[krbdev.mit.edu #6020] Application server side support for authdata generated by authdata plugins
Alexandra Ellwood via RT
rt-comment at krbdev.mit.edu
Mon Jul 7 16:26:08 EDT 2008
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h Kerberos/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h 2007-03-09 13:15:18.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h 2007-03-29 01:54:58.000000000 -0700
@@ -12,6 +12,7 @@
#define KRB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosFrameworkPlugins"
#define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
+#define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosAuthDataPlugins"
#define SHARED 1
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj Kerberos/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj
--- Kerberos.orig/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj 2007-03-29 01:52:29.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj 2007-03-29 01:54:58.000000000 -0700
@@ -70,8 +70,9 @@
/* End PBXAggregateTarget section */
/* Begin PBXBuildFile section */
- 729C0C390A526A75004D326F /* pkinit_apple_server.c in Sources */ = {isa = PBXBuildFile; fileRef = A15344CB0940F21400A3FB34 /* pkinit_apple_server.c */; };
724593AC0A54A8BB009AD017 /* notify_pws.c in Sources */ = {isa = PBXBuildFile; fileRef = 724593AB0A54A8BB009AD017 /* notify_pws.c */; };
+ 727FB3180B55A7FA006E5270 /* kdc_authdata.c in Sources */ = {isa = PBXBuildFile; fileRef = 727FB3170B55A7FA006E5270 /* kdc_authdata.c */; };
+ 729C0C390A526A75004D326F /* pkinit_apple_server.c in Sources */ = {isa = PBXBuildFile; fileRef = A15344CB0940F21400A3FB34 /* pkinit_apple_server.c */; };
A10D141A09DDBAF6004F9B1E /* fake-addrinfo.c in Sources */ = {isa = PBXBuildFile; fileRef = A15346A10940F21700A3FB34 /* fake-addrinfo.c */; };
A10D141B09DDBAF6004F9B1E /* init-addrinfo.c in Sources */ = {isa = PBXBuildFile; fileRef = A15346A20940F21700A3FB34 /* init-addrinfo.c */; };
A10D141C09DDBAF6004F9B1E /* plugins.c in Sources */ = {isa = PBXBuildFile; fileRef = A1E7180109C85F4400525147 /* plugins.c */; };
@@ -1159,9 +1160,10 @@
/* End PBXCopyFilesBuildPhase section */
/* Begin PBXFileReference section */
+ 724593AB0A54A8BB009AD017 /* notify_pws.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = notify_pws.c; sourceTree = "<group>"; };
+ 727FB3170B55A7FA006E5270 /* kdc_authdata.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; name = kdc_authdata.c; path = ../Sources/kdc/kdc_authdata.c; sourceTree = SOURCE_ROOT; };
A108E6210A41E1E0008545E5 /* Release.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = Release.xcconfig; path = ../../../Common/Resources/Release.xcconfig; sourceTree = SOURCE_ROOT; };
A108E6220A41E1E0008545E5 /* Debug.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; name = Debug.xcconfig; path = ../../../Common/Resources/Debug.xcconfig; sourceTree = SOURCE_ROOT; };
- 724593AB0A54A8BB009AD017 /* notify_pws.c */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.c; path = notify_pws.c; sourceTree = "<group>"; };
A10D141409DDBAC0004F9B1E /* libsupport.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsupport.a; sourceTree = BUILT_PRODUCTS_DIR; };
A10D155409DDCBB3004F9B1E /* libgssrpc.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libgssrpc.a; sourceTree = BUILT_PRODUCTS_DIR; };
A10D15B809DDCFE0004F9B1E /* types.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = types.h; sourceTree = "<group>"; };
@@ -7575,6 +7577,7 @@
F5CFD36F022D854401120112 = {
isa = PBXGroup;
children = (
+ 727FB3170B55A7FA006E5270 /* kdc_authdata.c */,
A108E6210A41E1E0008545E5 /* Release.xcconfig */,
A108E6220A41E1E0008545E5 /* Debug.xcconfig */,
A1BB08AF09EEDE7C0099B7F0 /* des425.pbexp */,
@@ -8260,6 +8263,7 @@
F5CFD36E022D854401120112 /* Project object */ = {
isa = PBXProject;
buildConfigurationList = A1518ECE086C85C40042CBBC /* Build configuration list for PBXProject "Kerberos5" */;
+ compatibilityVersion = "Xcode 2.4";
hasScannedForEncodings = 1;
mainGroup = F5CFD36F022D854401120112;
productRefGroup = F5CFD5CB022D86AD01120112 /* Products */;
@@ -8282,6 +8286,8 @@
ProjectRef = A163FB7B0A51CD5E0082F6D4 /* KerberosIPC.xcodeproj */;
},
);
+ projectRoot = "";
+ shouldCheckCompatibility = 1;
targets = (
A1E4F4F409E5C62100A56C1C /* Configure */,
A1B08BF7087F22550063079F /* Error Tables */,
@@ -9325,6 +9331,7 @@
A140AA2F09F0138D001D95C6 /* policy.c in Sources */,
A140AA3009F0138D001D95C6 /* replay.c in Sources */,
724593AC0A54A8BB009AD017 /* notify_pws.c in Sources */,
+ 727FB3180B55A7FA006E5270 /* kdc_authdata.c in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h Kerberos/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h 1969-12-31 16:00:00.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/include/krb5/authdata_plugin.h 2007-03-29 01:54:58.000000000 -0700
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2007 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Apple Inc, nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * <krb5/authdata_plugin.h>
+ *
+ * AuthorizationData plugin definitions for Kerberos 5.
