From: Luke Howard Date: Sun, 30 Aug 2009 22:52:21 +0000 (+0000) Subject: pass authdata context to modules to facilitate stacking X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d575d4bf8399f41a162832507f771824973afed2;p=thirdparty%2Fkrb5.git pass authdata context to modules to facilitate stacking git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22668 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h index 6f0fdeadb7..d78c8ae367 100644 --- a/src/include/krb5/authdata_plugin.h +++ b/src/include/krb5/authdata_plugin.h @@ -162,7 +162,8 @@ typedef struct krb5plugin_authdata_server_ftable_v1 { typedef krb5plugin_authdata_server_ftable_v1 krb5plugin_authdata_ftable_v1; typedef krb5_error_code -(*authdata_client_plugin_init_proc)(krb5_context context, void **plugin_context); +(*authdata_client_plugin_init_proc)(krb5_context context, + void **plugin_context); #define AD_USAGE_AS_REQ 0x01 #define AD_USAGE_TGS_REQ 0x02 @@ -171,33 +172,40 @@ typedef krb5_error_code #define AD_USAGE_MASK 0x0F #define AD_INFORMATIONAL 0x10 +struct _krb5_authdata_context; + typedef void -(*authdata_client_plugin_flags_proc)(krb5_context context, +(*authdata_client_plugin_flags_proc)(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags); typedef void -(*authdata_client_plugin_fini_proc)(krb5_context context, void *plugin_context); +(*authdata_client_plugin_fini_proc)(krb5_context kcontext, + void *plugin_context); typedef krb5_error_code -(*authdata_client_request_init_proc)(krb5_context context, +(*authdata_client_request_init_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void **request_context); typedef void -(*authdata_client_request_fini_proc)(krb5_context context, +(*authdata_client_request_fini_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context); typedef krb5_error_code -(*authdata_client_import_attributes_proc)(krb5_context context, +(*authdata_client_import_attributes_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_authdata **authdata); typedef krb5_error_code -(*authdata_client_get_attribute_types_proc)(krb5_context context, +(*authdata_client_get_attribute_types_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_data **verified, @@ -205,7 +213,8 @@ typedef krb5_error_code krb5_data **all_attrs); typedef krb5_error_code -(*authdata_client_get_attribute_proc)(krb5_context context, +(*authdata_client_get_attribute_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_data *attribute, @@ -216,7 +225,8 @@ typedef krb5_error_code int *more); typedef krb5_error_code -(*authdata_client_set_attribute_proc)(krb5_context context, +(*authdata_client_set_attribute_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_boolean complete, @@ -224,40 +234,46 @@ typedef krb5_error_code const krb5_data *value); typedef krb5_error_code -(*authdata_client_delete_attribute_proc)(krb5_context context, +(*authdata_client_delete_attribute_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_data *attribute); typedef krb5_error_code -(*authdata_client_export_attributes_proc)(krb5_context context, +(*authdata_client_export_attributes_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_flags usage, krb5_authdata ***authdata); typedef krb5_error_code -(*authdata_client_export_internal_proc)(krb5_context context, +(*authdata_client_export_internal_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, krb5_boolean restrict_authenticated, void **ptr); typedef krb5_error_code -(*authdata_client_copy_context_proc)(krb5_context context, +(*authdata_client_copy_context_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, void *dst_plugin_context, void *dst_request_context); typedef void -(*authdata_client_free_internal_proc)(krb5_context context, +(*authdata_client_free_internal_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, void *ptr); typedef krb5_error_code -(*authdata_client_verify_proc)(krb5_context context, +(*authdata_client_verify_proc)(krb5_context kcontext, + struct _krb5_authdata_context *context, void *plugin_context, void *request_context, const krb5_auth_context *auth_context, diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index 055219a998..83773b90b0 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -113,6 +113,7 @@ k5_ad_init_modules(krb5_context