From: Zhanna Tsitkov Date: Wed, 19 May 2010 19:53:03 +0000 (+0000) Subject: Moved plugin handle initialization from lib init into krb5_ctx. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11d22a4b42cce706a57c6527bf322ba6142dbdd8;p=thirdparty%2Fkrb5.git Moved plugin handle initialization from lib init into krb5_ctx. At the moment we do not have "default" plugin configuration => needed to update come krb5 config files for "make check" tests to work. git-svn-id: svn://anonsvn.mit.edu/krb5/branches/plugins@24064 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/config-files/krb5.conf b/src/config-files/krb5.conf index 210348fa18..99a567c124 100644 --- a/src/config-files/krb5.conf +++ b/src/config-files/krb5.conf @@ -24,3 +24,18 @@ [logging] # kdc = CONSOLE + +[plugins] + plugin_prng = { + plugin_factory_name = plugin_default_factory + plugin_factory_type = static + plugin_name = plugin_yarrow_prng + plugin_type = service + } + plugin_pa = { + plugin_factory_name = plugin_default_factory + plugin_factory_type = static + plugin_name = plugin_encrypted_challenge_pa + plugin_type = service + } + diff --git a/src/include/k5-int.h b/src/include/k5-int.h index df0fc2835e..f6ef41a10b 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -91,6 +91,12 @@ # endif #endif +/* Plugin manager */ +//#include +//#include +//#include "plugin_default_manager.h" +//#include "plugin_default_factory.h" + /* * Begin "k5-config.h" */ @@ -1427,10 +1433,36 @@ struct _kdb_log_context; /* Plugin API ---- PLUGIN HANDLE */ typedef struct _plhandle{ - void *api; + void *api; struct _plhandle *next; } plhandle; +typedef struct { + char api_name[512]; + plhandle* first; + plhandle* last; + int size; +} reg_entry; + +typedef struct { + reg_entry* table; + long registry_size; + long registry_max_size; +} registry_data; + +typedef struct { + registry_data* registry; +} manager_data; + +typedef struct { + manager_data * data; + void (*configure)(manager_data * data, const char*); + void (*start)(manager_data * data); + void (*stop)(manager_data * data); + plhandle (*getService)(manager_data * data, const char*); +} plugin_manager; + +/* Plugin API ---- PLUGIN HANDLE ----- END*/ struct _krb5_context { krb5_magic magic; @@ -1480,6 +1512,9 @@ struct _krb5_context { struct _kdb_log_context *kdblog_context; krb5_boolean allow_weak_crypto; + + /* PLUGIN HANDLE */ + plugin_manager *pl_handle; }; /* could be used in a table to find an etype and initialize a block */ diff --git a/src/lib/crypto/builtin/Makefile.in b/src/lib/crypto/builtin/Makefile.in index be988fc1b5..826a50b5a0 100644 --- a/src/lib/crypto/builtin/Makefile.in +++ b/src/lib/crypto/builtin/Makefile.in @@ -61,8 +61,9 @@ check-unix:: t_cf2 $(RUN_SETUP) $(VALGRIND) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output diff t_cf2.output $(srcdir)/t_cf2.expected -t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_cf2.$(OBJEXT) -L$(BUILDTOP)/plugin_core -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) +t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(SUPPORT_DEPLIB) + $(CC_LINK) -o $@ t_cf2.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) $(LIBS_PROFILE) $(PLUGIN_CORE_DEPLIB) + clean:: $(RM) t_cf2 t_cf2.o t_cf2.output diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in index c8d910e2a2..7bdd0f4f66 100644 --- a/src/lib/crypto/crypto_tests/Makefile.in +++ b/src/lib/crypto/crypto_tests/Makefile.in @@ -14,8 +14,9 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) DEFS= -PLUGINS_LIBS = -lkrb5 \ - $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a +PLUGINS_LIBS = -lkrb5 \ + $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a \ + $(LIBS_PROFILE) $(PLUGIN_CORE_DEPLIB) EXTRADEPSRCS=\ $(srcdir)/t_nfold.c \ @@ -83,17 +84,16 @@ nfold.