oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: rename windc to kdc plugin

Browse Source 
Rename the "windc" plugin API to the more general "kdc" plugin API, for two
reasons: the Heimdal KDC uses the Windows PAC even when not emulating a domain
controller, and the plugin API has accreted methods that are not specific to
emulating a domain controller (such as referral_policy and finalize_reply).
This commit is contained in:
Luke Howard
2022-01-03 11:10:18 +11:00
parent a4c6b81ce9
commit fcff5933ad
13 changed files with 90 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/Makefile.am
View File

@@ -111,7 +111,7 @@ CLEANFILES = \
vis.h \ vis.h \
wind.h \ wind.h \
wind_err.h \ wind_err.h \
windc_plugin.h \ kdc-plugin.h \
xdbm.h xdbm.h
DISTCLEANFILES = \ DISTCLEANFILES = \

4
kdc/Makefile.am
View File

@@ -129,7 +129,7 @@ libkdc_la_SOURCES = \
token_validator.c \ token_validator.c \
csr_authorizer.c \ csr_authorizer.c \
process.c \ process.c \
windc.c \ kdc-plugin.c \
gss_preauth.c gss_preauth.c
KDC_PROTOS = $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h KDC_PROTOS = $(srcdir)/kdc-protos.h $(srcdir)/kdc-private.h
@@ -239,7 +239,7 @@ include_HEADERS = kdc.h $(srcdir)/kdc-protos.h
noinst_HEADERS = $(srcdir)/kdc-private.h noinst_HEADERS = $(srcdir)/kdc-private.h
krb5dir = $(includedir)/krb5 krb5dir = $(includedir)/krb5
krb5_HEADERS = windc_plugin.h token_validator_plugin.h csr_authorizer_plugin.h krb5_HEADERS = kdc-plugin.h token_validator_plugin.h csr_authorizer_plugin.h
build_HEADERZ = $(krb5_HEADERS) # XXX build_HEADERZ = $(krb5_HEADERS) # XXX

6
kdc/NTMakefile
View File

@@ -51,7 +51,7 @@ INCFILES=\
$(INCDIR)\kdc.h \ $(INCDIR)\kdc.h \
$(INCDIR)\kdc-protos.h \ $(INCDIR)\kdc-protos.h \
$(INCDIR)\kdc-private.h \ $(INCDIR)\kdc-private.h \
$(INCDIR)\krb5\windc_plugin.h $(INCDIR)\krb5\kdc-plugin.h
all:: $(INCFILES) $(LIBKDC) $(BINPROGRAMS) $(SBINPROGRAMS) $(LIBEXECPROGRAMS) all:: $(INCFILES) $(LIBKDC) $(BINPROGRAMS) $(SBINPROGRAMS) $(LIBEXECPROGRAMS)
@@ -109,7 +109,7 @@ LIBKDC_OBJS=\
$(OBJ)\token_validator.obj \ $(OBJ)\token_validator.obj \
$(OBJ)\csr_authorizer.obj \ $(OBJ)\csr_authorizer.obj \
$(OBJ)\process.obj \ $(OBJ)\process.obj \
$(OBJ)\windc.obj \ $(OBJ)\kdc-plugin.obj \
$(OBJ)\gss_preauth.obj $(OBJ)\gss_preauth.obj
LIBKDC_LIBS=\ LIBKDC_LIBS=\
@@ -150,7 +150,7 @@ libkdc_la_SOURCES = \
token_validator.c \ token_validator.c \
csr_authorizer.c \ csr_authorizer.c \
process.c \ process.c \
windc.c \ kdc-plugin.c \
gss_preauth.c gss_preauth.c
$(OBJ)\kdc-protos.h: $(libkdc_la_SOURCES) $(OBJ)\kdc-protos.h: $(libkdc_la_SOURCES)

