1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
3
* plugins/authdata/greet_client/
5
* Copyright 2009 by the Massachusetts Institute of Technology.
7
* Export of this software from the United States of America may
8
* require a specific license from the United States Government.
9
* It is the responsibility of any person or organization contemplating
10
* export to obtain such a license before exporting.
12
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13
* distribute this software and its documentation for any purpose and
14
* without fee is hereby granted, provided that the above copyright
15
* notice appear in all copies and that both that copyright notice and
16
* this permission notice appear in supporting documentation, and that
17
* the name of M.I.T. not be used in advertising or publicity pertaining
18
* to distribution of the software without specific, written prior
19
* permission. Furthermore if you modify this software you must label
20
* your software as modified software and not distribute it in such a
21
* fashion that it might be confused with the original M.I.T. software.
22
* M.I.T. makes no representations about the suitability of
23
* this software for any purpose. It is provided "as is" without express
24
* or implied warranty.
27
* Sample authorization data plugin
33
#include <krb5/authdata_plugin.h>
36
struct greet_context {
38
krb5_boolean verified;
41
static krb5_data greet_attr = {
42
KV5M_DATA, sizeof("urn:greet:greeting") - 1, "urn:greet:greeting" };
44
static krb5_error_code
45
greet_init(krb5_context kcontext, void **plugin_context)
52
greet_flags(krb5_context kcontext,
54
krb5_authdatatype ad_type,
57
*flags = AD_USAGE_AP_REQ | AD_USAGE_KDC_ISSUED | AD_INFORMATIONAL;
61
greet_fini(krb5_context kcontext, void *plugin_context)
66
static krb5_error_code
67
greet_request_init(krb5_context kcontext,
68
krb5_authdata_context context,
70
void **request_context)
72
struct greet_context *greet;
74
greet = malloc(sizeof(*greet));
78
greet->greeting.data = NULL;
79
greet->greeting.length = 0;
80
greet->verified = FALSE;
82
*request_context = greet;
87
static krb5_error_code
88
greet_export_authdata(krb5_context kcontext,
89
krb5_authdata_context context,
91
void *request_context,
93
krb5_authdata ***out_authdata)
95
struct greet_context *greet = (struct greet_context *)request_context;
96
krb5_authdata *data[2];
101
datum.length = greet->greeting.length;
102
datum.contents = (krb5_octet *)greet->greeting.data;
107
code = krb5_copy_authdata(kcontext, data, out_authdata);
112
static krb5_error_code
113
greet_import_authdata(krb5_context kcontext,
114
krb5_authdata_context context,
115
void *plugin_context,
116
void *request_context,
117
krb5_authdata **authdata,
118
krb5_boolean kdc_issued_flag,
119
krb5_const_principal issuer)
121
krb5_error_code code;
122
struct greet_context *greet = (struct greet_context *)request_context;
125
krb5_free_data_contents(kcontext, &greet->greeting);
126
greet->verified = FALSE;
128
assert(authdata[0] != NULL);
130
data.length = authdata[0]->length;
131
data.data = (char *)authdata[0]->contents;
133
code = krb5int_copy_data_contents_add0(kcontext, &data, &greet->greeting);
135
greet->verified = kdc_issued_flag;
141
greet_request_fini(krb5_context kcontext,
142
krb5_authdata_context context,
143
void *plugin_context,
144
void *request_context)
146
struct greet_context *greet = (struct greet_context *)request_context;
149
krb5_free_data_contents(kcontext, &greet->greeting);
154
static krb5_error_code
155
greet_get_attribute_types(krb5_context kcontext,
156
krb5_authdata_context context,
157
void *plugin_context,
158
void *request_context,
159
krb5_data **out_attrs)
161
krb5_error_code code;
162
