diff --git a/kdc/altsecid_gss_preauth_authorizer.c b/kdc/altsecid_gss_preauth_authorizer.c index 40925d2e4..559c53f18 100644 --- a/kdc/altsecid_gss_preauth_authorizer.c +++ b/kdc/altsecid_gss_preauth_authorizer.c @@ -272,7 +272,7 @@ ad_lookup(krb5_context context, gss_const_name_t initiator_name, gss_const_OID mech_type, krb5_principal *canon_principal, - heim_data_t *requestor_sid) + kdc_data_t *requestor_sid) { krb5_error_code ret; OM_uint32 minor; @@ -354,7 +354,7 @@ ad_lookup(krb5_context context, ldap_count_values_len(values) == 0) goto out; - *requestor_sid = heim_data_create(values[0]->bv_val, values[0]->bv_len); + *requestor_sid = kdc_data_create(values[0]->bv_val, values[0]->bv_len); if (*requestor_sid == NULL) goto enomem; } @@ -371,7 +371,7 @@ out: *canon_principal = NULL; if (requestor_sid) { - heim_release(*requestor_sid); + kdc_object_release(*requestor_sid); *requestor_sid = NULL; } } @@ -403,7 +403,7 @@ authorize(void *ctx, krb5_const_realm realm = krb5_principal_get_realm(context, client->principal); krb5_boolean reconnect_p = FALSE; krb5_boolean is_tgs; - heim_data_t requestor_sid = NULL; + kdc_data_t requestor_sid = NULL; *authorized = FALSE; *mapped_name = NULL; @@ -457,7 +457,7 @@ authorize(void *ctx, if (requestor_sid) { kdc_request_set_attribute((kdc_request_t)r, HSTR("org.h5l.gss-pa-requestor-sid"), requestor_sid); - heim_release(requestor_sid); + kdc_object_release(requestor_sid); } return ret; @@ -466,7 +466,7 @@ authorize(void *ctx, static KRB5_LIB_CALL krb5_error_code finalize_pac(void *ctx, astgs_request_t r) { - heim_data_t requestor_sid; + kdc_data_t requestor_sid; requestor_sid = kdc_request_get_attribute((kdc_request_t)r, HSTR("org.h5l.gss-pa-requestor-sid")); @@ -476,7 +476,7 @@ finalize_pac(void *ctx, astgs_request_t r) kdc_audit_setkv_object((kdc_request_t)r, "gss_requestor_sid", requestor_sid); return kdc_request_add_pac_buffer(r, PAC_REQUESTOR_SID, - heim_data_get_data(requestor_sid)); + kdc_data_get_data(requestor_sid)); } static KRB5_LIB_CALL krb5_error_code diff --git a/kdc/gss_preauth.c b/kdc/gss_preauth.c index d48690745..db6cb3efc 100644 --- a/kdc/gss_preauth.c +++ b/kdc/gss_preauth.c @@ -426,7 +426,7 @@ _kdc_gss_rd_padata(astgs_request_t r, goto out; } - gcp = heim_alloc(sizeof(*gcp), "pa-gss-client-params", pa_gss_dealloc_client_params); + gcp = kdc_object_alloc(sizeof(*gcp), "pa-gss-client-params", pa_gss_dealloc_client_params); if (gcp == NULL) { ret = krb5_enomem(r->context); goto out; @@ -476,7 +476,7 @@ out: if (gcp && gcp->major != GSS_S_NO_CONTEXT) *pgcp = gcp; else - heim_release(gcp); + kdc_object_release(gcp); return ret; } diff --git a/kdc/kdc-audit.h b/kdc/kdc-audit.h index 13c9b8f63..4b2203f22 100644 --- a/kdc/kdc-audit.h +++ b/kdc/kdc-audit.h @@ -36,8 +36,6 @@ #ifndef HEIMDAL_KDC_KDC_AUDIT_H #define HEIMDAL_KDC_KDC_AUDIT_H 1 -#include - /* * KDC auditing */ @@ -55,7 +53,7 @@ #define KDC_AUTH_EVENT_PREAUTH_SUCCEEDED 9 /* generic (non-long term key) PA success */ /* - * Audit keys to be queried using heim_audit_getkv(). There are other keys + * Audit keys to be queried using kdc_audit_getkv(). There are other keys * intended for logging that are not defined below; the constants below are * there to ease migration from the older auth_status HDB API. */ diff --git a/kdc/kdc-plugin.c b/kdc/kdc-plugin.c index 34d55ff86..40b730241 100644 --- a/kdc/kdc-plugin.c +++ b/kdc/kdc-plugin.c @@ -308,6 +308,124 @@ kdc_get_instance(const char *libname) return 0; } +/* + * Minimum API surface wrapper for libheimbase object types so it + * may remain a private interface, yet plugins can interact with + * objects. + */ + +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL +kdc_object_alloc(size_t size, const char *name, kdc_type_dealloc dealloc) +{ + return heim_alloc(size, name, dealloc); +} + +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL +kdc_object_retain(kdc_object_t o) +{ + return heim_retain(o); +} + +KDC_LIB_FUNCTION void KDC_LIB_CALL +kdc_object_release(kdc_object_t o) +{ + heim_release(o); +} + +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL +kdc_bool_create(krb5_boolean v) +{ + return heim_bool_create(v); +} + +KDC_LIB_FUNCTION krb5_boolean KDC_LIB_CALL +kdc_bool_get_value(kdc_object_t o) +{ + return heim_bool_val(o); +} + +struct kdc_array_iterator_trampoline_data { + kdc_array_iterator_t iter; + void *data; +}; + +/* + * Calling convention shim to avoid needing to update all internal + * consumers of heim_array_iterate_f() + */ +static void +_kdc_array_iterator_trampoline(kdc_object_t o, void *data, int *stop) +{ + struct kdc_array_iterator_trampoline_data *t = data; + + t->iter(o, t->data, stop); +} + +KDC_LIB_FUNCTION void KDC_LIB_CALL +kdc_array_iterate(kdc_array_t a, void *d, kdc_array_iterator_t iter) +{ + struct kdc_array_iterator_trampoline_data t; + + t.iter = iter; + t.data = d; + + return heim_array_iterate_f((heim_array_t)a, &t, _kdc_array_iterator_trampoline); +} + +KDC_LIB_FUNCTION size_t KDC_LIB_CALL +kdc_array_get_length(kdc_array_t a) +{ + return heim_array_get_length((heim_array_t)a); +} + +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL +kdc_array_get_value(heim_array_t a, size_t i) +{ + return heim_array_get_value((heim_array_t)a, i); +} + +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL +kdc_array_copy_value(heim_array_t a, size_t i) +{ + return heim_array_copy_value((heim_array_t)a, i); +} + +KDC_LIB_FUNCTION kdc_string_t KDC_LIB_CALL +kdc_string_create(const char *s) +{ + return (kdc_string_t)heim_string_create(s); +} + +KDC_LIB_FUNCTION const char * KDC_LIB_CALL +kdc_string_get_utf8(kdc_string_t s) +{ + return heim_string_get_utf8((heim_string_t)s); +} + +KDC_LIB_FUNCTION kdc_data_t +kdc_data_create(const void *d, size_t len) +{ + return (kdc_data_t)heim_data_create(d, len); +} + +KDC_LIB_FUNCTION const krb5_data * KDC_LIB_CALL +kdc_data_get_data(kdc_data_t d) +{ + return heim_data_get_data((heim_data_t)d); +} + +KDC_LIB_FUNCTION kdc_number_t KDC_LIB_CALL +kdc_number_create(int64_t v) +{ + return (kdc_number_t)heim_number_create(v); +} + +KDC_LIB_FUNCTION int64_t KDC_LIB_CALL +kdc_number_get_value(kdc_number_t n) +{ + return heim_number_get_long((heim_number_t)n); +} + /* * Plugin accessors */ diff --git a/kdc/kdc.h b/kdc/kdc.h index 289e7adb0..34ff4ac89 100644 --- a/kdc/kdc.h +++ b/kdc/kdc.h @@ -98,6 +98,17 @@ struct krb5_kdc_configuration { }; #endif +typedef void *kdc_object_t; +typedef struct kdc_array_data *kdc_array_t; +typedef struct kdc_dict_data *kdc_dict_t; +typedef struct kdc_string_data *kdc_string_t; +typedef struct kdc_data_data *kdc_data_t; +typedef struct kdc_number_data *kdc_number_t; + +typedef void (KRB5_CALLCONV *kdc_array_iterator_t)(kdc_object_t, void *, int *); + +typedef void (KRB5_CALLCONV *kdc_type_dealloc)(kdc_object_t); + #include #endif /* __KDC_H__ */ diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index