Line data Source code
1 : /*
2 : * Copyright (c) 2007 Kungliga Tekniska Högskolan
3 : * (Royal Institute of Technology, Stockholm, Sweden).
4 : * All rights reserved.
5 : *
6 : * Redistribution and use in source and binary forms, with or without
7 : * modification, are permitted provided that the following conditions
8 : * are met:
9 : *
10 : * 1. Redistributions of source code must retain the above copyright
11 : * notice, this list of conditions and the following disclaimer.
12 : *
13 : * 2. Redistributions in binary form must reproduce the above copyright
14 : * notice, this list of conditions and the following disclaimer in the
15 : * documentation and/or other materials provided with the distribution.
16 : *
17 : * 3. Neither the name of the Institute nor the names of its contributors
18 : * may be used to endorse or promote products derived from this software
19 : * without specific prior written permission.
20 : *
21 : * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 : * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 : * SUCH DAMAGE.
32 : */
33 :
34 : #include "kdc_locl.h"
35 :
36 : static krb5plugin_windc_ftable *windcft;
37 : static void *windcctx;
38 :
39 : /*
40 : * Pick the first WINDC module that we find.
41 : */
42 :
43 : krb5_error_code
44 92 : krb5_kdc_windc_init(krb5_context context)
45 : {
46 92 : struct krb5_plugin *list = NULL, *e;
47 : krb5_error_code ret;
48 :
49 92 : ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "windc", &list);
50 92 : if(ret != 0 || list == NULL)
51 0 : return 0;
52 :
53 176 : for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
54 :
55 92 : windcft = _krb5_plugin_get_symbol(e);
56 92 : if (windcft->minor_version < KRB5_WINDC_PLUGIN_MINOR)
57 0 : continue;
58 :
59 92 : (*windcft->init)(context, &windcctx);
60 92 : break;
61 : }
62 92 : _krb5_plugin_free(list);
63 92 : if (e == NULL) {
64 0 : krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin");
65 0 : windcft = NULL;
66 0 : return ENOENT;
67 : }
68 :
69 84 : return 0;
70 : }
71 :
72 :
73 : krb5_error_code
74 26965 : _kdc_pac_generate(krb5_context context,
75 : hdb_entry_ex *client,
76 : const krb5_keyblock *pk_reply_key,
77 : krb5_pac *pac)
78 : {
79 26965 : *pac = NULL;
80 26965 : if (windcft == NULL)
81 0 : return 0;
82 26965 : if (windcft->pac_pk_generate != NULL && pk_reply_key != NULL)
83 26 : return (windcft->pac_pk_generate)(windcctx, context,
84 : client, pk_reply_key, pac);
85 26939 : return (windcft->pac_generate)(windcctx, context, client, pac);
86 : }
87 :
88 : krb5_error_code
89 39896 : _kdc_pac_verify(krb5_context context,
90 : const krb5_principal client_principal,
91 : const krb5_principal delegated_proxy_principal,
92 : hdb_entry_ex *client,
93 : hdb_entry_ex *server,
94 : hdb_entry_ex *krbtgt,
95 : krb5_pac *pac,
96 : int *verified)
97 : {
98 : krb5_error_code ret;
99 :
100 39896 : if (windcft == NULL)
101 0 : return 0;
102 :
103 39896 : ret = windcft->pac_verify(windcctx, context,
104 : client_principal,
105 : delegated_proxy_principal,
106 : client, server, krbtgt, pac);
107 39896 : if (ret == 0)
108 39896 : *verified = 1;
109 38807 : return ret;
110 : }
111 :
112 : krb5_error_code
113 26353 : _kdc_check_access(krb5_context context,
114 : krb5_kdc_configuration *config,
115 : hdb_entry_ex *client_ex, const char *client_name,
116 : hdb_entry_ex *server_ex, const char *server_name,
117 : KDC_REQ *req,
118 : krb5_data *e_data)
119 : {
120 26353 : if (windcft == NULL)
121 0 : return kdc_check_flags(context, config,
122 : client_ex, client_name,
123 : server_ex, server_name,
124 0 : req->msg_type == krb_as_req);
125 :
126 26353 : return (windcft->client_access)(windcctx,
127 : context, config,
128 : client_ex, client_name,
129 : server_ex, server_name,
130 : req, e_data);
131 : }
|