From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 27 Oct 2012 15:55:36 +0000 (-0400)
Subject: Make clpreauth flags function optional
X-Git-Tag: krb5-1.12-alpha1~397
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fa526b9db4940a221606f36e25e36ca525a47ab;p=thirdparty%2Fkrb5.git

Make clpreauth flags function optional

With one exception (KRB5_PADATA_PKINIT_KX), every padata type
processed by a clpreauth module is now a real preauthentication type.
Reduce the amount of boilerplate required for a clpreauth module by
making the flags method optional if all of the preauth types
advertised by the module are real.
---

diff --git a/src/include/krb5/clpreauth_plugin.h b/src/include/krb5/clpreauth_plugin.h
index efe006b9a3..0106734ad7 100644
--- a/src/include/krb5/clpreauth_plugin.h
+++ b/src/include/krb5/clpreauth_plugin.h
@@ -178,9 +178,11 @@ typedef void
                           krb5_clpreauth_moddata moddata);
 
 /*
- * Mandatory: Return flags indicating if the module is a "real" or an "info"
- * mechanism, and so on.  This function is called for each entry in the
- * client_pa_type_list.
+ * Optional (mandatory before MIT krb5 1.12): pa_type will be a member of the
+ * vtable's pa_type_list.  Return PA_REAL if pa_type is a real
+ * preauthentication type or PA_INFO if it is an informational type.  If this
+ * function is not defined in 1.12 or later, all pa_type values advertised by
+ * the module will be assumed to be real.
  */
 typedef int
 (*krb5_clpreauth_get_flags_fn)(krb5_context context, krb5_preauthtype pa_type);
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index fbf7a44241..d25a3a98e6 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -249,6 +249,8 @@ static int
 clpreauth_is_real(krb5_context context, clpreauth_handle h,
                   krb5_preauthtype pa_type)
 {
+    if (h->vt.flags == NULL)
+        return 1;
     return (h->vt.flags(context, pa_type) & PA_REAL) != 0;
 }
 
diff --git a/src/lib/krb5/krb/preauth_ec.c b/src/lib/krb5/krb/preauth_ec.c
index bd72322d6b..b1978336a0 100644
--- a/src/lib/krb5/krb/preauth_ec.c
+++ b/src/lib/krb5/krb/preauth_ec.c
@@ -33,12 +33,6 @@
 #include <krb5/clpreauth_plugin.h>
 #include "int-proto.h"
 
-static int
-ec_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 static krb5_error_code
 ec_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
                   krb5_clpreauth_modreq modreq, krb5_get_init_creds_opt *opt,
@@ -166,7 +160,6 @@ clpreauth_encrypted_challenge_initvt(krb5_context context, int maj_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "encrypted_challenge";
     vt->pa_type_list = ec_types;
-    vt->flags = ec_flags;
     vt->prep_questions = ec_prep_questions;
     vt->process = ec_process;
     return 0;
diff --git a/src/lib/krb5/krb/preauth_encts.c b/src/lib/krb5/krb/preauth_encts.c
index 88647e2da7..b8295aaf4d 100644
--- a/src/lib/krb5/krb/preauth_encts.c
+++ b/src/lib/krb5/krb/preauth_encts.c
@@ -29,12 +29,6 @@
 #include <krb5/clpreauth_plugin.h>
 #include "int-proto.h"
 
-static int
-encts_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 static krb5_error_code
 encts_prep_questions(krb5_context context, krb5_clpreauth_moddata moddata,
                      krb5_clpreauth_modreq modreq,
@@ -137,7 +131,6 @@ clpreauth_encrypted_timestamp_initvt(krb5_context context, int maj_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "encrypted_timestamp";
     vt->pa_type_list = encts_pa_types;
-    vt->flags = encts_flags;
     vt->prep_questions = encts_prep_questions;
     vt->process = encts_process;
     return 0;
diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c
index 4823b7db19..e610d47a94 100644
--- a/src/lib/krb5/krb/preauth_otp.c
+++ b/src/lib/krb5/krb/preauth_otp.c
@@ -978,12 +978,6 @@ filter_config_tokeninfos(krb5_context context,
     return 0;
 }
 
-static int
-otp_client_get_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 static void
 otp_client_request_init(krb5_context context, krb5_clpreauth_moddata moddata,
                         krb5_clpreauth_modreq *modreq_out)
@@ -1164,7 +1158,6 @@ clpreauth_otp_initvt(krb5_context context, int maj_ver, int min_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "otp";
     vt->pa_type_list = otp_client_supported_pa_types;
-    vt->flags = otp_client_get_flags;
     vt->request_init = otp_client_request_init;
     vt->prep_questions = otp_client_prep_questions;
     vt->process = otp_client_process;
diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c
index 53f3601211..c52564e35e 100644
--- a/src/lib/krb5/krb/preauth_sam2.c
+++ b/src/lib/krb5/krb/preauth_sam2.c
@@ -30,12 +30,6 @@
 #include "int-proto.h"
 #include "init_creds_ctx.h"
 
-static int
-sam2_flags(krb5_context context, krb5_preauthtype pa_type)
-{
-    return PA_REAL;
-}
-
 /* this macro expands to the int,ptr necessary for "%.*s" in an sprintf */
 
 #define SAMDATA(kdata, str, maxsize)                                    \
@@ -431,7 +425,6 @@ clpreauth_sam2_initvt(krb5_context context, int maj_ver, int min_ver,
     vt = (krb5_clpreauth_vtable)vtable;
     vt->name = "sam2";
     vt->pa_type_list = sam2_pa_types;
-    vt->flags = sam2_flags;
     vt->process = sam2_process;
     return 0;
 }