oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

ident

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-12-12 21:28:52 -08:00
parent 54ce0a776c
commit 167084b3e7
1 changed files with 22 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/krb5/kuserok.c
View File

@@ -401,9 +401,8 @@ _krb5_kuserok(krb5_context context,
{ {
static heim_base_once_t reg_def_plugins = HEIM_BASE_ONCE_INIT; static heim_base_once_t reg_def_plugins = HEIM_BASE_ONCE_INIT;
krb5_error_code ret; krb5_error_code ret;
size_t i;
char **rules;
struct plctx ctx; struct plctx ctx;
char **rules;
/* /*
* XXX we should have a struct with a krb5_context field and a * XXX we should have a struct with a krb5_context field and a
@@ -424,6 +423,7 @@ _krb5_kuserok(krb5_context context,
if (an2ln_ok) if (an2ln_ok)
ctx.flags |= KUSEROK_ANAME_TO_LNAME_OK; ctx.flags |= KUSEROK_ANAME_TO_LNAME_OK;
if (krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults", if (krb5_config_get_bool_default(context, NULL, FALSE, "libdefaults",
"k5login_authoritative", NULL)) "k5login_authoritative", NULL))
ctx.flags |= KUSEROK_K5LOGIN_IS_AUTHORITATIVE; ctx.flags |= KUSEROK_K5LOGIN_IS_AUTHORITATIVE;
@@ -436,28 +436,34 @@ _krb5_kuserok(krb5_context context,
if (rules == NULL) { if (rules == NULL) {
/* Default: check ~/.k5login */ /* Default: check ~/.k5login */
ctx.rule = "USER-K5LOGIN"; ctx.rule = "USER-K5LOGIN";
ret = plcallback(context, &kuserok_user_k5login_plug, NULL, &ctx); ret = plcallback(context, &kuserok_user_k5login_plug, NULL, &ctx);
if (ret == 0) if (ret == 0)
goto out; goto out;
ctx.rule = "SIMPLE"; ctx.rule = "SIMPLE";
ret = plcallback(context, &kuserok_simple_plug, NULL, &ctx); ret = plcallback(context, &kuserok_simple_plug, NULL, &ctx);
if (ret == 0) if (ret == 0)
goto out; goto out;
ctx.result = FALSE;
goto out;
}
for (i = 0; rules[i]; i++) { ctx.result = FALSE;
ctx.rule = rules[i]; } else {
ret = _krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_KUSEROK, size_t n;
KRB5_PLUGIN_KUSEROK_VERSION_0, 0,
&ctx, plcallback); for (n = 0; rules[n]; n++) {
if (ret != KRB5_PLUGIN_NO_HANDLE) ctx.rule = rules[n];
goto out;
ret = _krb5_plugin_run_f(context, "krb5", KRB5_PLUGIN_KUSEROK,
KRB5_PLUGIN_KUSEROK_VERSION_0, 0,
&ctx, plcallback);
if (ret != KRB5_PLUGIN_NO_HANDLE)
goto out;
}
} }
out: out:
krb5_config_free_strings(rules); krb5_config_free_strings(rules);
return ctx.result; return ctx.result;
} }
@@ -472,11 +478,14 @@ kuserok_simple_plug_f(void *plug_ctx, krb5_context context, const char *rule,
krb5_boolean *result) krb5_boolean *result)
{ {
krb5_error_code ret; krb5_error_code ret;
if (strcmp(rule, "SIMPLE") != 0 || (flags & KUSEROK_ANAME_TO_LNAME_OK) == 0) if (strcmp(rule, "SIMPLE") != 0 || (flags & KUSEROK_ANAME_TO_LNAME_OK) == 0)
return KRB5_PLUGIN_NO_HANDLE; return KRB5_PLUGIN_NO_HANDLE;
ret = check_an2ln(context, principal, luser, result); ret = check_an2ln(context, principal, luser, result);
if (ret == 0 && *result == FALSE) if (ret == 0 && *result == FALSE)
return KRB5_PLUGIN_NO_HANDLE; return KRB5_PLUGIN_NO_HANDLE;
return 0; return 0;
} }
@@ -496,6 +505,7 @@ kuserok_sys_k5login_plug_f(void *plug_ctx, krb5_context context,
krb5_error_code ret; krb5_error_code ret;
*result = FALSE; *result = FALSE;
if (strcmp(rule, "SYSTEM-K5LOGIN") != 0 && if (strcmp(rule, "SYSTEM-K5LOGIN") != 0 &&
strncmp(rule, "SYSTEM-K5LOGIN:", strlen("SYSTEM-K5LOGIN:")) != 0) strncmp(rule, "SYSTEM-K5LOGIN:", strlen("SYSTEM-K5LOGIN:")) != 0)
return KRB5_PLUGIN_NO_HANDLE; return KRB5_PLUGIN_NO_HANDLE;