2
kdc/config.c
View File

@@ -309,7 +309,7 @@ configure(krb5_context context, int argc, char **argv, int *optidx)
krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE); krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE);
} }
krb5_kdc_windc_init(context); krb5_kdc_plugin_init(context);
krb5_kdc_pkinit_config(context, config); krb5_kdc_pkinit_config(context, config);

2
kdc/headers.h
View File

@@ -104,7 +104,7 @@
#include <heimntlm.h> #include <heimntlm.h>
#endif #endif
#include <kdc.h> #include <kdc.h>
#include <windc_plugin.h> #include <kdc-plugin.h>
#include <heimbase.h> #include <heimbase.h>

42
kdc/windc.c → kdc/kdc-plugin.c
View File

@@ -36,21 +36,21 @@
static int have_plugin = 0; static int have_plugin = 0;
/* /*
* Pick the first WINDC module that we find. * Pick the first KDC plugin module that we find.
*/ */
static const char *windc_plugin_deps[] = { static const char *kdc_plugin_deps[] = {
"kdc", "kdc",
"krb5", "krb5",
"hdb", "hdb",
NULL NULL
}; };
static struct heim_plugin_data windc_plugin_data = { static struct heim_plugin_data kdc_plugin_data = {
"krb5", "krb5",
"windc", "kdc",
KRB5_WINDC_PLUGIN_MINOR, KRB5_KDC_PLUGIN_MINOR,
windc_plugin_deps, kdc_plugin_deps,
kdc_get_instance kdc_get_instance
}; };
@@ -62,9 +62,9 @@ load(krb5_context context, const void *plug, void *plugctx, void *userctx)
} }
krb5_error_code krb5_error_code
krb5_kdc_windc_init(krb5_context context) krb5_kdc_plugin_init(krb5_context context)
{ {
(void)_krb5_plugin_run_f(context, &windc_plugin_data, 0, NULL, load); (void)_krb5_plugin_run_f(context, &kdc_plugin_data, 0, NULL, load);
return 0; return 0;
} }
@@ -80,7 +80,7 @@ struct generate_uc {
static krb5_error_code KRB5_LIB_CALL static krb5_error_code KRB5_LIB_CALL
generate(krb5_context context, const void *plug, void *plugctx, void *userctx) generate(krb5_context context, const void *plug, void *plugctx, void *userctx)
{ {
krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; krb5plugin_kdc_ftable *ft = (krb5plugin_kdc_ftable *)plug;
struct generate_uc *uc = (struct generate_uc *)userctx; struct generate_uc *uc = (struct generate_uc *)userctx;
if (ft->pac_generate == NULL) if (ft->pac_generate == NULL)
@@ -120,7 +120,7 @@ _kdc_pac_generate(krb5_context context,
uc.pac = pac; uc.pac = pac;
uc.pac_attributes = pac_attributes; uc.pac_attributes = pac_attributes;
ret = _krb5_plugin_run_f(context, &windc_plugin_data, ret = _krb5_plugin_run_f(context, &kdc_plugin_data,
0, &uc, generate); 0, &uc, generate);
if (ret != KRB5_PLUGIN_NO_HANDLE) if (ret != KRB5_PLUGIN_NO_HANDLE)
return ret; return ret;
@@ -145,7 +145,7 @@ struct verify_uc {
static krb5_error_code KRB5_LIB_CALL static krb5_error_code KRB5_LIB_CALL
verify(krb5_context context, const void *plug, void *plugctx, void *userctx) verify(krb5_context context, const void *plug, void *plugctx, void *userctx)
{ {
krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; krb5plugin_kdc_ftable *ft = (krb5plugin_kdc_ftable *)plug;
struct verify_uc *uc = (struct verify_uc *)userctx; struct verify_uc *uc = (struct verify_uc *)userctx;
krb5_error_code ret; krb5_error_code ret;
@@ -180,14 +180,14 @@ _kdc_pac_verify(krb5_context context,
uc.krbtgt = krbtgt; uc.krbtgt = krbtgt;
uc.pac = pac; uc.pac = pac;
return _krb5_plugin_run_f(context, &windc_plugin_data, return _krb5_plugin_run_f(context, &kdc_plugin_data,
0, &uc, verify); 0, &uc, verify);
} }
static krb5_error_code KRB5_LIB_CALL static krb5_error_code KRB5_LIB_CALL
check(krb5_context context, const void *plug, void *plugctx, void *userctx) check(krb5_context context, const void *plug, void *plugctx, void *userctx)
