From 03adfc4ceb44e9fc263d6aacc87b4c06689a4b77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 3 Jan 2007 15:34:04 +0000
Subject: [PATCH] Callbacks specific to emulating a Windows Domain Controller.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19626 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/windc.c        | 96 ++++++++++++++++++++++++++++++++++++++++++++++
 kdc/windc_plugin.h | 71 ++++++++++++++++++++++++++++++++++
 2 files changed, 167 insertions(+)
 create mode 100644 kdc/windc.c
 create mode 100644 kdc/windc_plugin.h

diff --git a/kdc/windc.c b/kdc/windc.c
new file mode 100644
index 000000000..b29d4f1b9
--- /dev/null
+++ b/kdc/windc.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2007 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+#include "kdc_locl.h"
+
+RCSID("$Id$");
+
+static krb5plugin_windc_ftable *windcft;
+static void *windcctx;
+
+/*
+ * Pick the first WINDC module that we find.
+ */
+
+krb5_error_code
+_kdc_pac_init(krb5_context context)
+{
+    struct krb5_plugin *list = NULL, *e;
+    krb5_error_code ret;
+
+    ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "windc", &list);
+    if(ret != 0 || list == NULL)
+	return 0;
+
+    for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
+
+	windcft = _krb5_plugin_get_symbol(e);
+	if (windcft->minor_version < KRB5_WINDC_PLUGING_MINOR)
+	    continue;
+	
+	(*windcft->init)(context, &windcctx);
+	break;
+    }
+    if (e == NULL) {
+	_krb5_plugin_free(list);
+	krb5_set_error_string(context, "Did not find any WINDC plugin");
+	windcft = NULL;
+	return ENOENT;
+    }
+
+    return 0;
+}
+
+
+krb5_error_code 
+_kdc_pac_generate(krb5_context context,
+		  hdb_entry_ex *client, 
+		  krb5_pac *pac)
+{
+    *pac = NULL;
+    if (windcft == NULL)
+	return 0;
+    return (windcft->pac_generate)(windcctx, context, client, pac);
+}
+
+krb5_error_code 
+_kdc_pac_verify(krb5_context context, 
+		hdb_entry_ex *client,
+		krb5_pac pac)
+{
+    if (windcft == NULL) {
+	krb5_set_error_string(context, "Can't verify WINDC, no function");
+	return EINVAL;
+    }
+    return (windcft->pac_verify)(windcctx, context, client, pac);
+}
diff --git a/kdc/windc_plugin.h b/kdc/windc_plugin.h
new file mode 100644
index 000000000..22b969d82
--- /dev/null
+++ b/kdc/windc_plugin.h
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* $Id$ */
+
+#ifndef HEIMDAL_KRB5_PAC_PLUGIN_H
+#define HEIMDAL_KRB5_PAC_PLUGIN_H 1
+
+#include <krb5.h>
+
+/*
+ * The generate function should allocate a krb5_pac using krb5_pac_init
+ * and fill in the PAC structure for the principal using
+ * krb5_pac_add_buffer.
+ *
+ * The verify function should verify all components in the PAC using
+ * krb5_pac_get_types and krb5_pac_get_buffer for all types.
+ */
+
+struct hdb_entry_ex;
+
+typedef krb5_error_code 
+(*krb5plugin_windc_pac_generate)(void *, krb5_context,
+				 struct hdb_entry_ex *, krb5_pac *);
+
+typedef krb5_error_code 
+(*krb5plugin_windc_pac_verify)(void *, krb5_context,
+			       struct hdb_entry_ex *, krb5_pac);
+
+#define KRB5_WINDC_PLUGING_MINOR		1
+
+typedef struct krb5plugin_windc_ftable {
+    int			minor_version;
+    krb5_error_code	(*init)(krb5_context, void **);
+    void		(*fini)(void *);
+    krb5plugin_windc_pac_generate	pac_generate;
+    krb5plugin_windc_pac_verify		pac_verify;
+} krb5plugin_windc_ftable;
+
+#endif /* HEIMDAL_KRB5_PAC_PLUGIN_H */
+