred->name->ad_context != NULL) {
code = krb5_authdata_export_attributes(context,
cred->name->ad_context,
context,
module->plugin_context,
*(module->request_context_pp),
- authdata);
+ authdata,
+ FALSE,
+ NULL);
if (code != 0 && (module->flags & AD_INFORMATIONAL))
code = 0;
krb5_free_authdata(kcontext, authdata);
context,
module->plugin_context,
*(module->request_context_pp),
- authdata);
+ authdata,
+ kdc_issued_flag,
+ kdc_issuer);
if (code == 0 && module->ftable->verify != NULL) {
code = (*module->ftable->verify)(kcontext,
context,
*(module->request_context_pp),
auth_context,
key,
- ap_req,
- kdc_issued_flag,
- kdc_issuer);
+ ap_req);
}
if (code != 0 && (module->flags & AD_INFORMATIONAL))
code = 0;
break;
}
+ if (code != 0)
+ *more = 0;
+
return code;
}
/* Check there isn't already a buffer of this type */
if (k5_pac_locate_buffer(context, pac, type, NULL) == 0) {
- return EINVAL;
+ return EEXIST;
}
header = (PACTYPE *)realloc(pac->pac,
krb5_authdata_context context,
void *plugin_context,
void *request_context,
- krb5_authdata **authdata)
+ krb5_authdata **authdata,
+ krb5_boolean kdc_issued,
+ krb5_const_principal kdc_issuer)
{
krb5_error_code code;
struct mspac_context *pacctx = (struct mspac_context *)request_context;
+ if (kdc_issued)
+ return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+
if (pacctx->pac != NULL) {
krb5_pac_free(kcontext, pacctx->pac);
pacctx->pac = NULL;
void *request_context,
const krb5_auth_context *auth_context,
const krb5_keyblock *key,
- const krb5_ap_req *req,
- krb5_boolean kdc_issued_flag,
- krb5_const_principal issuer)
+ const krb5_ap_req *req)
{
krb5_error_code code;
struct mspac_context *pacctx = (struct mspac_context *)request_context;
if (pacctx->pac == NULL)
return EINVAL;
- if (kdc_issued_flag)
- return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
code = krb5_pac_verify(kcontext,
pacctx->pac,
req->ticket->enc_part2->times.authtime,
krb5_authdatatype ad_type,
krb5_flags *flags)
{
- *flags = AD_USAGE_AP_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL;
+ *flags = AD_USAGE_TGS_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL;
}
static void
krb5_authdata_context context,
void *plugin_context,
void *request_context,
- krb5_authdata **authdata)
+ krb5_authdata **authdata,
+ krb5_boolean kdc_issued_flag,
+ krb5_const_principal issuer)
{
krb5_error_code code;
struct greet_context *greet = (struct greet_context *)request_context;
data.data = (char *)authdata[0]->contents;
code = krb5int_copy_data_contents_add0(kcontext, &data, &greet->greeting);
+ if (code == 0)
+ greet->verified = kdc_issued_flag;
return code;
}
krb5_data data;
krb5_error_code code;
+ if (greet->greeting.data != NULL)
+ return EEXIST;
+
code = krb5int_copy_data_contents_add0(kcontext, value, &data);
if (code != 0)
return code;
&dst->greeting);
}
-static krb5_error_code
-greet_verify(krb5_context kcontext,
- krb5_authdata_context context,
- void *plugin_context,
- void *request_context,
- const krb5_auth_context *auth_context,
- const krb5_keyblock *key,
- const krb5_ap_req *req,
- krb5_boolean kdc_issued_flag,
- krb5_const_principal issuer)
-{
- struct greet_context *greet = (struct greet_context *)request_context;
-
- greet->verified = kdc_issued_flag;
-
- return 0;
-}
-
static krb5_authdatatype greet_ad_types[] = { -42, 0 };
krb5plugin_authdata_client_ftable_v0 authdata_client_0 = {
NULL,
NULL,
greet_copy_context,
- greet_verify,
+ NULL,
};
gss_release_name(&tmp, &tmp_name);
-#if 0
+#if 1
major = testGreetAuthzData(&minor, name);
if (GSS_ERROR(major))
goto out;
projects / thirdparty / krb5.git / commitdiff
