krb5 commit: Update test KDC authdata module to new interface

Greg Hudson ghudson at mit.edu
Mon Jun 15 12:56:01 EDT 2015


https://github.com/krb5/krb5/commit/b9820f5b3bfe1347565a39b6f8dce97828e8a2a3
commit b9820f5b3bfe1347565a39b6f8dce97828e8a2a3
Author: Greg Hudson <ghudson at mit.edu>
Date:   Mon Sep 29 11:19:08 2014 -0400

    Update test KDC authdata module to new interface
    
    Remove plugins/authdata/greet, which was a v0 KDC module.  Modify
    plugins/authdata/greet_server to use the new interface.  Within
    greet_auth.c, remove the unused function greet_kdc_verify.  Build the
    greet_client and greet_server modules by default, but do not install
    them.

 src/Makefile.in                                    |    3 +-
 src/configure.in                                   |    1 -
 src/plugins/authdata/greet/Makefile.in             |   23 -----
 src/plugins/authdata/greet/deps                    |    6 -
 src/plugins/authdata/greet/greet.exports           |    1 -
 src/plugins/authdata/greet/greet_auth.c            |   99 --------------------
 src/plugins/authdata/greet_client/Makefile.in      |    3 +-
 src/plugins/authdata/greet_server/Makefile.in      |    3 +-
 src/plugins/authdata/greet_server/greet_auth.c     |   78 +++------------
 .../authdata/greet_server/greet_server.exports     |    2 +-
 10 files changed, 21 insertions(+), 198 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index 65951c5..3c81b22 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -6,7 +6,6 @@ mydir=.
 #	plugins/locate/python
 #	plugins/preauth/wpse
 #	plugins/preauth/cksum_body
-#	plugins/authdata/greet
 SUBDIRS=util include lib \
 	@sam2_plugin@ \
 	plugins/audit \
@@ -16,6 +15,8 @@ SUBDIRS=util include lib \
 	plugins/hostrealm/test \
 	plugins/localauth/test \
 	plugins/pwqual/test \
+	plugins/authdata/greet_server \
+	plugins/authdata/greet_client \
 	plugins/kdb/db2 \
 	@ldap_plugin_dir@ \
 	plugins/kdb/test \
diff --git a/src/configure.in b/src/configure.in
index f1ba570..13a9b58 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -1451,7 +1451,6 @@ dnl	ccapi ccapi/lib ccapi/lib/unix ccapi/server ccapi/server/unix ccapi/test
 	plugins/preauth/otp
 	plugins/preauth/securid_sam2
 	plugins/preauth/wpse
-	plugins/authdata/greet
 	plugins/authdata/greet_client
 	plugins/authdata/greet_server
 	plugins/tls/k5tls
diff --git a/src/plugins/authdata/greet/Makefile.in b/src/plugins/authdata/greet/Makefile.in
deleted file mode 100644
index f204e2f..0000000
--- a/src/plugins/authdata/greet/Makefile.in
+++ /dev/null
@@ -1,23 +0,0 @@
-mydir=plugins$(S)authdata$(S)greet
-BUILDTOP=$(REL)..$(S)..$(S)..
-MODULE_INSTALL_DIR = $(KRB5_AD_MODULE_DIR)
-
-LIBBASE=greet
-LIBMAJOR=0
-LIBMINOR=0
-#RELDIR=../plugins/preauth/wpse
-# Depends on nothing
-SHLIB_EXPDEPS =
-SHLIB_EXPLIBS=
-
-STLIBOBJS= greet_auth.o
-
-SRCS=	greet_auth.c
-
-all-unix:: all-libs
-install-unix:: install-libs
-clean-unix:: clean-libs clean-libobjs
-
- at libnover_frag@
