From f53e1e787668e7c4233271784fe48d644f791b60 Mon Sep 17 00:00:00 2001 From: Love Hornquist Astrand Date: Tue, 4 Jun 2013 00:04:16 -0700 Subject: [PATCH] switch to new plugin handler --- kdc/windc.c | 162 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 114 insertions(+), 48 deletions(-) diff --git a/kdc/windc.c b/kdc/windc.c index 919015649..6c30b0278 100644 --- a/kdc/windc.c +++ b/kdc/windc.c @@ -33,53 +33,84 @@ #include "kdc_locl.h" -static krb5plugin_windc_ftable *windcft; -static void *windcctx; +static int have_plugin = 0; /* * Pick the first WINDC module that we find. */ +static krb5_error_code KRB5_LIB_CALL +load(krb5_context context, const void *plug, void *plugctx, void *userctx) +{ + have_plugin = 1; + return KRB5_PLUGIN_NO_HANDLE; +} + krb5_error_code krb5_kdc_windc_init(krb5_context context) { -#if 0 - struct krb5_plugin *list = NULL, *e; - krb5_error_code ret; - - ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "windc", &list); - if(ret != 0 || list == NULL) - return 0; - - for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { - - windcft = _krb5_plugin_get_symbol(e); - if (windcft->minor_version < KRB5_WINDC_PLUGIN_MINOR) - continue; - - (*windcft->init)(context, &windcctx); - break; - } - _krb5_plugin_free(list); - if (e == NULL) { - krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin"); - windcft = NULL; - return ENOENT; - } -#endif + (void)_krb5_plugin_run_f(context, "krb5", "windc", + KRB5_WINDC_PLUGIN_MINOR, 0, NULL, load); return 0; } +struct generate_uc { + hdb_entry_ex *client; + krb5_pac *pac; +}; + +static krb5_error_code KRB5_LIB_CALL +generate(krb5_context context, const void *plug, void *plugctx, void *userctx) +{ + krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; + struct generate_uc *uc = (struct generate_uc *)userctx; + return ft->pac_generate((void *)plug, context, uc->client, uc->pac); +} + krb5_error_code _kdc_pac_generate(krb5_context context, hdb_entry_ex *client, krb5_pac *pac) { - *pac = NULL; - if (windcft == NULL) + struct generate_uc uc; + + if (!have_plugin) return 0; - return (windcft->pac_generate)(windcctx, context, client, pac); + + uc.client = client; + uc.pac = pac; + + (void)_krb5_plugin_run_f(context, "krb5", "windc", + KRB5_WINDC_PLUGIN_MINOR, 0, &uc, generate); + return 0; +} + +struct verify_uc { + krb5_principal client_principal; + krb5_principal delegated_proxy_principal; + hdb_entry_ex *client; + hdb_entry_ex *server; + hdb_entry_ex *krbtgt; + krb5_pac *pac; + int *verified; +}; + +static krb5_error_code KRB5_LIB_CALL +verify(krb5_context context, const void *plug, void *plugctx, void *userctx) +{ + krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; + struct verify_uc *uc = (struct verify_uc *)userctx; + krb5_error_code ret; + + ret = ft->pac_verify((void *)plug, context, + uc->client_principal, + uc->delegated_proxy_principal, + uc->client, uc->server, uc->krbtgt, uc->pac); + if (ret == 0) + (*uc->verified) = 1; + + return 0; } krb5_error_code @@ -92,20 +123,47 @@ _kdc_pac_verify(krb5_context context, krb5_pac *pac, int *verified) { - krb5_error_code ret; + struct verify_uc uc; - if (windcft == NULL) + if (!have_plugin) return 0; - ret = windcft->pac_verify(windcctx, context, - client_principal, - delegated_proxy_principal, - client, server, krbtgt, pac); - if (ret == 0) - *verified = 1; - return ret; + uc.client_principal = client_principal; + uc.delegated_proxy_principal = delegated_proxy_principal; + uc.client = client; + uc.server = server; + uc.krbtgt = krbtgt; + uc.pac = pac; + uc.verified = verified; + + (void)_krb5_plugin_run_f(context, "krb5", "windc", + KRB5_WINDC_PLUGIN_MINOR, 0, &uc, verify); + return 0; } +struct check_uc { + krb5_kdc_configuration *config; + hdb_entry_ex *client_ex; + const char *client_name; + hdb_entry_ex *server_ex; + const char *server_name; + KDC_REQ *req; + METHOD_DATA *method_data; +}; + +static krb5_error_code KRB5_LIB_CALL +check(krb5_context context, const void *plug, void *plugctx, void *userctx) +{ + krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; + struct check_uc *uc = (struct check_uc *)userctx; + + return ft->client_access((void *)plug, context, uc->config, + uc->client_ex, uc->client_name, + uc->server_ex, uc->server_name, + uc->req, uc->method_data); +} + + krb5_error_code _kdc_check_access(krb5_context context, krb5_kdc_configuration *config, @@ -114,15 +172,23 @@ _kdc_check_access(krb5_context context, KDC_REQ *req, METHOD_DATA *method_data) { - if (windcft == NULL) - return kdc_check_flags(context, config, - client_ex, client_name, - server_ex, server_name, - req->msg_type == krb_as_req); + struct check_uc uc; + + if (!have_plugin) + return kdc_check_flags(context, config, + client_ex, client_name, + server_ex, server_name, + req->msg_type == krb_as_req); + + uc.config = config; + uc.client_ex = client_ex; + uc.client_name = client_name; + uc.server_ex = server_ex; + uc.server_name = server_name; + uc.req = req; + uc.method_data = method_data; + + return _krb5_plugin_run_f(context, "krb5", "windc", + KRB5_WINDC_PLUGIN_MINOR, 0, &uc, check); - return (windcft->client_access)(windcctx, - context, config, - client_ex, client_name, - server_ex, server_name, - req, method_data); }