{ {
krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; krb5plugin_kdc_ftable *ft = (krb5plugin_kdc_ftable *)plug;
if (ft->client_access == NULL) if (ft->client_access == NULL)
return KRB5_PLUGIN_NO_HANDLE; return KRB5_PLUGIN_NO_HANDLE;
@@ -200,7 +200,7 @@ _kdc_check_access(astgs_request_t r)
krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE; krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
if (have_plugin) { if (have_plugin) {
ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data,
0, r, check); 0, r, check);
} }
@@ -213,7 +213,7 @@ _kdc_check_access(astgs_request_t r)
static krb5_error_code KRB5_LIB_CALL static krb5_error_code KRB5_LIB_CALL
referral_policy(krb5_context context, const void *plug, void *plugctx, void *userctx) referral_policy(krb5_context context, const void *plug, void *plugctx, void *userctx)
{ {
krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; krb5plugin_kdc_ftable *ft = (krb5plugin_kdc_ftable *)plug;
if (ft->referral_policy == NULL) if (ft->referral_policy == NULL)
return KRB5_PLUGIN_NO_HANDLE; return KRB5_PLUGIN_NO_HANDLE;
@@ -226,7 +226,7 @@ _kdc_referral_policy(astgs_request_t r)
krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE; krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
if (have_plugin) if (have_plugin)
ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, 0, r, referral_policy); ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data, 0, r, referral_policy);
return ret; return ret;
} }
@@ -234,7 +234,7 @@ _kdc_referral_policy(astgs_request_t r)
static krb5_error_code KRB5_LIB_CALL static krb5_error_code KRB5_LIB_CALL
finalize_reply(krb5_context context, const void *plug, void *plugctx, void *userctx) finalize_reply(krb5_context context, const void *plug, void *plugctx, void *userctx)
{ {
krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; krb5plugin_kdc_ftable *ft = (krb5plugin_kdc_ftable *)plug;
if (ft->finalize_reply == NULL) if (ft->finalize_reply == NULL)
return KRB5_PLUGIN_NO_HANDLE; return KRB5_PLUGIN_NO_HANDLE;
@@ -247,7 +247,7 @@ _kdc_finalize_reply(astgs_request_t r)
krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE; krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
if (have_plugin) if (have_plugin)
ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, 0, r, finalize_reply); ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data, 0, r, finalize_reply);
if (ret == KRB5_PLUGIN_NO_HANDLE) if (ret == KRB5_PLUGIN_NO_HANDLE)
ret = 0; ret = 0;
@@ -258,7 +258,7 @@ _kdc_finalize_reply(astgs_request_t r)
static krb5_error_code KRB5_LIB_CALL static krb5_error_code KRB5_LIB_CALL
audit(krb5_context context, const void *plug, void *plugctx, void *userctx) audit(krb5_context context, const void *plug, void *plugctx, void *userctx)
{ {
krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug; krb5plugin_kdc_ftable *ft = (krb5plugin_kdc_ftable *)plug;
if (ft->audit == NULL) if (ft->audit == NULL)
return KRB5_PLUGIN_NO_HANDLE; return KRB5_PLUGIN_NO_HANDLE;
@@ -266,12 +266,12 @@ audit(krb5_context context, const void *plug, void *plugctx, void *userctx)
} }
krb5_error_code krb5_error_code
_kdc_windc_audit(astgs_request_t r) _kdc_plugin_audit(astgs_request_t r)
{ {
krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE; krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
if (have_plugin) if (have_plugin)
ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, 0, r, audit); ret = _krb5_plugin_run_f(r->context, &kdc_plugin_data, 0, r, audit);
if (ret == KRB5_PLUGIN_NO_HANDLE) if (ret == KRB5_PLUGIN_NO_HANDLE)
ret = 0; ret = 0;