+ *
+ */
+
+#ifndef KRB5_AUTHDATA_PLUGIN_H_INCLUDED
+#define KRB5_AUTHDATA_PLUGIN_H_INCLUDED
+#include <krb5/krb5.h>
+
+/*
+ * While arguments of these types are passed-in, for the most part a preauth
+ * module can treat them as opaque. If we need keying data, we can ask for
+ * it directly.
+ */
+struct _krb5_db_entry_new;
+
+/*
+ * The function table / structure which a preauth server module must export as
+ * "authdata_server_0". NOTE: replace "0" with "1" for the type and
+ * variable names if this gets picked up by upstream. If the interfaces work
+ * correctly, future versions of the table will add either more callbacks or
+ * more arguments to callbacks, and in both cases we'll be able to wrap the v0
+ * functions.
+ */
+typedef struct krb5plugin_authdata_ftable_v0 {
+ /* Not-usually-visible name. */
+ char *name;
+
+ /* Per-plugin initialization/cleanup. The init function is called by the
+ * KDC when the plugin is loaded, and the fini function is called before
+ * the plugin is unloaded. Both are optional. */
+ krb5_error_code (*init_proc)(krb5_context, void **);
+ void (*fini_proc)(krb5_context, void *);
+ krb5_error_code (*authdata_proc)(krb5_context,
+ struct _krb5_db_entry_new *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part *enc_tkt_reply);
+} krb5plugin_authdata_ftable_v0;
+#endif /* KRB5_AUTHDATA_PLUGIN_H_INCLUDED */
\ No newline at end of file
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h Kerberos/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h 2007-03-09 13:15:40.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/include/stock/osconf.h 2007-03-29 01:54:58.000000000 -0700
@@ -52,6 +52,8 @@
#define DEFAULT_PROFILE_PATH ("~/Library/Preferences/edu.mit.Kerberos" ":" DEFAULT_SECURE_PROFILE_PATH)
#define KRB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosFrameworkPlugins"
#define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
+#define KDB5_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosDatabasePlugins"
+#define KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR "/System/Library/KerberosPlugins/KerberosAuthDataPlugins"
#else
#define DEFAULT_SECURE_PROFILE_PATH "/etc/krb5.conf:@SYSCONFDIR/krb5.conf"
#define DEFAULT_PROFILE_PATH DEFAULT_SECURE_PROFILE_PATH
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c 2007-03-29 01:52:28.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c 2007-03-29 01:54:58.000000000 -0700
@@ -1,6 +1,7 @@
/*
* kdc/do_as_req.c
*
+ * Portions Copyright (C) 2007 Apple Inc.
* Copyright 1990,1991 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
@@ -318,6 +319,11 @@
goto errout;
}
+ errcode = handle_authdata(kdc_context, &client, req_pkt, request, &enc_tkt_reply);
+ if (errcode) {
+ krb5_klog_syslog(LOG_INFO, "AS_REQ : handle_authdata (%d)", errcode);
+ }
+
ticket_reply.enc_part2 = &enc_tkt_reply;
/*
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c 1969-12-31 16:00:00.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_authdata.c 2007-03-29 01:54:58.000000000 -0700
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 2007 Apple Inc. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Apple Inc, nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * kdc/kdc_authdata.c
+ *
+ * AuthorizationData routines for the KDC.