$(OBJEXT): $(srcdir)/../krb/nfold.c $(CC) -c $(ALL_CFLAGS) $(srcdir)/../krb/nfold.c t_encrypt$(EXEEXT): t_encrypt.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_encrypt.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) \ - $(PLUGINS_LIBS) + $(CC_LINK) -o $@ t_encrypt.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) $(PLUGINS_LIBS) t_prf$(EXEEXT): t_prf.$(OBJEXT) $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_prf.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) $(PLUGINS_LIBS) + $(CC_LINK) -o $@ t_prf.$(OBJEXT) -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB) $(PLUGINS_LIBS) t_prng$(EXEEXT): t_prng.$(OBJEXT) $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_prng.$(OBJEXT) -lk5crypto -lcom_err $(SUPPORT_LIB) $(PLUGINS_LIBS) + $(CC_LINK) -o $@ t_prng.$(OBJEXT) -lk5crypto -lcom_err $(SUPPORT_LIB) $(PLUGINS_LIBS) t_hmac$(EXEEXT): t_hmac.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) - $(CC_LINK) -o $@ t_hmac.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(PLUGINS_LIBS) + $(CC_LINK) -o $@ t_hmac.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(PLUGINS_LIBS) #t_pkcs5$(EXEEXT): t_pkcs5.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) # $(CC_LINK) -o $@ t_pkcs5.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(PLUGINS_LIBS) @@ -116,16 +116,16 @@ t_cksum5.o: $(srcdir)/t_cksum.c $(CC) -DMD=5 $(ALL_CFLAGS) -o t_cksum5.o -c $(srcdir)/t_cksum.c t_cksum4: t_cksum4.o $(CRYTPO_DEPLIB) - $(CC_LINK) -o t_cksum4 t_cksum4.o $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS) $(PLUGINS_LIBS) + $(CC_LINK) -o t_cksum4 t_cksum4.o $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS) $(PLUGINS_LIBS) t_cksum5: t_cksum5.o $(CRYPTO_DEPLIB) - $(CC_LINK) -o t_cksum5 t_cksum5.o $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS) $(PLUGINS_LIBS) + $(CC_LINK) -o t_cksum5 t_cksum5.o $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(LIBS) $(PLUGINS_LIBS) t_crc: t_crc.o $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB) $(CC_LINK) -o $@ t_crc.o $(K5CRYPTO_LIB) $(SUPPORT_LIB) $(PLUGINS_LIBS) aes-test: aes-test.$(OBJEXT) $(CRYPTO_DEPLIB) - $(CC_LINK) -o aes-test aes-test.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(PLUGINS_LIBS) + $(CC_LINK) -o aes-test aes-test.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(PLUGINS_LIBS) t_mddriver4.o: $(srcdir)/t_mddriver.c $(CC) -DMD=4 $(ALL_CFLAGS) -o t_mddriver4.o -c $(srcdir)/t_mddriver.c diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index 2fad9e9d9d..2e2c6706ec 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -3,13 +3,18 @@ BUILDTOP=$(REL)..$(S)..$(S).. RUN_SETUP = @KRB5_RUN_ENV@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) -LOCALINCLUDES = -I$(srcdir)/../os -I$(top_srcdir) +LOCALINCLUDES = -I$(srcdir)/../os -I$(top_srcdir) \ + -I$(srcdir)/../../../plugin_core/ -I$(srcdir)/../../../plugins/prng/ -I$(srcdir)/../../../plugin_core/impl \ + -I$(srcdir)/../../../pa -I$(srcdir)/../../../pa/encrypted_challenge DEFS=-DLIBDIR=\"$(KRB5_LIBDIR)\" ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=krb ##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst +PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a + + STLIBOBJS= \ addr_comp.o \ addr_order.o \ @@ -381,7 +386,7 @@ t_princ: $(T_PRINC_OBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o t_princ $(T_PRINC_OBJS) $(KRB5_BASE_LIBS) t_etypes: $(T_ETYPES_OBJS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o t_etypes $(T_ETYPES_OBJS) $(KRB5_BASE_LIBS) + $(CC_LINK) -o t_etypes $(T_ETYPES_OBJS) $(KRB5_BASE_LIBS) $(PLUGINS_LIBS) TEST_PROGS= t_walk_rtree t_kerb t_ser t_deltat t_expand t_authdata t_pac \ t_princ t_etypes diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index e72534cccb..36980bb62e 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -61,6 +61,9 @@ #if defined(unix) || TARGET_OS_MAC #include "../krb5_libinit.h" #endif +#include +#include + /* The des-mdX entries are last for now, because it's easy to configure KDCs to issue TGTs with des-mdX keys and then not accept @@ -114,6 +117,8 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) } seed_data; krb5_data seed; int tmp; + plugin_manager* default_manager; + const char conf_path[] = ""; /* Verify some assumptions. If the assumptions hold and the compiler is optimizing, this should result in no code being @@ -170,6 +175,15 @@ init_common (krb5_context *context, krb5_boolean secure, krb5_boolean kdc) goto cleanup; ctx->allow_weak_crypto = tmp; + + /* Plugin initialization */ + + ctx->pl_handle = plugin_default_manager_get_instance(); + set_plugin_manager_instance(ctx->pl_handle); + plugin_manager_configure(conf_path); + plugin_manager_start(); + + /* initialize the prng (not well, but passable) */ if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0) goto cleanup; @@ -572,3 +586,4 @@ krb5_is_permitted_enctype_ext ( krb5_context context, return(ret); } + diff --git a/src/lib/krb5/krb/t_krb5.conf b/src/lib/krb5/krb/t_krb5.conf index b25b1d38ab..bfbc41972c 100644 --- a/src/lib/krb5/krb/t_krb5.conf +++ b/src/lib/krb5/krb/t_krb5.conf @@ -50,3 +50,16 @@ media.mit.edu = MEDIA-LAB.MIT.EDU .ucsc.edu = CATS.UCSC.EDU +[plugins] + plugin_prng = { + plugin_factory_name = plugin_default_factory + plugin_factory_type = static + plugin_name = plugin_yarrow_prng + plugin_type = service + } + plugin_pa = { + plugin_factory_name = plugin_default_factory + plugin_factory_type = static + plugin_name = plugin_encrypted_challenge_pa + plugin_type = service + } diff --git a/src/lib/krb5/krb5_libinit.c b/src/lib/krb5/krb5_libinit.c index 92f291d75c..d90ffa0b32 100644 --- a/src/lib/krb5/krb5_libinit.c +++ b/src/lib/krb5/krb5_libinit.c @@ -15,9 +15,6 @@ #include "kt-int.h" #include "rc-int.h" #include "os-proto.h" -#include -#include - /* * Initialize the Kerberos v5 library. @@ -30,12 +27,6 @@ MAKE_FINI_FUNCTION(krb5int_lib_fini); int krb5int_lib_init(void) { int err; - plugin_manager* default_manager; -#ifdef CONFIG_IN_YAML - const char conf_path[] = "/tmp/plugin_conf.yml"; -#else - const char conf_path[] = ""; // need to be something meaningful. os_get_default_config_files? -#endif krb5int_set_error_info_callout_fn (error_message); #ifdef SHOW_INITFINI_FUNCS @@ -55,16 +46,11 @@ int krb5int_lib_init(void) if (err) return err; #endif /* LEAN_CLIENT */ + err = krb5int_cc_initialize(); if (err) return err; - /* Plugin initialization */ - default_manager = plugin_default_manager_get_instance(); - set_plugin_manager_instance(default_manager); - plugin_manager_configure(conf_path); - plugin_manager_start(); - err = k5_mutex_finish_init(&krb5int_us_time_mutex); if (err) return err; diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in index 6a1ffd13fd..7ee7a6a7bf 100644 --- a/src/lib/krb5/os/Makefile.in +++ b/src/lib/krb5/os/Makefile.in @@ -224,6 +224,22 @@ check-unix:: >> ./t_an.conf echo 'auth_to_local = DEFAULT' >> ./t_an.conf echo '}' >> ./t_an.conf + echo '[plugins]' >> ./t_an.conf + echo 'plugin_prng = {' >> ./t_an.conf + echo 'plugin_factory_name = plugin_default_factory' >> ./t_an.conf + echo 'plugin_factory_type = static' >> ./t_an.conf + echo 'plugin_name = plugin_yarrow_prng' >> ./t_an.conf + echo 'plugin_type = service' >> ./t_an.conf + echo ' }' >> ./t_an.conf + echo 'plugin_pa = {' >> ./t_an.conf + echo 'plugin_factory_name = plugin_default_factory' >> ./t_an.conf + echo 'plugin_factory_type = static' >> ./t_an.conf + echo 'plugin_name = plugin_encrypted_challenge_pa' >> ./t_an.conf + echo 'plugin_type = service' >> ./t_an.conf + echo '}' >> ./t_an.conf + + + # if test -r ../../../admin/aname/kdb5_anadd ; then \ # KRB5_CONFIG=./t_an.conf ; export KRB5_CONFIG ; \ # $(KRB5_RUN_ENV) $(VALGRIND) ./t_an_to_ln p/i/i/i@r p/a/b/c@r; \ diff --git a/src/lib/krb5/os/td_krb5.conf b/src/lib/krb5/os/td_krb5.conf index cdee60945f..7942c1fce8 100644 --- a/src/lib/krb5/os/td_krb5.conf +++ b/src/lib/krb5/os/td_krb5.conf @@ -17,3 +17,17 @@ bad.idea = US.GOV .bad.idea = NSA.GOV clipper.bad.idea = NIST.GOV + +[plugins] + plugin_prng = { + plugin_factory_name = plugin_default_factory + plugin_factory_type = static + plugin_name = plugin_yarrow_prng + plugin_type = service + } + plugin_pa = { + plugin_factory_name = plugin_default_factory + plugin_factory_type = static + plugin_name = plugin_encrypted_challenge_pa + plugin_type = service + } diff --git a/src/plugin_core/impl/plugin_default_manager.c b/src/plugin_core/impl/plugin_default_manager.c index 3cbef9f099..a183da020f 100644 --- a/src/plugin_core/impl/plugin_default_manager.c +++ b/src/plugin_core/impl/plugin_default_manager.c @@ -102,7 +102,9 @@ _register_api(registry_data* data, const char* api_name, data->registry_size++; } if(entry->size && strcmp(plugin_type, "service") == 0) { - //printf("%s is already registered, only one plugin is allowed per service\n", api_name); +#ifdef DEBUG_PLUGINS + printf("%s is already registered, only one plugin is allowed per service\n", api_name); +#endif ret = 0; } else { strcpy(entry->api_name, api_name); @@ -155,26 +157,31 @@ _configure_plugin_yaml(manager_data* mdata, config_node* plugin_node) properties = p; } } - /*printf("**Start**\n"); +#ifdef DEBUG_PLUGINS + printf("**Start**\n"); printf("api=%s\n", plugin_api); printf("factory=%s\n", factory_name); printf("factory_type=%s\n", factory_type); printf("plugin_name=%s\n", plugin_name); printf("plugin_type=%s\n", plugin_type); printf("**End**\n"); -*/ +#endif + handle = _create_api(plugin_name, factory_name, factory_type/*, properties*/); if(handle.api != NULL) { if(!(_register_api(mdata->registry,plugin_api, plugin_type, handle))) { - /* printf("Failed to register %s for %s(factory=%s,plugin_type=%s)\n", +#ifdef DEBUG_PLUGINS + printf("Failed to register %s for %s(factory=%s,plugin_type=%s)\n", plugin_name, plugin_api, factory_name, plugin_type); - */ +#endif exit(1); } } else { - /*printf("Failed to configure plugin: api=%s, plugin_name=%s,factory=%s\n", +#ifdef DEBUG_PLUGINS + printf("Failed to configure plugin: api=%s, plugin_name=%s,factory=%s\n", plugin_api, plugin_name, factory_name); -*/ +#endif + } return; } @@ -194,7 +201,9 @@ _configure_yaml(void* data, const char* path) if(strcmp(q->node_tag,"!Plugin") == 0) { _configure_plugin_yaml(mdata, q); } else { +#ifdef DEBUG_PLUGINS