kcontext, /* For now, single request per context. That may change */ code = (*table->request_init)(kcontext, + context, plugin_context, rcpp); if ((code != 0 && code != ENOMEM) && @@ -236,6 +237,7 @@ krb5_authdata_context_free(krb5_context kcontext, if (module->client_req_fini != NULL && module->request_context != NULL) (*module->client_req_fini)(kcontext, + context, module->plugin_context, module->request_context); @@ -284,6 +286,7 @@ krb5_authdata_import_attributes(krb5_context kcontext, assert(authdata[0] != NULL); code = (*module->ftable->import_attributes)(kcontext, + context, module->plugin_context, *(module->request_context_pp), authdata); @@ -395,11 +398,13 @@ krb5int_authdata_verify(krb5_context kcontext, assert(authdata[0] != NULL); code = (*module->ftable->import_attributes)(kcontext, + context, module->plugin_context, *(module->request_context_pp), authdata); if (code == 0 && module->ftable->verify != NULL) { code = (*module->ftable->verify)(kcontext, + context, module->plugin_context, *(module->request_context_pp), auth_context, @@ -475,6 +480,7 @@ krb5_authdata_get_attribute_types(krb5_context kcontext, continue; if ((*module->ftable->get_attribute_types)(kcontext, + context, module->plugin_context, *(module->request_context_pp), verified_attrs ? @@ -571,6 +577,7 @@ krb5_authdata_get_attribute(krb5_context kcontext, continue; code = (*module->ftable->get_attribute)(kcontext, + context, module->plugin_context, *(module->request_context_pp), attribute, @@ -604,6 +611,7 @@ krb5_authdata_set_attribute(krb5_context kcontext, continue; code = (*module->ftable->set_attribute)(kcontext, + context, module->plugin_context, *(module->request_context_pp), complete, @@ -639,6 +647,7 @@ krb5_authdata_delete_attribute(krb5_context kcontext, continue; code = (*module->ftable->delete_attribute)(kcontext, + context, module->plugin_context, *(module->request_context_pp), attribute); @@ -681,6 +690,7 @@ krb5_authdata_export_attributes(krb5_context kcontext, continue; code = (*module->ftable->export_attributes)(kcontext, + context, module->plugin_context, *(module->request_context_pp), flags, @@ -735,6 +745,7 @@ krb5_authdata_export_internal(krb5_context kcontext, continue; code = (*module->ftable->export_internal)(kcontext, + context, module->plugin_context, *(module->request_context_pp), restrict_authenticated, @@ -765,6 +776,7 @@ krb5_authdata_free_internal(krb5_context kcontext, continue; (*module->ftable->free_internal)(kcontext, + context, module->plugin_context, *(module->request_context_pp), ptr); @@ -777,8 +789,9 @@ krb5_authdata_free_internal(krb5_context kcontext, static krb5_error_code k5_copy_ad_module_data(krb5_context kcontext, - struct _krb5_authdata_context_module *src_module, - krb5_authdata_context dst) + krb5_authdata_context context, + struct _krb5_authdata_context_module *src_module, + krb5_authdata_context dst) { int i; krb5_error_code code; @@ -807,6 +820,7 @@ k5_copy_ad_module_data(krb5_context kcontext, assert(dst_module->request_context_pp == &dst_module->request_context); code = (*src_module->ftable->copy_context)(kcontext, + context, src_module->plugin_context, src_module->request_context, dst_module->plugin_context, @@ -832,7 +846,7 @@ krb5_authdata_context_copy(krb5_context kcontext, for (i = 0; i < src->n_modules; i++) { struct _krb5_authdata_context_module *module = &src->modules[i]; - code = k5_copy_ad_module_data(kcontext, module, dst); + code = k5_copy_ad_module_data(kcontext, src, module, dst); if (code != 0) break; } diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index de3b3e8c20..4671341ae2 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -933,14 +933,14 @@ struct mspac_context { }; static krb5_error_code -mspac_init(krb5_context context, void **plugin_context) +mspac_init(krb5_context kcontext, void **plugin_context) { *plugin_context = NULL; return 0; } static void -mspac_flags(krb5_context context, +mspac_flags(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags) @@ -949,13 +949,14 @@ mspac_flags(krb5_context context, } static void -mspac_fini(krb5_context context, void *plugin_context) +mspac_fini(krb5_context kcontext, void *plugin_context) { return; } static krb5_error_code -mspac_request_init(krb5_context