kdc: add accessor functions for KDC request structure

Add accessor functions for use by Samba and other plugin developers. Documentation is in kdc/kdc-accessors.h.
2022-01-20 09:15:24 +11:00
parent ed4fe65794
commit ec24edf700
12 changed files with 773 additions and 134 deletions
--- a/kdc/altsecid_gss_preauth_authorizer.c
+++ b/kdc/altsecid_gss_preauth_authorizer.c
@@ -397,7 +397,10 @@ authorize(void *ctx,
    struct altsecid_gss_preauth_authorizer_context *c = ctx;
    struct ad_server_tuple *server = NULL;
    krb5_error_code ret;
-    krb5_const_realm realm = krb5_principal_get_realm(r->context, r->client->principal);
+    krb5_context context = kdc_request_get_context((kdc_request_t)r);
+    const hdb_entry *client = kdc_request_get_client(r);
+    krb5_const_principal server_princ = kdc_request_get_server_princ(r);
+    krb5_const_realm realm = krb5_principal_get_realm(context, client->principal);
    krb5_boolean reconnect_p = FALSE;
    krb5_boolean is_tgs;
    heim_data_t requestor_sid = NULL;
@@ -405,11 +408,11 @@ authorize(void *ctx,
    *authorized = FALSE;
    *mapped_name = NULL;

-    if (!krb5_principal_is_federated(r->context, r->client->principal) ||
+    if (!krb5_principal_is_federated(context, client->principal) ||
        (ret_flags & GSS_C_ANON_FLAG))
        return KRB5_PLUGIN_NO_HANDLE;

-    is_tgs = krb5_principal_is_krbtgt(r->context, r->server_princ);
+    is_tgs = krb5_principal_is_krbtgt(context, server_princ);

    HEIM_TAILQ_FOREACH(server, &c->servers, link) {
        if (strcmp(realm, server->realm) == 0)
@@ -419,12 +422,12 @@ authorize(void *ctx,
    if (server == NULL) {
        server = calloc(1, sizeof(*server));
        if (server == NULL)
-            return krb5_enomem(r->context);
+            return krb5_enomem(context);

        server->realm = strdup(realm);
        if (server->realm == NULL) {
            free(server);
-            return krb5_enomem(r->context);
+            return krb5_enomem(context);
        }

        HEIM_TAILQ_INSERT_HEAD(&c->servers, server, link);
@@ -432,12 +435,12 @@ authorize(void *ctx,

    do {
        if (server->ld == NULL) {
-            ret = ad_connect(r->context, realm, server);
+            ret = ad_connect(context, realm, server);
            if (ret)
                return ret;
        }

-        ret = ad_lookup(r->context, realm, server,
+        ret = ad_lookup(context, realm, server,
                        initiator_name, mech_type,
                        mapped_name, is_tgs ? &requestor_sid : NULL);
        if (ret == KRB5KDC_ERR_SVC_UNAVAILABLE) {
@@ -472,8 +475,8 @@ finalize_pac(void *ctx, astgs_request_t r)

    kdc_audit_setkv_object((kdc_request_t)r, "gss_requestor_sid", requestor_sid);

-    return krb5_pac_add_buffer(r->context, r->pac, PAC_REQUESTOR_SID,
-			       heim_data_get_data(requestor_sid));
+    return kdc_request_add_pac_buffer(r, PAC_REQUESTOR_SID,
+				      heim_data_get_data(requestor_sid));
 }

 static KRB5_LIB_CALL krb5_error_code