From d5ad04a7f3e5ce309009ed99b68a41c9c7423076 Mon Sep 17 00:00:00 2001 From: Joseph Sutton Date: Tue, 1 Mar 2022 12:15:50 +1300 Subject: [PATCH] kdc: Add function to add encrypted padata Since plugins no longer have a way of accessing the 'ek' member of the request structure, this function provides a way for a plugin to add encrypted padata to the response. Signed-off-by: Joseph Sutton --- kdc/kdc-plugin.c | 13 +++++++++++++ kdc/libkdc-exports.def | 1 + kdc/version-script.map | 1 + 3 files changed, 15 insertions(+) diff --git a/kdc/kdc-plugin.c b/kdc/kdc-plugin.c index 5c1afc9b4..925c25059 100644 --- a/kdc/kdc-plugin.c +++ b/kdc/kdc-plugin.c @@ -431,6 +431,19 @@ kdc_request_add_reply_padata(astgs_request_t r, PA_DATA *md) return add_METHOD_DATA(r->rep.padata, md); } +KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL +kdc_request_add_encrypted_padata(astgs_request_t r, PA_DATA *md) +{ + if (r->ek.encrypted_pa_data == NULL) { + r->ek.encrypted_pa_data = calloc(1, sizeof *(r->ek.encrypted_pa_data)); + if (r->ek.encrypted_pa_data == NULL) { + return ENOMEM; + } + } + + return add_METHOD_DATA(r->ek.encrypted_pa_data, md); +} + KDC_LIB_FUNCTION krb5_error_code KDC_LIB_CALL kdc_request_add_pac_buffer(astgs_request_t r, uint32_t pactype, diff --git a/kdc/libkdc-exports.def b/kdc/libkdc-exports.def index 533930ec8..2c4564bca 100644 --- a/kdc/libkdc-exports.def +++ b/kdc/libkdc-exports.def @@ -21,6 +21,7 @@ EXPORTS kdc_request_get_attribute kdc_request_copy_attribute kdc_request_delete_attribute + kdc_request_add_encrypted_padata kdc_request_add_pac_buffer kdc_request_add_reply_padata kdc_request_get_addr diff --git a/kdc/version-script.map b/kdc/version-script.map index 8ee2523ea..72a21e629 100644 --- a/kdc/version-script.map +++ b/kdc/version-script.map @@ -24,6 +24,7 @@ HEIMDAL_KDC_1.0 { kdc_request_get_attribute; kdc_request_copy_attribute; kdc_request_delete_attribute; + kdc_request_add_encrypted_padata; kdc_request_add_pac_buffer; kdc_request_add_reply_padata; kdc_request_get_addr;