38
kdc/windc_plugin.h → kdc/kdc-plugin.h
View File

@@ -33,8 +33,8 @@
/* $Id$ */ /* $Id$ */
#ifndef HEIMDAL_KDC_WINDC_PLUGIN_H #ifndef HEIMDAL_KDC_KDC_PLUGIN_H
#define HEIMDAL_KDC_WINDC_PLUGIN_H 1 #define HEIMDAL_KDC_KDC_PLUGIN_H 1
#include <krb5.h> #include <krb5.h>
#include <kdc.h> #include <kdc.h>
@@ -47,7 +47,7 @@ struct hdb_entry_ex;
*/ */
typedef krb5_error_code typedef krb5_error_code
(KRB5_CALLCONV *krb5plugin_windc_pac_generate)(void *, krb5_context, (KRB5_CALLCONV *krb5plugin_kdc_pac_generate)(void *, krb5_context,
struct hdb_entry_ex *, /* client */ struct hdb_entry_ex *, /* client */
struct hdb_entry_ex *, /* server */ struct hdb_entry_ex *, /* server */
const krb5_keyblock *, /* pk_replykey */ const krb5_keyblock *, /* pk_replykey */
@@ -61,7 +61,7 @@ typedef krb5_error_code
*/ */
typedef krb5_error_code typedef krb5_error_code
(KRB5_CALLCONV *krb5plugin_windc_pac_verify)(void *, krb5_context, (KRB5_CALLCONV *krb5plugin_kdc_pac_verify)(void *, krb5_context,
const krb5_principal, /* new ticket client */ const krb5_principal, /* new ticket client */
const krb5_principal, /* delegation proxy */ const krb5_principal, /* delegation proxy */
struct hdb_entry_ex *,/* client */ struct hdb_entry_ex *,/* client */
@@ -75,7 +75,7 @@ typedef krb5_error_code
*/ */
typedef krb5_error_code typedef krb5_error_code
(KRB5_CALLCONV *krb5plugin_windc_client_access)(void *, astgs_request_t); (KRB5_CALLCONV *krb5plugin_kdc_client_access)(void *, astgs_request_t);
/* /*
* A referral policy plugin can either rewrite the server principal * A referral policy plugin can either rewrite the server principal
@@ -89,14 +89,14 @@ typedef krb5_error_code
*/ */
typedef krb5_error_code typedef krb5_error_code
(KRB5_CALLCONV *krb5plugin_windc_referral_policy)(void *, astgs_request_t r); (KRB5_CALLCONV *krb5plugin_kdc_referral_policy)(void *, astgs_request_t);
/* /*
* Update the AS or TGS reply immediately prior to encoding. * Update the AS or TGS reply immediately prior to encoding.
*/ */
typedef krb5_error_code typedef krb5_error_code
(KRB5_CALLCONV *krb5plugin_windc_finalize_reply)(void *, astgs_request_t r); (KRB5_CALLCONV *krb5plugin_kdc_finalize_reply)(void *, astgs_request_t);
/* /*
* Audit an AS or TGS request. This function is called after encoding the * Audit an AS or TGS request. This function is called after encoding the
@@ -107,21 +107,21 @@ typedef krb5_error_code
*/ */
typedef krb5_error_code typedef krb5_error_code
(KRB5_CALLCONV *krb5plugin_windc_audit)(void *, astgs_request_t r); (KRB5_CALLCONV *krb5plugin_kdc_audit)(void *, astgs_request_t);
#define KRB5_WINDC_PLUGIN_MINOR 8 #define KRB5_KDC_PLUGIN_MINOR 8
#define KRB5_WINDC_PLUGING_MINOR KRB5_WINDC_PLUGIN_MINOR #define KRB5_KDC_PLUGING_MINOR KRB5_KDC_PLUGIN_MINOR
typedef struct krb5plugin_windc_ftable { typedef struct krb5plugin_kdc_ftable {
int minor_version; int minor_version;
krb5_error_code (KRB5_CALLCONV *init)(krb5_context, void **); krb5_error_code (KRB5_CALLCONV *init)(krb5_context, void **);
void (KRB5_CALLCONV *fini)(void *); void (KRB5_CALLCONV *fini)(void *);
krb5plugin_windc_pac_generate pac_generate; krb5plugin_kdc_pac_generate pac_generate;
krb5plugin_windc_pac_verify pac_verify; krb5plugin_kdc_pac_verify pac_verify;
krb5plugin_windc_client_access client_access; krb5plugin_kdc_client_access client_access;
krb5plugin_windc_referral_policy referral_policy; krb5plugin_kdc_referral_policy referral_policy;
krb5plugin_windc_finalize_reply finalize_reply; krb5plugin_kdc_finalize_reply finalize_reply;
krb5plugin_windc_audit audit; krb5plugin_kdc_audit audit;
} krb5plugin_windc_ftable; } krb5plugin_kdc_ftable;
#endif /* HEIMDAL_KDC_WINDC_PLUGIN_H */ #endif /* HEIMDAL_KDC_KDC_PLUGIN_H */

