kdc: add wrappers for heimbase object accessors
Add libkdc wrappers for heimbase object accessors so plugins can use audit and request attribute APIs without consuming libheimbase. Exposed API surface is minimal and is limited to reading array collections, and reading/creating base and custom types.
This commit is contained in:

committed by
Nico Williams

parent
917e16049a
commit
144caf67fa
@@ -272,7 +272,7 @@ ad_lookup(krb5_context context,
|
||||
gss_const_name_t initiator_name,
|
||||
gss_const_OID mech_type,
|
||||
krb5_principal *canon_principal,
|
||||
heim_data_t *requestor_sid)
|
||||
kdc_data_t *requestor_sid)
|
||||
{
|
||||
krb5_error_code ret;
|
||||
OM_uint32 minor;
|
||||
@@ -354,7 +354,7 @@ ad_lookup(krb5_context context,
|
||||
ldap_count_values_len(values) == 0)
|
||||
goto out;
|
||||
|
||||
*requestor_sid = heim_data_create(values[0]->bv_val, values[0]->bv_len);
|
||||
*requestor_sid = kdc_data_create(values[0]->bv_val, values[0]->bv_len);
|
||||
if (*requestor_sid == NULL)
|
||||
goto enomem;
|
||||
}
|
||||
@@ -371,7 +371,7 @@ out:
|
||||
*canon_principal = NULL;
|
||||
|
||||
if (requestor_sid) {
|
||||
heim_release(*requestor_sid);
|
||||
kdc_object_release(*requestor_sid);
|
||||
*requestor_sid = NULL;
|
||||
}
|
||||
}
|
||||
@@ -403,7 +403,7 @@ authorize(void *ctx,
|
||||
krb5_const_realm realm = krb5_principal_get_realm(context, client->principal);
|
||||
krb5_boolean reconnect_p = FALSE;
|
||||
krb5_boolean is_tgs;
|
||||
heim_data_t requestor_sid = NULL;
|
||||
kdc_data_t requestor_sid = NULL;
|
||||
|
||||
*authorized = FALSE;
|
||||
*mapped_name = NULL;
|
||||
@@ -457,7 +457,7 @@ authorize(void *ctx,
|
||||
if (requestor_sid) {
|
||||
kdc_request_set_attribute((kdc_request_t)r,
|
||||
HSTR("org.h5l.gss-pa-requestor-sid"), requestor_sid);
|
||||
heim_release(requestor_sid);
|
||||
kdc_object_release(requestor_sid);
|
||||
}
|
||||
|
||||
return ret;
|
||||
@@ -466,7 +466,7 @@ authorize(void *ctx,
|
||||
static KRB5_LIB_CALL krb5_error_code
|
||||
finalize_pac(void *ctx, astgs_request_t r)
|
||||
{
|
||||
heim_data_t requestor_sid;
|
||||
kdc_data_t requestor_sid;
|
||||
|
||||
requestor_sid = kdc_request_get_attribute((kdc_request_t)r,
|
||||
HSTR("org.h5l.gss-pa-requestor-sid"));
|
||||
@@ -476,7 +476,7 @@ finalize_pac(void *ctx, astgs_request_t r)
|
||||
kdc_audit_setkv_object((kdc_request_t)r, "gss_requestor_sid", requestor_sid);
|
||||
|
||||
return kdc_request_add_pac_buffer(r, PAC_REQUESTOR_SID,
|
||||
heim_data_get_data(requestor_sid));
|
||||
kdc_data_get_data(requestor_sid));
|
||||
}
|
||||
|
||||
static KRB5_LIB_CALL krb5_error_code
|
||||
|
@@ -426,7 +426,7 @@ _kdc_gss_rd_padata(astgs_request_t r,
|
||||
goto out;
|
||||
}
|
||||
|
||||
gcp = heim_alloc(sizeof(*gcp), "pa-gss-client-params", pa_gss_dealloc_client_params);
|
||||
gcp = kdc_object_alloc(sizeof(*gcp), "pa-gss-client-params", pa_gss_dealloc_client_params);
|
||||
if (gcp == NULL) {
|
||||
ret = krb5_enomem(r->context);
|
||||
goto out;
|
||||
@@ -476,7 +476,7 @@ out:
|
||||
if (gcp && gcp->major != GSS_S_NO_CONTEXT)
|
||||
*pgcp = gcp;
|
||||
else
|
||||
heim_release(gcp);
|
||||
kdc_object_release(gcp);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@@ -36,8 +36,6 @@
|
||||
#ifndef HEIMDAL_KDC_KDC_AUDIT_H
|
||||
#define HEIMDAL_KDC_KDC_AUDIT_H 1
|
||||
|
||||
#include <heimbase.h>
|
||||
|
||||
/*
|
||||
* KDC auditing
|
||||
*/
|
||||
@@ -55,7 +53,7 @@
|
||||
#define KDC_AUTH_EVENT_PREAUTH_SUCCEEDED 9 /* generic (non-long term key) PA success */
|
||||
|
||||
/*
|
||||
* Audit keys to be queried using heim_audit_getkv(). There are other keys
|
||||
* Audit keys to be queried using kdc_audit_getkv(). There are other keys
|
||||
* intended for logging that are not defined below; the constants below are
|
||||
* there to ease migration from the older auth_status HDB API.