+ */
+
+#include "k5-int.h"
+#include "kdc_util.h"
+#include "extern.h"
+#include <stdio.h>
+#include "adm_proto.h"
+
+#include <syslog.h>
+
+#include <assert.h>
+#include "../include/krb5/authdata_plugin.h"
+
+#if TARGET_OS_MAC
+static const char *objdirs[] = { KRB5_AUTHDATA_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/authdata", NULL }; /* should be a list */
+#else
+static const char *objdirs[] = { LIBDIR "/krb5/plugins/authdata", NULL };
+#endif
+
+typedef krb5_error_code (*authdata_proc)
+ (krb5_context, krb5_db_entry *client,
+ krb5_data *req_pkt,
+ krb5_kdc_req *request,
+ krb5_enc_tkt_part * enc_tkt_reply);
+
+typedef krb5_error_code (*init_proc)
+ (krb5_context, void **);
+typedef void (*fini_proc)
+ (krb5_context, void *);
+
+typedef struct _krb5_authdata_systems {
+ const char *name;
+ int type;
+ int flags;
+ void *plugin_context;
+ init_proc init;
+ fini_proc fini;
+ authdata_proc handle_authdata;
+} krb5_authdata_systems;
+
+static krb5_authdata_systems static_authdata_systems[] = {
+ { "[end]", -1,}
+};
+
+static krb5_authdata_systems *authdata_systems;
+static int n_authdata_systems;
+static struct plugin_dir_handle authdata_plugins;
+
+krb5_error_code
+load_authdata_plugins(krb5_context context)
+{
+ struct errinfo err;
+ void **authdata_plugins_ftables = NULL;
+ struct krb5plugin_authdata_ftable_v0 *ftable = NULL;
+ int module_count, i, k;
+ init_proc server_init_proc = NULL;
+
+ memset(&err, 0, sizeof(err));
+
+ /* Attempt to load all of the authdata plugins we can find. */
+ PLUGIN_DIR_INIT(&authdata_plugins);
+ if (PLUGIN_DIR_OPEN(&authdata_plugins) == 0) {
+ if (krb5int_open_plugin_dirs(objdirs, NULL,
+ &authdata_plugins, &err) != 0) {
+ return KRB5_PLUGIN_NO_HANDLE;
+ }
+ }
+
+ /* Get the method tables provided by the loaded plugins. */
+ authdata_plugins_ftables = NULL;
+ n_authdata_systems = 0;
+ if (krb5int_get_plugin_dir_data(&authdata_plugins,
+ "authdata_server_0",
+ &authdata_plugins_ftables, &err) != 0) {
+ return KRB5_PLUGIN_NO_HANDLE;
+ }
+
+ /* Count the valid modules. */
+ module_count = sizeof(static_authdata_systems)
+ / sizeof(static_authdata_systems[0]);
+ if (authdata_plugins_ftables != NULL) {
+ for (i = 0; authdata_plugins_ftables[i] != NULL; i++) {
+ ftable = authdata_plugins_ftables[i];
+ if ((ftable->authdata_proc != NULL)) {
+ module_count++;
+ }
+ }
+ }
+
+ /* Build the complete list of supported authdata options, and
+ * leave room for a terminator entry. */
+ authdata_systems = calloc((module_count + 1), sizeof(krb5_authdata_systems) );
+ if (authdata_systems == NULL) {
+ krb5int_free_plugin_dir_data(authdata_plugins_ftables);
+ return ENOMEM;
+ }
+
+ /* Add the locally-supplied mechanisms to the dynamic list first. */
+ for (i = 0, k = 0;
+ i < sizeof(static_authdata_systems) / sizeof(static_authdata_systems[0]);
+ i++) {
+ if (static_authdata_systems[i].type == -1)
+ break;
+ authdata_systems[k] = static_authdata_systems[i];
+ /* Try to initialize the authdata system. If it fails, we'll remove it
+ * from the list of systems we'll be using. */
+ server_init_proc = static_authdata_systems[i].init;
+ if ((server_init_proc != NULL) &&
+ ((*server_init_proc)(context, NULL /* &plugin_context */) != 0)) {
+ memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
+ continue;
+ }
+ k++;
+ }
+
+ /* Now add the dynamically-loaded mechanisms to the list. */
+ if (authdata_plugins_ftables != NULL) {
+ for (i = 0; authdata_plugins_ftables[i] != NULL; i++) {
+ ftable = authdata_plugins_ftables[i];
+ if ((ftable->authdata_proc == NULL)) {
+ continue;
+ }
+ server_init_proc = ftable->init_proc;
+ krb5_error_code initerr;
+ if ((server_init_proc != NULL) &&
+ ((initerr = (*server_init_proc)(context, NULL /* &plugin_context */)) != 0)) {
+ const char *emsg;