c06c02599..524f1d536 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -601,7 +601,7 @@ pa_gss_validate(astgs_request_t r, const PA_DATA *pa) goto out; out: - heim_release(gcp); + kdc_object_release(gcp); free(client_name); return ret; diff --git a/kdc/libkdc-exports.def b/kdc/libkdc-exports.def index c2463c2fb..c13f28a83 100644 --- a/kdc/libkdc-exports.def +++ b/kdc/libkdc-exports.def @@ -74,6 +74,22 @@ EXPORTS kdc_audit_vaddreason _kdc_audit_trail + kdc_object_alloc + kdc_object_retain + kdc_object_release + kdc_bool_create + kdc_bool_get_value + kdc_array_iterate + kdc_array_get_length + kdc_array_get_value + kdc_array_copy_value + kdc_string_create + kdc_string_get_utf8 + kdc_data_create + kdc_data_get_data + kdc_number_create + kdc_number_get_value + ; needed for digest-service _kdc_db_fetch _kdc_free_ent diff --git a/kdc/process.c b/kdc/process.c index 6d5b5a82e..cf8ab060e 100644 --- a/kdc/process.c +++ b/kdc/process.c @@ -113,18 +113,18 @@ kdc_audit_setkv_number(kdc_request_t r, const char *k, int64_t v) } KDC_LIB_FUNCTION void KDC_LIB_CALL -kdc_audit_addkv_object(kdc_request_t r, const char *k, heim_object_t obj) +kdc_audit_addkv_object(kdc_request_t r, const char *k, kdc_object_t obj) { heim_audit_addkv_object((heim_svc_req_desc)r, k, obj); } KDC_LIB_FUNCTION void KDC_LIB_CALL -kdc_audit_setkv_object(kdc_request_t r, const char *k, heim_object_t obj) +kdc_audit_setkv_object(kdc_request_t r, const char *k, kdc_object_t obj) { heim_audit_setkv_object((heim_svc_req_desc)r, k, obj); } -KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL kdc_audit_getkv(kdc_request_t r, const char *k) { return heim_audit_getkv((heim_svc_req_desc)r, k); @@ -553,25 +553,25 @@ krb5_kdc_save_request(krb5_context context, } KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL -kdc_request_set_attribute(kdc_request_t r, heim_object_t key, heim_object_t value) +kdc_request_set_attribute(kdc_request_t r, kdc_object_t key, kdc_object_t value) { return heim_dict_set_value(r->attributes, key, value); } -KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL -kdc_request_get_attribute(kdc_request_t r, heim_object_t key) +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL +kdc_request_get_attribute(kdc_request_t r, kdc_object_t key) { return heim_dict_get_value(r->attributes, key); } -KDC_LIB_FUNCTION heim_object_t KDC_LIB_CALL -kdc_request_copy_attribute(kdc_request_t r, heim_object_t key) +KDC_LIB_FUNCTION kdc_object_t KDC_LIB_CALL +kdc_request_copy_attribute(kdc_request_t r, kdc_object_t key) { return heim_dict_copy_value(r->attributes, key); } KDC_LIB_FUNCTION void KDC_LIB_CALL -kdc_request_delete_attribute(kdc_request_t r, heim_object_t key) +kdc_request_delete_attribute(kdc_request_t r, kdc_object_t key) { heim_dict_delete_key(r->attributes, key); } diff --git a/kdc/version-script.map b/kdc/version-script.map index 9aa716b7d..a1300b90a 100644 --- a/kdc/version-script.map +++ b/kdc/version-script.map @@ -77,6 +77,22 @@ HEIMDAL_KDC_1.0 { kdc_audit_vaddreason; _kdc_audit_trail; + kdc_object_alloc; + kdc_object_retain; + kdc_object_release; + kdc_bool_create; + kdc_bool_get_value; + kdc_array_iterate; + kdc_array_get_length; + kdc_array_get_value; + kdc_array_copy_value; + kdc_string_create; + kdc_string_get_utf8; + kdc_data_create; + kdc_data_get_data; + kdc_number_create; + kdc_number_get_value; + # needed for digest-service _kdc_db_fetch; _kdc_free_ent;