From: Luke Howard Date: Mon, 31 Aug 2009 15:02:42 +0000 (+0000) Subject: refactor, cleanup X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc14bfcf5c5a7259dbd784defccd1bb81d119681;p=thirdparty%2Fkrb5.git refactor, cleanup git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22679 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index a1337055a6..0578e6b63e 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1348,15 +1348,6 @@ typedef struct _krb5_authdata_context *krb5_authdata_context; void KRB5_CALLCONV krb5int_free_data_list (krb5_context context, krb5_data *data); -#if 0 -krb5_error_code KRB5_CALLCONV krb5_authdata_request_context_init -(krb5_context kcontext, - krb5_flags usage); - -void KRB5_CALLCONV krb5_authdata_request_context_fini -(krb5_context kcontext, krb5_authdata_context context); -#endif - krb5_error_code KRB5_CALLCONV krb5_authdata_context_init (krb5_context kcontext, krb5_authdata_context *pcontext); diff --git a/src/include/krb5/authdata_plugin.h b/src/include/krb5/authdata_plugin.h index d78c8ae367..328961667d 100644 --- a/src/include/krb5/authdata_plugin.h +++ b/src/include/krb5/authdata_plugin.h @@ -201,7 +201,9 @@ typedef krb5_error_code struct _krb5_authdata_context *context, void *plugin_context, void *request_context, - krb5_authdata **authdata); + krb5_authdata **authdata, + krb5_boolean kdc_issued_flag, + krb5_const_principal issuer); typedef krb5_error_code (*authdata_client_get_attribute_types_proc)(krb5_context kcontext, @@ -278,9 +280,7 @@ typedef krb5_error_code void *request_context, const krb5_auth_context *auth_context, const krb5_keyblock *key, - const krb5_ap_req *req, - krb5_boolean kdc_issued_flag, - krb5_const_principal issuer); + const krb5_ap_req *req); typedef struct krb5plugin_authdata_client_ftable_v0 { char *name; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 2aa8f01f9a..0fb412730c 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -142,6 +142,10 @@ static krb5_error_code get_credentials(context, cred, server, now, in_creds.authdata = NULL; in_creds.keyblock.enctype = 0; + /* + * cred->name is immutable, so there is no need to acquire + * cred->name->lock. + */ if (cred->name->ad_context != NULL) { code = krb5_authdata_export_attributes(context, cred->name->ad_context, diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index dc6f009e9d..2b84902906 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -289,7 +289,9 @@ krb5_authdata_import_attributes(krb5_context kcontext, context, module->plugin_context, *(module->request_context_pp), - authdata); + authdata, + FALSE, + NULL); if (code != 0 && (module->flags & AD_INFORMATIONAL)) code = 0; krb5_free_authdata(kcontext, authdata); @@ -403,7 +405,9 @@ krb5int_authdata_verify(krb5_context kcontext, context, module->plugin_context, *(module->request_context_pp), - authdata); + authdata, + kdc_issued_flag, + kdc_issuer); if (code == 0 && module->ftable->verify != NULL) { code = (*module->ftable->verify)(kcontext, context, @@ -411,9 +415,7 @@ krb5int_authdata_verify(krb5_context kcontext, *(module->request_context_pp), auth_context, key, - ap_req, - kdc_issued_flag, - kdc_issuer); + ap_req); } if (code != 0 && (module->flags & AD_INFORMATIONAL)) code = 0; @@ -592,6 +594,9 @@ krb5_authdata_get_attribute(krb5_context kcontext, break; } + if (code != 0) + *more = 0; + return code; } diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index bceb4e89df..1e666bca8d 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -98,7 +98,7 @@ k5_pac_add_buffer(krb5_context context, /* Check there isn't already a buffer of this type */ if (k5_pac_locate_buffer(context, pac, type, NULL) == 