void KRB5_CALLCONV krb5_free_config_files(char **filenames);
-krb5_error_code krb5int_find_authdata(krb5_context context,
- krb5_authdata *const *ticket_authdata,
- krb5_authdata *const *ap_req_authdata,
- krb5_authdatatype ad_type,
- krb5_authdata ***results);
-
krb5_error_code krb5_rd_req_decoded(krb5_context, krb5_auth_context *,
const krb5_ap_req *, krb5_const_principal,
krb5_keytab, krb5_flags *, krb5_ticket **);
krb5_copy_authdata(krb5_context context,
krb5_authdata *const *in_authdat, krb5_authdata ***out);
+/**
+ * Find authorization data elements.
+ *
+ * @param [in] context Library context
+ * @param [in] ticket_authdata Authorization data list from ticket
+ * @param [in] ap_req_authdata Authorization data list from AP request
+ * @param [in] ad_type Authorization data type to find
+ * @param [out] results List of matching entries
+ *
+ * This function searches @a ticket_authdata and @a ap_req_authdata for
+ * elements of type @a ad_type. Either input list may be NULL, in which case
+ * it will not be searched; otherwise, the input lists must be terminated by
+ * NULL entries. This function will search inside AD-IF-RELEVANT containers if
+ * found in either list. Use krb5_free_authdata() to free @a results when it
+ * is no longer needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata,
+ krb5_authdata *const *ap_req_authdata,
+ krb5_authdatatype ad_type, krb5_authdata ***results);
+
/**
* Merge two authorization data lists into a new list.
*
*pdelegated = NULL;
*path_is_signed = FALSE;
- code = krb5int_find_authdata(context,
- enc_tkt_part->authorization_data,
- NULL,
- KRB5_AUTHDATA_SIGNTICKET,
- &sp_authdata);
+ code = krb5_find_authdata(context, enc_tkt_part->authorization_data, NULL,
+ KRB5_AUTHDATA_SIGNTICKET, &sp_authdata);
if (code != 0)
goto cleanup;
&authenticator)))
goto cleanup_auth_context;
- retval = krb5int_find_authdata(kdc_context,
- (*ticket)->enc_part2->authorization_data,
- authenticator->authorization_data,
- KRB5_AUTHDATA_FX_ARMOR, &authdata);
+ retval = krb5_find_authdata(kdc_context,
+ (*ticket)->enc_part2->authorization_data,
+ authenticator->authorization_data,
+ KRB5_AUTHDATA_FX_ARMOR, &authdata);
if (retval != 0)
goto cleanup_authenticator;
if (authdata&& authdata[0]) {
ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
- code = krb5int_find_authdata(kcontext,
- ticket_authdata,
- NULL,
- KRB5_AUTHDATA_KDC_ISSUED,
- &authdata);
+ code = krb5_find_authdata(kcontext, ticket_authdata, NULL,
+ KRB5_AUTHDATA_KDC_ISSUED, &authdata);
if (code != 0 || authdata == NULL)
return code;
if (kdc_issued_authdata != NULL &&
(module->flags & AD_USAGE_KDC_ISSUED)) {
- code = krb5int_find_authdata(kcontext,
- kdc_issued_authdata,
- NULL,
- module->ad_type,
- &authdata);
+ code = krb5_find_authdata(kcontext, kdc_issued_authdata, NULL,
+ module->ad_type, &authdata);
if (code != 0)
break;
if (module->flags & AD_USAGE_AP_REQ)
authen_usage = TRUE;
- code = krb5int_find_authdata(kcontext,
- ticket_usage ? ticket_authdata : NULL,
- authen_usage ? authen_authdata : NULL,
- module->ad_type,
- &authdata);
+ code = krb5_find_authdata(kcontext,
+ ticket_usage ? ticket_authdata : NULL,
+ authen_usage ? authen_authdata : NULL,
+ module->ad_type, &authdata);
if (code != 0)
break;
}
return retval;
}
-krb5_error_code
-krb5int_find_authdata(krb5_context context,
- krb5_authdata *const *ticket_authdata,
- krb5_authdata *const *ap_req_authdata,
- krb5_authdatatype ad_type, krb5_authdata ***results)
+krb5_error_code KRB5_CALLCONV
+krb5_find_authdata(krb5_context context,
+ krb5_authdata *const *ticket_authdata,
+ krb5_authdata *const *ap_req_authdata,
+ krb5_authdatatype ad_type, krb5_authdata ***results)
{
krb5_error_code retval = 0;
struct find_authdata_context fctx;
3,
(unsigned char *) "ab"
};
-/* we want three results in the return from krb5int_find_authdata so
- it has to grow its list.
-*/
+/* We want three results in the return from krb5_find_authdata so it has to
+ * grow its list. */
krb5_authdata ad4 = {
KV5M_AUTHDATA,
22,
container[0] = &ad3;
container[1] = NULL;
assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0);
- assert(krb5int_find_authdata(context,
- adseq1, container_out, 22, &results) == 0);
+ assert(krb5_find_authdata(context, adseq1, container_out, 22,
+ &results) == 0);
compare_authdata(&ad1, results[0]);
compare_authdata( results[1], &ad4);
compare_authdata( results[2], &ad3);
krb5_externalize_data
krb5_externalize_opaque
krb5_fcc_ops
+krb5_find_authdata
krb5_find_serializer
krb5_free_ad_kdcissued
krb5_free_ad_signedpath
krb5int_clean_hostname
krb5int_cm_call_select
krb5int_copy_data_contents_add0
-krb5int_find_authdata
krb5int_find_pa_data
krb5int_foreach_localaddr
krb5int_free_data_list
krb5_free_string @393
krb5_cc_select @394
krb5_pac_sign @395
+ krb5_find_authdata @396
krb5_authdata **kdc_issued = NULL;
krb5_authdata **greet = NULL;
- code = krb5int_find_authdata(context,
- enc_tkt_request->authorization_data,
- NULL,
- KRB5_AUTHDATA_KDC_ISSUED,
- &tgt_authdata);
+ code = krb5_find_authdata(context, enc_tkt_request->authorization_data,
+ NULL, KRB5_AUTHDATA_KDC_ISSUED, &tgt_authdata);
if (code != 0 || tgt_authdata == NULL)
return 0;
return code;
}
- code = krb5int_find_authdata(context,
- kdc_issued,
- NULL,
- -42,
- &greet);
+ code = krb5_find_authdata(context, kdc_issued, NULL, -42, &greet);
if (code == 0) {
krb5_data tmp;
if (!is_as_req) {
/* find the existing PAC, if present */
- code = krb5int_find_authdata(context,
- tgt_auth_data,
- NULL,
- KRB5_AUTHDATA_WIN2K_PAC,
- &authdata);
+ code = krb5_find_authdata(context, tgt_auth_data, NULL,
+ KRB5_AUTHDATA_WIN2K_PAC, &authdata);
if (code != 0)
goto cleanup;
}
projects / krb5.git / commitdiff