allow registration of krb5_plugins though the gss-api layer

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23698 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-08-27 11:13:48 +00:00
parent feea335fec
commit 541c7a5d2b
4 changed files with 51 additions and 0 deletions
--- a/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/lib/gssapi/gssapi/gssapi_krb5.h
@@ -68,6 +68,7 @@ extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_DEFAULT_REALM_X;
 extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_CCACHE_NAME_X;
 extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_SET_TIME_OFFSET_X;
 extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TIME_OFFSET_X;
+extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_PLUGIN_REGISTER_X;
 /* Extensions inquire context */
 extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_GET_TKT_FLAGS_X;
 extern GSSAPI_LIB_VARIABLE gss_OID GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X;
@@ -165,6 +166,16 @@ gsskrb5_set_time_offset(int);
 OM_uint32 GSSAPI_LIB_FUNCTION
 gsskrb5_get_time_offset(int *);

+struct gsskrb5_krb5_plugin {
+    enum krb5_plugin_type type;
+    char *name;
+    void *symbol;
+};
+
+OM_uint32 GSSAPI_LIB_FUNCTION
+gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *);
+
+
 /*
 * Lucid - NFSv4 interface to GSS-API KRB5 to expose key material to
 * do GSS content token handling in-kernel.
--- a/lib/gssapi/krb5/external.c
+++ b/lib/gssapi/krb5/external.c
@@ -410,6 +410,13 @@ static gss_OID_desc gss_krb5_get_time_offset_x_desc =
 gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_GET_TIME_OFFSET_X =
    &gss_krb5_get_time_offset_x_desc;

+/* 1.2.752.43.13.19 */
+static gss_OID_desc gss_krb5_plugin_register_x_desc =
+    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13")};
+
+gss_OID GSSAPI_LIB_VARIABLE GSS_KRB5_PLUGIN_REGISTER_KDC_X =
+    &gss_krb5_plugin_register_x_desc;
+
 /* 1.2.752.43.14.1 */
 static gss_OID_desc gss_sasl_digest_md5_mechanism_desc =
    {6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
--- a/lib/gssapi/krb5/set_sec_context_option.c
+++ b/lib/gssapi/krb5/set_sec_context_option.c
@@ -242,6 +242,18 @@ _gsskrb5_set_sec_context_option
 	if (maj_stat != GSS_S_COMPLETE)
 	    return maj_stat;

+	*minor_status = 0;
+	return GSS_S_COMPLETE;
+    } else if (gss_oid_equal(desired_object, GSS_KRB5_PLUGIN_REGISTER_X)) {
+	struct gsskrb5_krb5_plugin c;
+
+	if (value->length != sizeof(c)) {
+	    *minor_status = EINVAL;
+	    return GSS_S_FAILURE;
+	}
+	memcpy(&c, value->value, sizeof(c));
+	krb5_plugin_register(context, c.type, c.name, c.symbol);
+
 	*minor_status = 0;
 	return GSS_S_COMPLETE;
    }
--- a/lib/gssapi/mech/gss_krb5.c
+++ b/lib/gssapi/mech/gss_krb5.c
@@ -920,3 +920,24 @@ gsskrb5_get_time_offset(int *offset)

 	return (GSS_S_UNAVAILABLE);
 }
+
+OM_uint32 GSSAPI_LIB_FUNCTION
+gsskrb5_plugin_register(struct gsskrb5_krb5_plugin *c);
+{
+    struct _gss_mech_switch *m;
+    gss_buffer_desc buffer;
+    OM_uint32 junk;
+
+    _gss_load_mech();
+
+    buffer.value = c;
+    buffer.length = sizeof(*c);
+
+    SLIST_FOREACH(m, &_gss_mechs, gm_link) {
+	if (m->gm_mech.gm_set_sec_context_option == NULL)
+	    continue;
+	m->gm_mech.gm_set_sec_context_option(&junk, NULL,
+	    GSS_KRB5_PLUGIN_REGISTER_X, &buffer);
+    }
+
+    return (GSS_S_COMPLETE);