- at libobj_frag@
-
diff --git a/src/plugins/authdata/greet/deps b/src/plugins/authdata/greet/deps
deleted file mode 100644
index ea4b503..0000000
--- a/src/plugins/authdata/greet/deps
+++ /dev/null
@@ -1,6 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5/authdata_plugin.h \
-  greet_auth.c
diff --git a/src/plugins/authdata/greet/greet.exports b/src/plugins/authdata/greet/greet.exports
deleted file mode 100644
index 1189eff..0000000
--- a/src/plugins/authdata/greet/greet.exports
+++ /dev/null
@@ -1 +0,0 @@
-authdata_server_0
diff --git a/src/plugins/authdata/greet/greet_auth.c b/src/plugins/authdata/greet/greet_auth.c
deleted file mode 100644
index beac135..0000000
--- a/src/plugins/authdata/greet/greet_auth.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* plugins/authdata/greet/greet_auth.c */
-/*
- * Copyright 2008 by the Massachusetts Institute of Technology.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-/*
- *
- * Sample authorization data plugin
- */
-
-#include <string.h>
-#include <errno.h>
-#include <krb5/authdata_plugin.h>
-
-typedef struct krb5_db_entry krb5_db_entry;
-
-static krb5_error_code
-greet_init(krb5_context ctx, void **blob)
-{
-    *blob = "hello";
-    return 0;
-}
-
-static void
-greet_fini(krb5_context ctx, void *blob)
-{
-}
-
-static krb5_error_code
-greet_authdata(krb5_context ctx, krb5_db_entry *client,
-               krb5_data *req_pkt,
-               krb5_kdc_req *request,
-               krb5_enc_tkt_part * enc_tkt_reply)
-{
-#define GREET_SIZE (20)
-
-    char *p;
-    krb5_authdata *a;
-    size_t count;
-    krb5_authdata **new_ad;
-
-    p = calloc(1, GREET_SIZE);
-    a = calloc(1, sizeof(*a));
-
-    if (p == NULL || a == NULL) {
-        free(p);
-        free(a);
-        return ENOMEM;
-    }
-    strncpy(p, "hello there", GREET_SIZE-1);
-    a->magic = KV5M_AUTHDATA;
-    a->ad_type = -42;
-    a->length = GREET_SIZE;
-    a->contents = (unsigned char *)p;
-    if (enc_tkt_reply->authorization_data == 0) {
-        count = 0;
-    } else {
-        for (count = 0; enc_tkt_reply->authorization_data[count] != 0; count++)
-            ;
-    }
-    new_ad = realloc(enc_tkt_reply->authorization_data,
-                     (count+2) * sizeof(krb5_authdata *));
-    if (new_ad == NULL) {
-        free(p);
-        free(a);
-        return ENOMEM;
-    }
-    enc_tkt_reply->authorization_data = new_ad;
-    new_ad[count] = a;
-    new_ad[count+1] = NULL;
-    return 0;
-}
-
-krb5plugin_authdata_ftable_v0 authdata_server_0 = {
-    "greet",
-    greet_init,
-    greet_fini,
-    greet_authdata,
-};
diff --git a/src/plugins/authdata/greet_client/Makefile.in b/src/plugins/authdata/greet_client/Makefile.in
index 7f7277b..e1af8cc 100644
--- a/src/plugins/authdata/greet_client/Makefile.in
+++ b/src/plugins/authdata/greet_client/Makefile.in
@@ -1,6 +1,5 @@
 mydir=plugins$(S)authdata$(S)greet_client
 BUILDTOP=$(REL)..$(S)..$(S)..
-MODULE_INSTALL_DIR = $(KRB5_AD_MODULE_DIR)
 
