2 * Copyright (c) 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 static int have_plugin = 0;
39 * Pick the first WINDC module that we find.
42 static const char *windc_plugin_deps[] = {
49 static struct heim_plugin_data windc_plugin_data = {
52 KRB5_WINDC_PLUGIN_MINOR,
57 static krb5_error_code KRB5_LIB_CALL
58 load(krb5_context context, const void *plug, void *plugctx, void *userctx)
61 return KRB5_PLUGIN_NO_HANDLE;
65 krb5_kdc_windc_init(krb5_context context)
67 (void)_krb5_plugin_run_f(context, &windc_plugin_data, 0, NULL, load);
75 const krb5_keyblock *reply_key;
76 uint64_t pac_attributes;
80 static krb5_error_code KRB5_LIB_CALL
81 generate(krb5_context context, const void *plug, void *plugctx, void *userctx)
83 krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug;
84 struct generate_uc *uc = (struct generate_uc *)userctx;
86 if (ft->pac_generate == NULL)
87 return KRB5_PLUGIN_NO_HANDLE;
89 return ft->pac_generate((void *)plug, context,
99 _kdc_pac_generate(krb5_context context,
100 hdb_entry_ex *client,
101 hdb_entry_ex *server,
102 const krb5_keyblock *reply_key,
103 uint64_t pac_attributes,
106 krb5_error_code ret = 0;
107 struct generate_uc uc;
111 if (krb5_config_get_bool_default(context, NULL, FALSE, "realms",
112 client->entry.principal->realm,
113 "disable_pac", NULL))
119 uc.reply_key = reply_key;
121 uc.pac_attributes = pac_attributes;
123 ret = _krb5_plugin_run_f(context, &windc_plugin_data,
125 if (ret != KRB5_PLUGIN_NO_HANDLE)
131 ret = krb5_pac_init(context, pac);
137 krb5_principal client_principal;
138 krb5_principal delegated_proxy_principal;
139 hdb_entry_ex *client;
140 hdb_entry_ex *server;
141 hdb_entry_ex *krbtgt;
145 static krb5_error_code KRB5_LIB_CALL
146 verify(krb5_context context, const void *plug, void *plugctx, void *userctx)
148 krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug;
149 struct verify_uc *uc = (struct verify_uc *)userctx;
152 if (ft->pac_verify == NULL)
153 return KRB5_PLUGIN_NO_HANDLE;
155 ret = ft->pac_verify((void *)plug, context,
156 uc->client_principal,
157 uc->delegated_proxy_principal,
158 uc->client, uc->server, uc->krbtgt, uc->pac);
163 _kdc_pac_verify(krb5_context context,
164 const krb5_principal client_principal,
165 const krb5_principal delegated_proxy_principal,
166 hdb_entry_ex *client,
167 hdb_entry_ex *server,
168 hdb_entry_ex *krbtgt,
174 return KRB5_PLUGIN_NO_HANDLE;
176 uc.client_principal = client_principal;
177 uc.delegated_proxy_principal = delegated_proxy_principal;
183 return _krb5_plugin_run_f(context, &windc_plugin_data,
187 static krb5_error_code KRB5_LIB_CALL
188 check(krb5_context context, const void *plug, void *plugctx, void *userctx)
190 krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug;
192 if (ft->client_access == NULL)
193 return KRB5_PLUGIN_NO_HANDLE;
194 return ft->client_access((void *)plug, userctx);
198 _kdc_check_access(astgs_request_t r)
200 krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
203 ret = _krb5_plugin_run_f(r->context, &windc_plugin_data,
207 if (ret == KRB5_PLUGIN_NO_HANDLE)
208 return kdc_check_flags(r, r->req.msg_type == krb_as_req,
209 r->client, r->server);
213 static krb5_error_code KRB5_LIB_CALL
214 finalize(krb5_context context, const void *plug, void *plugctx, void *userctx)
216 krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug;
218 if (ft->finalize_reply == NULL)
219 return KRB5_PLUGIN_NO_HANDLE;
220 return ft->finalize_reply((void *)plug, (astgs_request_t)userctx);
224 _kdc_finalize_reply(astgs_request_t r)
226 krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
229 ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, 0, r, finalize);
231 if (ret == KRB5_PLUGIN_NO_HANDLE)
237 uintptr_t KRB5_CALLCONV
238 kdc_get_instance(const char *libname)
240 static const char *instance = "libkdc";
242 if (strcmp(libname, "kdc") == 0)
243 return (uintptr_t)instance;
244 else if (strcmp(libname, "hdb") == 0)
245 return hdb_get_instance(libname);
246 else if (strcmp(libname, "krb5") == 0)
247 return krb5_get_instance(libname);
248 else if (strcmp(libname, "gssapi") == 0)
249 return gss_get_instance(libname);