0) { - return EINVAL; + return EEXIST; } header = (PACTYPE *)realloc(pac->pac, @@ -993,11 +993,16 @@ mspac_import_attributes(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, - krb5_authdata **authdata) + krb5_authdata **authdata, + krb5_boolean kdc_issued, + krb5_const_principal kdc_issuer) { krb5_error_code code; struct mspac_context *pacctx = (struct mspac_context *)request_context; + if (kdc_issued) + return KRB5KRB_AP_ERR_BAD_INTEGRITY; + if (pacctx->pac != NULL) { krb5_pac_free(kcontext, pacctx->pac); pacctx->pac = NULL; @@ -1019,9 +1024,7 @@ mspac_verify(krb5_context kcontext, void *request_context, const krb5_auth_context *auth_context, const krb5_keyblock *key, - const krb5_ap_req *req, - krb5_boolean kdc_issued_flag, - krb5_const_principal issuer) + const krb5_ap_req *req) { krb5_error_code code; struct mspac_context *pacctx = (struct mspac_context *)request_context; @@ -1029,9 +1032,6 @@ mspac_verify(krb5_context kcontext, if (pacctx->pac == NULL) return EINVAL; - if (kdc_issued_flag) - return KRB5KRB_AP_ERR_BAD_INTEGRITY; - code = krb5_pac_verify(kcontext, pacctx->pac, req->ticket->enc_part2->times.authtime, diff --git a/src/plugins/authdata/greet_client/greet.c b/src/plugins/authdata/greet_client/greet.c index 46c1b90a5b..fa57dbaac5 100644 --- a/src/plugins/authdata/greet_client/greet.c +++ b/src/plugins/authdata/greet_client/greet.c @@ -53,7 +53,7 @@ greet_flags(krb5_context kcontext, krb5_authdatatype ad_type, krb5_flags *flags) { - *flags = AD_USAGE_AP_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL; + *flags = AD_USAGE_TGS_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL; } static void @@ -88,7 +88,9 @@ greet_import_attributes(krb5_context kcontext, krb5_authdata_context context, void *plugin_context, void *request_context, - krb5_authdata **authdata) + krb5_authdata **authdata, + krb5_boolean kdc_issued_flag, + krb5_const_principal issuer) { krb5_error_code code; struct greet_context *greet = (struct greet_context *)request_context; @@ -103,6 +105,8 @@ greet_import_attributes(krb5_context kcontext, data.data = (char *)authdata[0]->contents; code = krb5int_copy_data_contents_add0(kcontext, &data, &greet->greeting); + if (code == 0) + greet->verified = kdc_issued_flag; return code; } @@ -202,6 +206,9 @@ greet_set_attribute(krb5_context kcontext, krb5_data data; krb5_error_code code; + if (greet->greeting.data != NULL) + return EEXIST; + code = krb5int_copy_data_contents_add0(kcontext, value, &data); if (code != 0) return code; @@ -271,24 +278,6 @@ greet_copy_context(krb5_context kcontext, &dst->greeting); } -static krb5_error_code -greet_verify(krb5_context kcontext, - krb5_authdata_context context, - void *plugin_context, - void *request_context, - const krb5_auth_context *auth_context, - const krb5_keyblock *key, - const krb5_ap_req *req, - krb5_boolean kdc_issued_flag, - krb5_const_principal issuer) -{ - struct greet_context *greet = (struct greet_context *)request_context; - - greet->verified = kdc_issued_flag; - - return 0; -} - static krb5_authdatatype greet_ad_types[] = { -42, 0 }; krb5plugin_authdata_client_ftable_v0 authdata_client_0 = { @@ -308,5 +297,5 @@ krb5plugin_authdata_client_ftable_v0 authdata_client_0 = { NULL, NULL, greet_copy_context, - greet_verify, + NULL, }; diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c index 955618d971..605e15cb6c 100644 --- a/src/tests/gssapi/t_namingexts.c +++ b/src/tests/gssapi/t_namingexts.c @@ -386,7 +386,7 @@ int main(int argc, char *argv[]) gss_release_name(&tmp, &tmp_name); -#if 0 +#if 1 major = testGreetAuthzData(&minor, name); if (GSS_ERROR(major)) goto out;