2
kdc/libkdc-exports.def
View File

@@ -7,7 +7,7 @@ EXPORTS
kdc_log_msg_va kdc_log_msg_va
kdc_openlog kdc_openlog
kdc_validate_token kdc_validate_token
krb5_kdc_windc_init krb5_kdc_plugin_init
krb5_kdc_get_config krb5_kdc_get_config
krb5_kdc_pkinit_config krb5_kdc_pkinit_config
krb5_kdc_set_dbinfo krb5_kdc_set_dbinfo

4
kdc/misc.c
View File

@@ -343,7 +343,7 @@ _kdc_include_pac_p(astgs_request_t r)
} }
/* /*
* Notify the HDB backend and windc plugin of the audited event. * Notify the HDB backend and KDC plugin of the audited event.
*/ */
krb5_error_code krb5_error_code
@@ -352,7 +352,7 @@ _kdc_audit_request(astgs_request_t r)
krb5_error_code ret; krb5_error_code ret;
struct HDB *hdb; struct HDB *hdb;
ret = _kdc_windc_audit(r); ret = _kdc_plugin_audit(r);
if (ret == 0 && if (ret == 0 &&
(hdb = r->clientdb ? r->clientdb : r->config->db[0]) && (hdb = r->clientdb ? r->clientdb : r->config->db[0]) &&
hdb->hdb_audit) hdb->hdb_audit)

2
kdc/version-script.map
View File

@@ -11,7 +11,7 @@ HEIMDAL_KDC_1.0 {
kdc_openlog; kdc_openlog;
kdc_check_flags; kdc_check_flags;
kdc_validate_token; kdc_validate_token;
krb5_kdc_windc_init; krb5_kdc_plugin_init;
krb5_kdc_get_config; krb5_kdc_get_config;
krb5_kdc_pkinit_config; krb5_kdc_pkinit_config;
krb5_kdc_set_dbinfo; krb5_kdc_set_dbinfo;

6
tests/plugin/Makefile.am
View File

@@ -29,10 +29,10 @@ krb5.conf: krb5.conf.in Makefile
$(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp $(do_subst) < $(srcdir)/krb5.conf.in > krb5.conf.tmp
mv krb5.conf.tmp krb5.conf mv krb5.conf.tmp krb5.conf
lib_LTLIBRARIES = windc.la lib_LTLIBRARIES = kdc_test_plugin.la
windc_la_SOURCES = windc.c kdc_test_plugin_la_SOURCES = kdc_test_plugin.c
windc_la_LDFLAGS = -module kdc_test_plugin_la_LDFLAGS = -module
CLEANFILES= \ CLEANFILES= \
$(TESTS) \ $(TESTS) \