|
||||
*/
|
||||
|
118
kdc/kdc-plugin.c
118
kdc/kdc-plugin.c
@@ -308,6 +308,124 @@ kdc_get_instance(const char *libname)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Minimum API surface wrapper for libheimbase object types so it
|
||||
* may remain a private interface, yet plugins can interact with
|
||||
* objects.
|
||||
*/
|
||||
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_object_alloc(size_t size, const char *name, kdc_type_dealloc dealloc)
|
||||
{
|
||||
return heim_alloc(size, name, dealloc);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_object_retain(kdc_object_t o)
|
||||
{
|
||||
return heim_retain(o);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION void KDC_LIB_CALL
|
||||
kdc_object_release(kdc_object_t o)
|
||||
{
|
||||
heim_release(o);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_bool_create(krb5_boolean v)
|
||||
{
|
||||
return heim_bool_create(v);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION krb5_boolean KDC_LIB_CALL
|
||||
kdc_bool_get_value(kdc_object_t o)
|
||||
{
|
||||
return heim_bool_val(o);
|
||||
}
|
||||
|
||||
struct kdc_array_iterator_trampoline_data {
|
||||
kdc_array_iterator_t iter;
|
||||
void *data;
|
||||
};
|
||||
|
||||
/*
|
||||
* Calling convention shim to avoid needing to update all internal
|
||||
* consumers of heim_array_iterate_f()
|
||||
*/
|
||||
static void
|
||||
_kdc_array_iterator_trampoline(kdc_object_t o, void *data, int *stop)
|
||||
{
|
||||
struct kdc_array_iterator_trampoline_data *t = data;
|
||||
|
||||
t->iter(o, t->data, stop);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION void KDC_LIB_CALL
|
||||
kdc_array_iterate(kdc_array_t a, void *d, kdc_array_iterator_t iter)
|
||||
{
|
||||
struct kdc_array_iterator_trampoline_data t;
|
||||
|
||||
t.iter = iter;
|
||||
t.data = d;
|
||||
|
||||
return heim_array_iterate_f((heim_array_t)a, &t, _kdc_array_iterator_trampoline);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION size_t KDC_LIB_CALL
|
||||
kdc_array_get_length(kdc_array_t a)
|
||||
{
|
||||
return heim_array_get_length((heim_array_t)a);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_array_get_value(heim_array_t a, size_t i)
|
||||
{
|
||||
return heim_array_get_value((heim_array_t)a, i);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_array_copy_value(heim_array_t a, size_t i)
|
||||
{
|
||||
return heim_array_copy_value((heim_array_t)a, i);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION kdc_string_t KDC_LIB_CALL
|
||||
kdc_string_create(const char *s)
|
||||
{
|
||||
return (kdc_string_t)heim_string_create(s);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION const char * KDC_LIB_CALL
|
||||
kdc_string_get_utf8(kdc_string_t s)
|
||||
{
|
||||
return heim_string_get_utf8((heim_string_t)s);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION kdc_data_t
|
||||
kdc_data_create(const void *d, size_t len)
|
||||
{
|
||||
return (kdc_data_t)heim_data_create(d, len);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION const krb5_data * KDC_LIB_CALL
|
||||
kdc_data_get_data(kdc_data_t d)
|
||||
{
|
||||
return heim_data_get_data((heim_data_t)d);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION kdc_number_t KDC_LIB_CALL
|
||||
kdc_number_create(int64_t v)
|
||||
{
|
||||
return (kdc_number_t)heim_number_create(v);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION int64_t KDC_LIB_CALL
|
||||
kdc_number_get_value(kdc_number_t n)
|
||||
{
|
||||
return heim_number_get_long((heim_number_t)n);
|
||||
}
|
||||
|
||||
/*
|
||||
* Plugin accessors
|
||||
*/
|
||||
|
11
kdc/kdc.h
11
kdc/kdc.h
@@ -98,6 +98,17 @@ struct krb5_kdc_configuration {
|
||||
};
|
||||
#endif
|
||||
|
||||
typedef void *kdc_object_t;
|
||||
typedef struct kdc_array_data *kdc_array_t;
|
||||
typedef struct kdc_dict_data *kdc_dict_t;
|
||||
typedef struct kdc_string_data *kdc_string_t;
|
||||
