search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kdc: add finalize_reply API to windc plugin
[heimdal.git] / tests / plugin / windc.c
blob7096b963b8ae2a3947e080d961fa8f418499ce32
1 #include <string.h>
2 #include <krb5_locl.h>
3 #include <hdb.h>
4 #include <hx509.h>
5 #include <kdc.h>
6 #include <windc_plugin.h>
7
8 static krb5_error_code KRB5_CALLCONV
9 windc_init(krb5_context context, void **ctx)
10 {
11 krb5_warnx(context, "windc init");
12 *ctx = NULL;
13 return 0;
14 }
15
16 static void KRB5_CALLCONV
17 windc_fini(void *ctx)
18 {
19 }
20
21 static krb5_error_code KRB5_CALLCONV
22 pac_generate(void *ctx, krb5_context context,
23 struct hdb_entry_ex *client,
24 struct hdb_entry_ex *server,
25 const krb5_keyblock *pk_replykey,
26 uint64_t pac_attributes,
27 krb5_pac *pac)
28 {
29 krb5_error_code ret;
30 krb5_data data;
31
32 if ((pac_attributes & (KRB5_PAC_WAS_REQUESTED |
33 KRB5_PAC_WAS_GIVEN_IMPLICITLY)) == 0) {
34 *pac = NULL;
35 return 0;
36 }
37
38 krb5_warnx(context, "pac generate");
39
40 data.data = "\x00\x01";
41 data.length = 2;
42
43 ret = krb5_pac_init(context, pac);
44 if (ret)
45 return ret;
46
47 ret = krb5_pac_add_buffer(context, *pac, 1, &data);
48 if (ret)
49 return ret;
50
51 return 0;
52 }
53
54 static krb5_error_code KRB5_CALLCONV
55 pac_verify(void *ctx, krb5_context context,
56 const krb5_principal new_ticket_client,
57 const krb5_principal delegation_proxy,
58 struct hdb_entry_ex * client,
59 struct hdb_entry_ex * server,
60 struct hdb_entry_ex * krbtgt,
61 krb5_pac *pac)
62 {
63 krb5_error_code ret;
64 krb5_data data;
65 krb5_cksumtype cstype;
66 uint16_t rodc_id;
67 krb5_enctype etype;
68 Key *key;
69
70 krb5_warnx(context, "pac_verify");
71
72 ret = krb5_pac_get_buffer(context, *pac, 1, &data);
73 if (ret)
74 return ret;
75 krb5_data_free(&data);
76
77 ret = krb5_pac_get_kdc_checksum_info(context, *pac, &cstype, &rodc_id);
78 if (ret)
79 return ret;
80
81 if (rodc_id == 0 || rodc_id != krbtgt->entry.kvno >> 16) {
82 krb5_warnx(context, "Wrong RODCIdentifier");
83 return EINVAL;
84 }
85
86 ret = krb5_cksumtype_to_enctype(context, cstype, &etype);
87 if (ret)
88 return ret;
89
90 ret = hdb_enctype2key(context, &krbtgt->entry, NULL, etype, &key);
91 if (ret)
92 return ret;
93
94 return krb5_pac_verify(context, *pac, 0, NULL, NULL, &key->key);
95 }
96
97 static krb5_error_code KRB5_CALLCONV
98 client_access(void *ctx,
99 krb5_context context,
100 krb5_kdc_configuration *config,
101 hdb_entry_ex *client, const char *client_name,
102 hdb_entry_ex *server, const char *server_name,
103 KDC_REQ *req,
104 METHOD_DATA *data)
105 {
106 krb5_warnx(context, "client_access");
107 return 0;
108 }
109
110 static krb5_error_code KRB5_CALLCONV
111 finalize_reply(void *ctx, astgs_request_t r)
112 {
113 krb5_warnx(r->context, "finalize_reply");
114 return 0;
115 }
116
117 static krb5plugin_windc_ftable windc = {
118 KRB5_WINDC_PLUGING_MINOR,
119 windc_init,
120 windc_fini,
121 pac_generate,
122 pac_verify,
123 client_access,
124 finalize_reply
125 };
126
127 static const krb5plugin_windc_ftable *const windc_plugins[] = {
128 &windc
129 };
130
131 krb5_error_code KRB5_CALLCONV
132 windc_plugin_load(krb5_context context,
133 krb5_get_instance_func_t *get_instance,
134 size_t *num_plugins,
135 const krb5plugin_windc_ftable *const **plugins);
136
137 static uintptr_t KRB5_CALLCONV
138 windc_get_instance(const char *libname)
139 {
140 if (strcmp(libname, "hdb") == 0)
141 return hdb_get_instance(libname);
142 else if (strcmp(libname, "krb5") == 0)
143 return krb5_get_instance(libname);
144
145 return 0;
146 }
147
148 krb5_error_code KRB5_CALLCONV
149 windc_plugin_load(krb5_context context,
150 krb5_get_instance_func_t *get_instance,
151 size_t *num_plugins,
152 const krb5plugin_windc_ftable *const **plugins)
153 {
154 *get_instance = windc_get_instance;
155 *num_plugins = sizeof(windc_plugins) / sizeof(windc_plugins[0]);
156 *plugins = windc_plugins;
157
158 return 0;
159 }
Heimdal