4
tests/plugin/check-pac.in
View File

@@ -115,8 +115,8 @@ trap "kill ${kdcpid}; echo signal killing kdc; exit 1;" EXIT
ec=0 ec=0
echo "Check that WINDC module was loaded " echo "Check that KDC plugin module was loaded "
grep "windc init" messages.log >/dev/null || \ grep "kdc plugin init" messages.log >/dev/null || \
{ ec=1 ; eval "${testfailed}"; } { ec=1 ; eval "${testfailed}"; }
echo "Getting client initial tickets"; > messages.log echo "Getting client initial tickets"; > messages.log

36
tests/plugin/windc.c → tests/plugin/kdc_test_plugin.c
View File

@@ -3,18 +3,18 @@
#include <hdb.h> #include <hdb.h>
#include <hx509.h> #include <hx509.h>
#include <kdc.h> #include <kdc.h>
#include <windc_plugin.h> #include <kdc-plugin.h>
static krb5_error_code KRB5_CALLCONV static krb5_error_code KRB5_CALLCONV
windc_init(krb5_context context, void **ctx) init(krb5_context context, void **ctx)
{ {
krb5_warnx(context, "windc init"); krb5_warnx(context, "kdc plugin init");
*ctx = NULL; *ctx = NULL;
return 0; return 0;
} }
static void KRB5_CALLCONV static void KRB5_CALLCONV
windc_fini(void *ctx) fini(void *ctx)
{ {
} }
@@ -123,10 +123,10 @@ audit(void *ctx, astgs_request_t r)
return 0; return 0;
} }
static krb5plugin_windc_ftable windc = { static krb5plugin_kdc_ftable kdc_plugin = {
KRB5_WINDC_PLUGING_MINOR, KRB5_KDC_PLUGING_MINOR,
windc_init, init,
windc_fini, fini,
pac_generate, pac_generate,
pac_verify, pac_verify,
client_access, client_access,
@@ -135,18 +135,18 @@ static krb5plugin_windc_ftable windc = {
audit audit
}; };
static const krb5plugin_windc_ftable *const windc_plugins[] = { static const krb5plugin_kdc_ftable *const kdc_plugins[] = {
&windc &kdc_plugin
}; };
krb5_error_code KRB5_CALLCONV krb5_error_code KRB5_CALLCONV
windc_plugin_load(krb5_context context, kdc_plugin_load(krb5_context context,
krb5_get_instance_func_t *get_instance, krb5_get_instance_func_t *get_instance,
size_t *num_plugins, size_t *num_plugins,
const krb5plugin_windc_ftable *const **plugins); const krb5plugin_kdc_ftable *const **plugins);
static uintptr_t KRB5_CALLCONV static uintptr_t KRB5_CALLCONV
windc_get_instance(const char *libname) kdc_plugin_get_instance(const char *libname)
{ {
if (strcmp(libname, "hdb") == 0) if (strcmp(libname, "hdb") == 0)
return hdb_get_instance(libname); return hdb_get_instance(libname);
@@ -157,14 +157,14 @@ windc_get_instance(const char *libname)
} }
krb5_error_code KRB5_CALLCONV krb5_error_code KRB5_CALLCONV
windc_plugin_load(krb5_context context, kdc_plugin_load(krb5_context context,
krb5_get_instance_func_t *get_instance, krb5_get_instance_func_t *get_instance,
size_t *num_plugins, size_t *num_plugins,
const krb5plugin_windc_ftable *const **plugins) const krb5plugin_kdc_ftable *const **plugins)
{ {
*get_instance = windc_get_instance; *get_instance = kdc_plugin_get_instance;
*num_plugins = sizeof(windc_plugins) / sizeof(windc_plugins[0]); *num_plugins = sizeof(kdc_plugins) / sizeof(kdc_plugins[0]);
*plugins = windc_plugins; *plugins = kdc_plugins;
return 0; return 0;
} }