+ emsg = krb5_get_error_message(context, initerr);
+ if (emsg) {
+ krb5_klog_syslog(LOG_ERR,
+ "authdata %s failed to initialize: %s",
+ ftable->name, emsg);
+ krb5_free_error_message(context, emsg);
+ }
+ memset(&authdata_systems[k], 0, sizeof(authdata_systems[k]));
+
+ continue;
+ }
+
+ authdata_systems[k].name = ftable->name;
+ authdata_systems[k].init = server_init_proc;
+ authdata_systems[k].fini = ftable->fini_proc;
+ authdata_systems[k].handle_authdata = ftable->authdata_proc;
+ k++;
+ }
+ }
+ n_authdata_systems = k;
+ /* Add the end-of-list marker. */
+ authdata_systems[k].name = "[end]";
+ authdata_systems[k].type = -1;
+ return 0;
+}
+
+krb5_error_code
+unload_authdata_plugins(krb5_context context)
+{
+ int i;
+ if (authdata_systems != NULL) {
+ for (i = 0; i < n_authdata_systems; i++) {
+ if (authdata_systems[i].fini != NULL) {
+ (*authdata_systems[i].fini)(context,
+ authdata_systems[i].plugin_context);
+ }
+ memset(&authdata_systems[i], 0, sizeof(authdata_systems[i]));
+ }
+ free(authdata_systems);
+ authdata_systems = NULL;
+ n_authdata_systems = 0;
+ krb5int_close_plugin_dirs(&authdata_plugins);
+ }
+ return 0;
+}
+
+krb5_error_code
+handle_authdata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply)
+{
+ krb5_error_code retval = 0;
+ krb5_authdata_systems *authdata_sys;
+ int i;
+ const char *emsg;
+
+ krb5_klog_syslog (LOG_DEBUG, "handling authdata");
+
+ for (authdata_sys = authdata_systems, i = 0; authdata_sys != NULL && i < n_authdata_systems; i++) {
+ if (authdata_sys[i].handle_authdata && authdata_sys[i].type != -1) {
+ retval = authdata_sys[i].handle_authdata(context, client, req_pkt, request,
+ enc_tkt_reply);
+ if (retval) {
+ emsg = krb5_get_error_message (context, retval);
+ krb5_klog_syslog (LOG_INFO, "authdata (%s) handling failure: %s",
+ authdata_sys[i].name, emsg);
+ krb5_free_error_message (context, emsg);
+ } else {
+ krb5_klog_syslog (LOG_DEBUG, ".. .. ok");
+ }
+ }
+ }
+
+ return 0;
+ }
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h 2007-03-09 13:15:54.000000000 -0800
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/kdc_util.h 2007-03-29 01:54:58.000000000 -0700
@@ -1,6 +1,7 @@
/*
* kdc/kdc_util.h
*
+ * Portions Copyright (C) 2007 Apple Inc.
* Copyright 1990 by the Massachusetts Institute of Technology.
*
* Export of this software from the United States of America may
@@ -163,6 +164,13 @@
krb5_error_code free_padata_context
(krb5_context context, void **padata_context);
+/* kdc_authdata.c */
+krb5_error_code load_authdata_plugins(krb5_context context);
+krb5_error_code unload_authdata_plugins(krb5_context context);
+
+krb5_error_code handle_authdata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply);
+
/* replay.c */
krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **);
void kdc_insert_lookaside (krb5_data *, krb5_data *);
diff -uNr -x cscope.out -x '*.orig' -x '*.rej' -x '*~' Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c
--- Kerberos.orig/KerberosFramework/Kerberos5/Sources/kdc/main.c 2007-03-29 01:52:28.000000000 -0700
+++ Kerberos/KerberosFramework/Kerberos5/Sources/kdc/main.c 2007-03-29 01:54:58.000000000 -0700
@@ -1,6 +1,7 @@
/*
* kdc/main.c
*
+ * Portions Copyright (C) 2007 Apple Inc.
* Copyright 1990,2001 by the Massachusetts Institute of Technology.
*
* Export of this software from the United States of America may
@@ -747,6 +748,7 @@
setup_signal_handlers();
load_preauth_plugins(kcontext);
+ load_authdata_plugins(kcontext);
retval = setup_sam();
if (retval) {
@@ -776,6 +778,7 @@
}
krb5_klog_syslog(LOG_INFO, "shutting down");
unload_preauth_plugins(kcontext);
+ unload_authdata_plugins(kcontext);
krb5_klog_close(kdc_context);
finish_realms(argv[0]);
if (kdc_realmlist)
More information about the krb5-bugs
mailing list