From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 26 Apr 2013 19:50:05 +0000 (-0400)
Subject: Add kdcpreauth callback to check for client keys
X-Git-Tag: krb5-1.12-alpha1~190
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e50482720a805ecd8c160e4a8f4a846e6327dca2;p=thirdparty%2Fkrb5.git

Add kdcpreauth callback to check for client keys

Add a new have_client_keys callback to the kdcpreauth interface,
allowing modules to efficiently check whether the client DB entry has
any keys matching the request enctypes.

ticket: 7630
---

diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h
index e673d40035..9abe76f634 100644
--- a/src/include/krb5/kdcpreauth_plugin.h
+++ b/src/include/krb5/kdcpreauth_plugin.h
@@ -173,6 +173,14 @@ typedef struct krb5_kdcpreauth_callbacks_st {
                                        krb5_kdcpreauth_rock rock);
 
     /* End of version 1 kdcpreauth callbacks. */
+
+    /* Return true if the client DB entry contains any keys matching the
+     * request enctypes. */
+    krb5_boolean (*have_client_keys)(krb5_context context,
+                                     krb5_kdcpreauth_rock rock);
+
+    /* End of version 2 kdcpreauth callbacks. */
+
 } *krb5_kdcpreauth_callbacks;
 
 /* Optional: preauth plugin initialization function. */
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index c2bcab9f3b..b7f9e15144 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -542,8 +542,23 @@ event_context(krb5_context context, krb5_kdcpreauth_rock rock)
     return rock->vctx;
 }
 
+static krb5_boolean
+have_client_keys(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    krb5_kdc_req *request = rock->request;
+    krb5_key_data *kd;
+    int i;
+
+    for (i = 0; i < request->nktypes; i++) {
+        if (krb5_dbe_find_enctype(context, rock->client, request->ktype[i],
+                                  -1, 0, &kd) == 0)
+            return TRUE;
+    }
+    return FALSE;
+}
+
 static struct krb5_kdcpreauth_callbacks_st callbacks = {
-    1,
+    2,
     max_time_skew,
     client_keys,
     free_keys,
@@ -552,7 +567,8 @@ static struct krb5_kdcpreauth_callbacks_st callbacks = {
     get_string,
     free_string,
     client_entry,
-    event_context
+    event_context,
+    have_client_keys
 };
 
 static krb5_error_code