typedef struct kdc_data_data *kdc_data_t;
|
||||
typedef struct kdc_number_data *kdc_number_t;
|
||||
|
||||
typedef void (KRB5_CALLCONV *kdc_array_iterator_t)(kdc_object_t, void *, int *);
|
||||
|
||||
typedef void (KRB5_CALLCONV *kdc_type_dealloc)(kdc_object_t);
|
||||
|
||||
#include <kdc-protos.h>
|
||||
|
||||
#endif /* __KDC_H__ */
|
||||
|
@@ -601,7 +601,7 @@ pa_gss_validate(astgs_request_t r, const PA_DATA *pa)
|
||||
goto out;
|
||||
|
||||
out:
|
||||
heim_release(gcp);
|
||||
kdc_object_release(gcp);
|
||||
free(client_name);
|
||||
|
||||
return ret;
|
||||
|
@@ -74,6 +74,22 @@ EXPORTS
|
||||
kdc_audit_vaddreason
|
||||
_kdc_audit_trail
|
||||
|
||||
kdc_object_alloc
|
||||
kdc_object_retain
|
||||
kdc_object_release
|
||||
kdc_bool_create
|
||||
kdc_bool_get_value
|
||||
kdc_array_iterate
|
||||
kdc_array_get_length
|
||||
kdc_array_get_value
|
||||
kdc_array_copy_value
|
||||
kdc_string_create
|
||||
kdc_string_get_utf8
|
||||
kdc_data_create
|
||||
kdc_data_get_data
|
||||
kdc_number_create
|
||||
kdc_number_get_value
|
||||
|
||||
; needed for digest-service
|
||||
_kdc_db_fetch
|
||||
_kdc_free_ent
|
||||
|
@@ -113,18 +113,18 @@ kdc_audit_setkv_number(kdc_request_t r, const char *k, int64_t v)
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION void KDC_LIB_CALL
|
||||
kdc_audit_addkv_object(kdc_request_t r, const char *k, heim_object_t obj)
|
||||
kdc_audit_addkv_object(kdc_request_t r, const char *k, kdc_object_t obj)
|
||||
{
|
||||
heim_audit_addkv_object((heim_svc_req_desc)r, k, obj);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION void KDC_LIB_CALL
|
||||
kdc_audit_setkv_object(kdc_request_t r, const char *k, heim_object_t obj)
|
||||
kdc_audit_setkv_object(kdc_request_t r, const char *k, kdc_object_t obj)
|
||||
{
|
||||
heim_audit_setkv_object((heim_svc_req_desc)r, k, obj);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_audit_getkv(kdc_request_t r, const char *k)
|
||||
{
|
||||
return heim_audit_getkv((heim_svc_req_desc)r, k);
|
||||
@@ -553,25 +553,25 @@ krb5_kdc_save_request(krb5_context context,
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL
|
||||
kdc_request_set_attribute(kdc_request_t r, heim_object_t key, heim_object_t value)
|
||||
kdc_request_set_attribute(kdc_request_t r, kdc_object_t key, kdc_object_t value)
|
||||
{
|
||||
return heim_dict_set_value(r->attributes, key, value);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL
|
||||
kdc_request_get_attribute(kdc_request_t r, heim_object_t key)
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_request_get_attribute(kdc_request_t r, kdc_object_t key)
|
||||
{
|
||||
return heim_dict_get_value(r->attributes, key);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL
|
||||
kdc_request_copy_attribute(kdc_request_t r, heim_object_t key)
|
||||
KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL
|
||||
kdc_request_copy_attribute(kdc_request_t r, kdc_object_t key)
|
||||
{
|
||||
return heim_dict_copy_value(r->attributes, key);
|
||||
}
|
||||
|
||||
KDC_LIB_FUNCTION void KDC_LIB_CALL
|
||||
kdc_request_delete_attribute(kdc_request_t r, heim_object_t key)
|
||||
kdc_request_delete_attribute(kdc_request_t r, kdc_object_t key)
|
||||
{
|
||||
heim_dict_delete_key(r->attributes, key);
|
||||
}
|
||||
|
@@ -77,6 +77,22 @@ HEIMDAL_KDC_1.0 {
|
||||
kdc_audit_vaddreason;
|
||||
_kdc_audit_trail;
|
||||
|
||||
kdc_object_alloc;
|
||||
kdc_object_retain;
|
||||
kdc_object_release;
|
||||
kdc_bool_create;
|
||||
kdc_bool_get_value;
|
||||
kdc_array_iterate;
|
||||
kdc_array_get_length;
|
||||
kdc_array_get_value;
|
||||
kdc_array_copy_value;
|
||||
kdc_string_create;
|
||||
kdc_string_get_utf8;
|
||||
kdc_data_create;
|
||||
kdc_data_get_data;
|
||||
kdc_number_create;
|
||||
kdc_number_get_value;
|
||||
|
||||
# needed for digest-service
|
||||
_kdc_db_fetch;
|
||||
_kdc_free_ent;
|
||||
|
Reference in New Issue
Block a user