 LIBBASE=greet_client
 LIBMAJOR=0
@@ -13,7 +12,7 @@ STLIBOBJS= greet.o
 SRCS=	greet.c
 
 all-unix:: all-libs
-install-unix:: install-libs
+install-unix::
 clean-unix:: clean-libs clean-libobjs
 
 @libnover_frag@
diff --git a/src/plugins/authdata/greet_server/Makefile.in b/src/plugins/authdata/greet_server/Makefile.in
index 598ee1f..a013076 100644
--- a/src/plugins/authdata/greet_server/Makefile.in
+++ b/src/plugins/authdata/greet_server/Makefile.in
@@ -1,6 +1,5 @@
 mydir=plugins$(S)authdata$(S)greet_server
 BUILDTOP=$(REL)..$(S)..$(S)..
-MODULE_INSTALL_DIR = $(KRB5_AD_MODULE_DIR)
 
 LIBBASE=greet_server
 LIBMAJOR=1
@@ -14,7 +13,7 @@ STLIBOBJS= greet_auth.o
 SRCS=	greet_auth.c
 
 all-unix:: all-libs
-install-unix:: install-libs
+install-unix::
 clean-unix:: clean-libs clean-libobjs
 
 @libnover_frag@
diff --git a/src/plugins/authdata/greet_server/greet_auth.c b/src/plugins/authdata/greet_server/greet_auth.c
index 9d8444b..1f1e9de 100644
--- a/src/plugins/authdata/greet_server/greet_auth.c
+++ b/src/plugins/authdata/greet_server/greet_auth.c
@@ -29,19 +29,7 @@
  */
 
 #include <k5-int.h>
-#include <krb5/authdata_plugin.h>
-#include <kdb.h>
-
-static krb5_error_code
-greet_init(krb5_context ctx, void **blob)
-{
-    return 0;
-}
-
-static void
-greet_fini(krb5_context ctx, void *blob)
-{
-}
+#include <krb5/kdcauthdata_plugin.h>
 
 static krb5_error_code greet_hello(krb5_context context, krb5_data **ret)
 {
@@ -54,49 +42,6 @@ static krb5_error_code greet_hello(krb5_context context, krb5_data **ret)
 }
 
 static krb5_error_code
-greet_kdc_verify(krb5_context context,
-                 krb5_enc_tkt_part *enc_tkt_request,
-                 krb5_data **greeting)
-{
-    krb5_error_code code;
-    krb5_authdata **tgt_authdata = NULL;
-    krb5_authdata **kdc_issued = NULL;
-    krb5_authdata **greet = NULL;
-
-    code = krb5_find_authdata(context, enc_tkt_request->authorization_data,
-                              NULL, KRB5_AUTHDATA_KDC_ISSUED, &tgt_authdata);
-    if (code != 0 || tgt_authdata == NULL)
-        return 0;
-
-    code = krb5_verify_authdata_kdc_issued(context,
-                                           enc_tkt_request->session,
-                                           tgt_authdata[0],
-                                           NULL,
-                                           &kdc_issued);
-    if (code != 0) {
-        krb5_free_authdata(context, tgt_authdata);
-        return code;
-    }
-
-    code = krb5_find_authdata(context, kdc_issued, NULL, -42, &greet);
-    if (code == 0) {
-        krb5_data tmp;
-
-        tmp.data = (char *)greet[0]->contents;
-        tmp.length = greet[0]->length;
-
-        code = krb5_copy_data(context, &tmp, greeting);
-    } else
-        code = 0;
-
-    krb5_free_authdata(context, tgt_authdata);
-    krb5_free_authdata(context, kdc_issued);
-    krb5_free_authdata(context, greet);
-
-    return code;
-}
-
-static krb5_error_code
 greet_kdc_sign(krb5_context context,
                krb5_enc_tkt_part *enc_tkt_reply,
                krb5_const_principal tgs,
@@ -149,6 +94,7 @@ greet_kdc_sign(krb5_context context,
 
 static krb5_error_code
 greet_authdata(krb5_context context,
+               krb5_kdcauthdata_moddata moddata,
                unsigned int flags,
                krb5_db_entry *client,
                krb5_db_entry *server,
@@ -179,9 +125,17 @@ greet_authdata(krb5_context context,
     return code;
 }
 
-krb5plugin_authdata_server_ftable_v2 authdata_server_2 = {
-    "greet",
-    greet_init,
-    greet_fini,
-    greet_authdata,
-};
+krb5_error_code
+kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable);
+
+krb5_error_code
+kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,
+                         krb5_plugin_vtable vtable)
+{
+    krb5_kdcauthdata_vtable vt = (krb5_kdcauthdata_vtable)vtable;
+
+    vt->name = "greet";
+    vt->handle = greet_authdata;
+    return 0;
+}
diff --git a/src/plugins/authdata/greet_server/greet_server.exports b/src/plugins/authdata/greet_server/greet_server.exports
index ed34a7f..bddbef1 100644
--- a/src/plugins/authdata/greet_server/greet_server.exports
+++ b/src/plugins/authdata/greet_server/greet_server.exports
@@ -1 +1 @@
-authdata_server_2
+kdcauthdata_greet_initvt


More information about the cvs-krb5 mailing list