printf("Failed to find plugin configuration\n"); +#endif } } } @@ -211,13 +220,14 @@ _configure_krb5(manager_data* data, const char* path) krb5_error_code retval; char *plugin; void *iter; - profile_filespec_t *files = 0; + profile_filespec_t *files = NULL; profile_t profile; const char *realm_srv_names[4]; char **factory_name, **factory_type, **plugin_name, **plugin_type; plhandle handle; - retval = os_get_default_config_files(&files, FALSE); // TRUE - goes to /etc/krb5.conf + // retval = os_get_default_config_files(&files, FALSE); // TRUE - goes to /etc/krb5.conf + retval = krb5_get_default_config_files(&files); // TRUE - goes to /etc/krb5.conf retval = profile_init((const_profile_filespec_t *) files, &profile); /* if (files) free_filespecs(files); @@ -240,7 +250,9 @@ _configure_krb5(manager_data* data, const char* path) return; } if (plugin) { +#ifdef DEBUG_PLUGINS printf("PLUGIN: '%s'\n", plugin); +#endif realm_srv_names[0] = "plugins"; realm_srv_names[1] = plugin; @@ -271,13 +283,17 @@ _configure_krb5(manager_data* data, const char* path) handle = _create_api(*plugin_name, *factory_name, *factory_type/*, properties*/); if(handle.api != NULL) { if(!(_register_api(mdata->registry,plugin, *plugin_type, handle))) { +#ifdef DEBUG_PLUGINS printf("Failed to register %s for %s(factory=%s,plugin_type=%s)\n", *plugin_name, plugin, *factory_name, *plugin_type); +#endif exit(1); } } else { +#ifdef DEBUG_PLUGINS printf("Failed to configure plugin: api=%s, plugin_name=%s,factory=%s\n", plugin, *plugin_name, *factory_name); +#endif } krb5_free_plugin_string(profile, plugin); @@ -311,7 +327,9 @@ _getService(manager_data* data, const char* service_name) if(entry) { handle = *(entry->first); } else { +#ifdef DEBUG_PLUGINS printf("service %s is not available\n", service_name); +#endif } return handle; @@ -331,6 +349,7 @@ plugin_manager* plugin_default_manager_get_instance() { plugin_manager* instance = _instance; + _instance = NULL; if(_instance == NULL) { instance = (plugin_manager*) malloc(sizeof(plugin_manager)); diff --git a/src/plugin_core/plugin_manager.c b/src/plugin_core/plugin_manager.c index a702839ebc..c6187c8fb5 100644 --- a/src/plugin_core/plugin_manager.c +++ b/src/plugin_core/plugin_manager.c @@ -3,6 +3,7 @@ * */ #include "plugin_manager.h" +#include #include "string.h" diff --git a/src/plugin_core/plugin_manager.h b/src/plugin_core/plugin_manager.h index b621619b9f..4f94378d2a 100644 --- a/src/plugin_core/plugin_manager.h +++ b/src/plugin_core/plugin_manager.h @@ -8,31 +8,6 @@ #include -typedef struct { - char api_name[512]; - plhandle* first; - plhandle* last; - int size; -} reg_entry; - -typedef struct { - reg_entry* table; - long registry_size; - long registry_max_size; -} registry_data; - -typedef struct { - registry_data* registry; -} manager_data; - -typedef struct { - manager_data * data; - void (*configure)(manager_data * data, const char*); - void (*start)(manager_data * data); - void (*stop)(manager_data * data); - plhandle (*getService)(manager_data * data, const char*); -} plugin_manager; - void set_plugin_manager_instance(plugin_manager*); /* Utility functions */ diff --git a/src/util/k5test.py b/src/util/k5test.py index 2404a46a1f..4a48a4a27f 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -382,7 +382,7 @@ def _find_buildtop(): def _find_srctop(): - scriptdir = os.path.dirname(sys.argv[0]) + scriptdir = os.path.abspath(os.path.dirname(sys.argv[0])) if not scriptdir: scriptdir = os.getcwd() root = _find_root(scriptdir)