context, +mspac_request_init(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void **request_context) { @@ -973,7 +974,8 @@ mspac_request_init(krb5_context context, } static krb5_error_code -mspac_import_attributes(krb5_context context, +mspac_import_attributes(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_authdata **authdata) @@ -982,21 +984,22 @@ mspac_import_attributes(krb5_context context, struct mspac_context *pacctx = (struct mspac_context *)request_context; if (pacctx->pac != NULL) { - krb5_pac_free(context, pacctx->pac); + krb5_pac_free(kcontext, pacctx->pac); pacctx->pac = NULL; } assert(authdata[0] != NULL); assert(authdata[0]->ad_type == KRB5_AUTHDATA_WIN2K_PAC); - code = krb5_pac_parse(context, authdata[0]->contents, + code = krb5_pac_parse(kcontext, authdata[0]->contents, authdata[0]->length, &pacctx->pac); return code; } static krb5_error_code -mspac_verify(krb5_context context, +mspac_verify(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, const krb5_auth_context *auth_context, @@ -1014,7 +1017,7 @@ mspac_verify(krb5_context context, if (kdc_issued_flag) return KRB5KRB_AP_ERR_BAD_INTEGRITY; - code = krb5_pac_verify(context, + code = krb5_pac_verify(kcontext, pacctx->pac, req->ticket->enc_part2->times.authtime, req->ticket->enc_part2->client, @@ -1036,13 +1039,16 @@ mspac_verify(krb5_context context, } static void -mspac_request_fini(krb5_context context, void *plugin_context, void *request_context) +mspac_request_fini(krb5_context kcontext, + krb5_authdata_context context, + void *plugin_context, + void *request_context) { struct mspac_context *pacctx = (struct mspac_context *)request_context; if (pacctx != NULL) { if (pacctx->pac != NULL) - krb5_pac_free(context, pacctx->pac); + krb5_pac_free(kcontext, pacctx->pac); free(pacctx); } @@ -1109,7 +1115,8 @@ mspac_attr2type(const krb5_data *attr, krb5_ui_4 *type) } static krb5_error_code -mspac_get_attribute_types(krb5_context context, +mspac_get_attribute_types(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_data **verified, @@ -1130,11 +1137,11 @@ mspac_get_attribute_types(krb5_context context, return ENOMEM; for (i = 0; i < MSPAC_ATTRIBUTE_COUNT; i++) { - code = krb5int_copy_data_contents(context, + code = krb5int_copy_data_contents(kcontext, &mspac_attribute_types[i].attribute, &attrs[i]); if (code != 0) { - krb5int_free_data_list(context, attrs); + krb5int_free_data_list(kcontext, attrs); return code; } } @@ -1158,7 +1165,7 @@ mspac_get_attribute_types(krb5_context context, j = 0; /* The entire PAC */ - code = krb5int_copy_data_contents(context, + code = krb5int_copy_data_contents(kcontext, &mspac_attribute_types[0].attribute, &attrs[j++]); if (code != 0) { @@ -1171,9 +1178,9 @@ mspac_get_attribute_types(krb5_context context, code = mspac_type2attr(pacctx->pac->pac->Buffers[i].ulType, &attr); if (code == 0) { - code = krb5int_copy_data_contents(context, &attr, &attrs[j++]); + code = krb5int_copy_data_contents(kcontext, &attr, &attrs[j++]); if (code != 0) { - krb5int_free_data_list(context, attrs); + krb5int_free_data_list(kcontext, attrs); return code; } } else { @@ -1182,7 +1189,7 @@ mspac_get_attribute_types(krb5_context context, length = asprintf(&attrs[j].data, "mspac:%d", pacctx->pac->pac->Buffers[i].ulType); if (length < 0) { - krb5int_free_data_list(context, attrs); + krb5int_free_data_list(kcontext, attrs); return ENOMEM; } attrs[j++].length = length; @@ -1197,7 +1204,8 @@ mspac_get_attribute_types(krb5_context context, } static krb5_error_code -mspac_get_attribute(krb5_context context, +mspac_get_attribute(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, const krb5_data *attribute, @@ -1229,16 +1237,16 @@ mspac_get_attribute(krb5_context context, /* -1 is a magic type that refers to the entire PAC */ if (type == (krb5_ui_4)-1) { if (value != NULL) - code = krb5int_copy_data_contents(context, + code = krb5int_copy_data_contents(kcontext, &pacctx->pac->data, value); else code = 0; } else { if (value != NULL) - code = krb5_pac_get_buffer(context, pacctx->pac, type, value); + code = krb5_pac_get_buffer(kcontext, pacctx->pac, type, value); else - code = k5_pac_locate_buffer(context, pacctx->pac, type, NULL); + code = k5_pac_locate_buffer(kcontext, pacctx->pac, type, NULL); } if (code == 0) { *authenticated = pacctx->pac->verified; @@ -1251,7 +1259,8 @@ mspac_get_attribute(krb5_context context, } static krb5_error_code -mspac_set_attribute(krb5_context context, +mspac_set_attribute(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_boolean complete, @@ -1273,21 +1282,22 @@ mspac_set_attribute(krb5_context context, if (type == (krb5_ui_4)-1) { krb5_pac newpac; - code = krb5_pac_parse(context, value->data, value->length, &newpac); + code = krb5_pac_parse(kcontext, value->data, value->length, &newpac); if (code != 0) return code; - krb5_pac_free(context, pacctx->pac); + krb5_pac_free(kcontext, pacctx->pac); pacctx->pac = newpac; } else { - code = krb5_pac_add_buffer(context, pacctx->pac, type, value); + code = krb5_pac_add_buffer(kcontext, pacctx->pac, type, value); } return code; } static krb5_error_code -mspac_export_attributes(krb5_context context, +mspac_export_attributes(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_flags usage, @@ -1312,9 +1322,9 @@ mspac_export_attributes(krb5_context context, } authdata[1] = NULL; - code = krb5int_copy_data_contents(context, &pacctx->pac->data, &data); + code = krb5int_copy_data_contents(kcontext, &pacctx->pac->data, &data); if (code != 0) { - krb5_free_authdata(context, authdata); + krb5_free_authdata(kcontext, authdata); return code; } @@ -1331,7 +1341,8 @@ mspac_export_attributes(krb5_context context, } static krb5_error_code -mspac_export_internal(krb5_context context, +mspac_export_internal(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_boolean restrict_authenticated, @@ -1349,7 +1360,7 @@ mspac_export_internal(krb5_context context, if (restrict_authenticated && (pacctx->pac->verified) == FALSE) return 0; - code = krb5_pac_parse(context, pacctx->pac->data.data, + code = krb5_pac_parse(kcontext, pacctx->pac->data.data, pacctx->pac->data.length, &pac); if (code == 0) { pac->verified = pacctx->pac->verified; @@ -1360,7 +1371,8 @@ mspac_export_internal(krb5_context context, } static krb5_error_code -mspac_copy_context(krb5_context context, +mspac_copy_context(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, void *dst_plugin_context, @@ -1374,19 +1386,20 @@ mspac_copy_context(krb5_context context, assert(dstctx->pac == NULL); if (srcctx->pac != NULL) - code = k5_pac_copy(context, srcctx->pac, &dstctx->pac); + code = k5_pac_copy(kcontext, srcctx->pac, &dstctx->pac); return code; } static void -mspac_free_internal(krb5_context context, +mspac_free_internal(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, void *ptr) { if (ptr != NULL) - krb5_pac_free(context, (krb5_pac)ptr); + krb5_pac_free(kcontext, (krb5_pac)ptr); return; } diff --git a/src/plugins/authdata/greet_client/greet.c b/src/plugins/authdata/greet_client/greet.c index 03ec0d7f71..9927c55bcc 100644 --- a/src/plugins/authdata/greet_client/greet.c +++ b/src/plugins/authdata/greet_client/greet.c @@ -41,14 +41,14 @@ static krb5_data greet_attr = { KV5M_DATA, sizeof("greet:greeting") - 1, "greet:greeting" }; static krb5_error_code -greet_init(krb5_context context, void **plugin_context) +greet_init(krb5_context kcontext, void **plugin_context) { *plugin_context = 0; return 0; } static void -greet_flags(krb5_context context, +greet_flags(krb5_context kcontext, void *plugin_context, krb5_authdatatype ad_type, krb5_flags *flags) @@ -57,13 +57,14 @@ greet_flags(krb5_context context, } static void -greet_fini(krb5_context context, void *plugin_context) +greet_fini(krb5_context kcontext, void *plugin_context) { return; } static krb5_error_code -greet_request_init(krb5_context context, +greet_request_init(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void **request_context) { @@ -82,7 +83,8 @@ greet_request_init(krb5_context context, } static krb5_error_code -greet_import_attributes(krb5_context context, +greet_import_attributes(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_authdata **authdata) @@ -91,7 +93,7 @@ greet_import_attributes(krb5_context context, struct greet_context *greet = (struct greet_context *)request_context; krb5_data data; - krb5_free_data_contents(context, &greet->greeting); + krb5_free_data_contents(kcontext, &greet->greeting); greet->verified = FALSE; assert(authdata[0] != NULL); @@ -99,26 +101,28 @@ greet_import_attributes(krb5_context context, data.length = authdata[0]->length; data.data = (char *)authdata[0]->contents; - code = krb5int_copy_data_contents_add0(context, &data, &greet->greeting); + code = krb5int_copy_data_contents_add0(kcontext, &data, &greet->greeting); return code; } static void -greet_request_fini(krb5_context context, +greet_request_fini(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context) { struct greet_context *greet = (struct greet_context *)request_context; if (greet != NULL) { - krb5_free_data_contents(context, &greet->greeting); + krb5_free_data_contents(kcontext, &greet->greeting); free(greet); } } static krb5_error_code -greet_get_attribute_types(krb5_context context, +greet_get_attribute_types(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_data **verified, @@ -138,7 +142,7 @@ greet_get_attribute_types(krb5_context context, if (*asserted == NULL) return ENOMEM; - code = krb5int_copy_data_contents_add0(context, &greet_attr, &(*asserted)[0]); + code = krb5int_copy_data_contents_add0(kcontext, &greet_attr, &(*asserted)[0]); if (code != 0) { free(*asserted); *asserted = NULL; @@ -149,7 +153,8 @@ greet_get_attribute_types(krb5_context context, } static krb5_error_code -greet_get_attribute(krb5_context context, +greet_get_attribute(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, const krb5_data *attribute, @@ -168,11 +173,12 @@ greet_get_attribute(krb5_context context, *complete = TRUE; *more = 0; - return krb5int_copy_data_contents_add0(context, &greet->greeting, value); + return krb5int_copy_data_contents_add0(kcontext, &greet->greeting, value); } static krb5_error_code -greet_set_attribute(krb5_context context, +greet_set_attribute(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_boolean complete, @@ -183,11 +189,11 @@ greet_set_attribute(krb5_context context, krb5_data data; krb5_error_code code; - code = krb5int_copy_data_contents_add0(context, value, &data); + code = krb5int_copy_data_contents_add0(kcontext, value, &data); if (code != 0) return code; - krb5_free_data_contents(context, &greet->greeting); + krb5_free_data_contents(kcontext, &greet->greeting); greet->greeting = data; greet->verified = FALSE; @@ -195,21 +201,23 @@ greet_set_attribute(krb5_context context, } static krb5_error_code -greet_delete_attribute(krb5_context context, +greet_delete_attribute(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, const krb5_data *attribute) { struct greet_context *greet = (struct greet_context *)request_context; - krb5_free_data_contents(context, &greet->greeting); + krb5_free_data_contents(kcontext, &greet->greeting); greet->verified = FALSE; return 0; } static krb5_error_code -greet_export_attributes(krb5_context context, +greet_export_attributes(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, krb5_flags usage, @@ -227,13 +235,14 @@ greet_export_attributes(krb5_context context, data[0] = &datum; data[1] = NULL; - code = krb5_copy_authdata(context, data, out_authdata); + code = krb5_copy_authdata(kcontext, data, out_authdata); return code; } static krb5_error_code -greet_copy_context(krb5_context context, +greet_copy_context(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, void *dst_plugin_context, @@ -242,11 +251,14 @@ greet_copy_context(krb5_context context, struct greet_context *src = (struct greet_context *)request_context; struct greet_context *dst = (struct greet_context *)dst_request_context; - return krb5int_copy_data_contents_add0(context, &src->greeting, &dst->greeting); + return krb5int_copy_data_contents_add0(kcontext, + &src->greeting, + &dst->greeting); } static krb5_error_code -greet_verify(krb5_context context, +greet_verify(krb5_context kcontext, + krb5_authdata_context context, void *plugin_context, void *request_context, const krb5_auth_context *auth_context, diff --git a/src/plugins/authdata/greet_server/greet_auth.c b/src/plugins/authdata/greet_server/greet_auth.c index f732e9d647..16a52a62fc 100644 --- a/src/plugins/authdata/greet_server/greet_auth.c +++ b/src/plugins/authdata/greet_server/greet_auth.c @@ -1,5 +1,5 @@ /* - * plugins/authdata/greet/ + * plugins/authdata/greet_server/ * * Copyright 2009 by the Massachusetts Institute of Technology. *