struct greet_context *greet = (struct greet_context *)request_context;
164
if (greet->greeting.length == 0)
167
*out_attrs = calloc(2, sizeof(krb5_data));
168
if (*out_attrs == NULL)
171
code = krb5int_copy_data_contents_add0(kcontext,
183
static krb5_error_code
184
greet_get_attribute(krb5_context kcontext,
185
krb5_authdata_context context,
186
void *plugin_context,
187
void *request_context,
188
const krb5_data *attribute,
189
krb5_boolean *authenticated,
190
krb5_boolean *complete,
192
krb5_data *display_value,
195
struct greet_context *greet = (struct greet_context *)request_context;
196
krb5_error_code code;
198
if (!data_eq(*attribute, greet_attr) || greet->greeting.length == 0)
201
*authenticated = greet->verified;
205
code = krb5int_copy_data_contents_add0(kcontext, &greet->greeting, value);
207
code = krb5int_copy_data_contents_add0(kcontext,
211
krb5_free_data_contents(kcontext, value);
217
static krb5_error_code
218
greet_set_attribute(krb5_context kcontext,
219
krb5_authdata_context context,
220
void *plugin_context,
221
void *request_context,
222
krb5_boolean complete,
223
const krb5_data *attribute,
224
const krb5_data *value)
226
struct greet_context *greet = (struct greet_context *)request_context;
228
krb5_error_code code;
230
if (greet->greeting.data != NULL)
233
code = krb5int_copy_data_contents_add0(kcontext, value, &data);
237
krb5_free_data_contents(kcontext, &greet->greeting);
238
greet->greeting = data;
239
greet->verified = FALSE;
244
static krb5_error_code
245
greet_delete_attribute(krb5_context kcontext,
246
krb5_authdata_context context,
247
void *plugin_context,
248
void *request_context,
249
const krb5_data *attribute)
251
struct greet_context *greet = (struct greet_context *)request_context;
253
krb5_free_data_contents(kcontext, &greet->greeting);
254
greet->verified = FALSE;
259
static krb5_error_code
260
greet_size(krb5_context kcontext,
261
krb5_authdata_context context,
262
void *plugin_context,
263
void *request_context,
266
struct greet_context *greet = (struct greet_context *)request_context;
268
*sizep += sizeof(krb5_int32) +
269
greet->greeting.length +
275
static krb5_error_code
276
greet_externalize(krb5_context kcontext,
277
krb5_authdata_context context,
278
void *plugin_context,
279
void *request_context,
284
struct greet_context *greet = (struct greet_context *)request_context;
286
greet_size(kcontext, context, plugin_context,
287
request_context, &required);
289
if (*lenremain < required)
292
/* Greeting Length | Greeting Contents | Verified */
293
krb5_ser_pack_int32(greet->greeting.length, buffer, lenremain);
294
krb5_ser_pack_bytes((krb5_octet *)greet->greeting.data,
295
(size_t)greet->greeting.length,
297
krb5_ser_pack_int32((krb5_int32)greet->verified, buffer, lenremain);
302
static krb5_error_code
303
greet_internalize(krb5_context kcontext,
304
krb5_authdata_context context,
305
void *plugin_context,
306
void *request_context,
310
struct greet_context *greet = (struct greet_context *)request_context;
311
krb5_error_code code;
313
krb5_octet *contents = NULL;
321
/* Greeting Length */
322
code = krb5_ser_unpack_int32(&length, &bp, &remain);
326
/* Greeting Contents */
328
contents = malloc(length);
329
if (contents == NULL)
332
code = krb5_ser_unpack_bytes(contents, (size_t)length, &bp, &remain);
340
code = krb5_ser_unpack_int32(&verified, &bp, &remain);
346
krb5_free_data_contents(kcontext, &greet->greeting);
347
greet->greeting.length = length;
348
greet->greeting.data = (char *)contents;
349
greet->verified = (verified != 0);
357
static krb5_authdatatype greet_ad_types[] = { -42, 0 };
359
krb5plugin_authdata_client_ftable_v0 authdata_client_0 = {
367
greet_get_attribute_types,
370
greet_delete_attribute,
371
greet_export_authdata,
372
greet_import_authdata,