#define KRB5_CONF_NO_HOST_REFERRAL "no_host_referral"
#define KRB5_CONF_PERMITTED_ENCTYPES "permitted_enctypes"
#define KRB5_CONF_PLUGINS "plugins"
+#define KRB5_CONF_PLUGIN_BASE_DIR "plugin_base_dir"
#define KRB5_CONF_PREAUTH_MODULE_DIR "preauth_module_dir"
#define KRB5_CONF_PREFERRED_PREAUTH_TYPES "preferred_preauth_types"
#define KRB5_CONF_PROXIABLE "proxiable"
k5_plugin_register(krb5_context context, int interface_id, const char *modname,
krb5_plugin_initvt_fn module);
+/*
+ * Register a plugin module which is part of the krb5 tree but is built as a
+ * dynamic plugin. Look for the module in modsubdir relative to the
+ * context->base_plugin_dir.
+ */
+krb5_error_code
+k5_plugin_register_dyn(krb5_context context, int interface_id,
+ const char *modname, const char *modsubdir);
+
/* Destroy the module state within context; used by krb5_free_context. */
void
k5_plugin_free_context(krb5_context context);
void *trace_callback_data;
struct plugin_interface plugins[PLUGIN_NUM_INTERFACES];
+ char *plugin_base_dir;
};
/* could be used in a table to find an etype and initialize a block */
* plugins directory.
*/
static krb5_error_code
-expand_relative_modpath(const char *modpath, char **full_modpath_out)
+expand_relative_modpath(krb5_context context, const char *modpath,
+ char **full_modpath_out)
{
- char *fullpath;
+ char *path;
*full_modpath_out = NULL;
/* XXX Unix-specific path handling for now. */
if (*modpath == '/') {
/* We already have an absolute path. */
- fullpath = strdup(modpath);
- if (fullpath == NULL)
+ path = strdup(modpath);
+ if (path == NULL)
return ENOMEM;
} else {
/* Append the relative path to the system plugins directory. */
- if (asprintf(&fullpath, "%s/%s", LIBDIR "/krb5/plugins", modpath) < 0)
+ if (asprintf(&path, "%s/%s", context->plugin_base_dir, modpath) < 0)
return ENOMEM;
}
- *full_modpath_out = fullpath;
+ *full_modpath_out = path;
return 0;
}
}
}
-/* Register the plugin module given by the profile string mod. */
static krb5_error_code
register_dyn_module(krb5_context context, struct plugin_interface *interface,
- const char *iname, const char *modstr, char **enable,
- char **disable)
+ const char *iname, const char *modname, const char *path)
{
krb5_error_code ret;
- char *modname = NULL, *modpath = NULL, *full_modpath = NULL;
char *symname = NULL;
struct plugin_file_handle *handle = NULL;
void (*initvt_fn)();
- /* Parse out the module name and path, and make sure it is enabled. */
- ret = parse_modstr(context, modstr, &modname, &modpath);
- if (ret != 0)
- goto cleanup;
- ret = expand_relative_modpath(modpath, &full_modpath);
- if (ret != 0)
- goto cleanup;
- if (!module_enabled(modname, enable, disable))
- goto cleanup;
-
/* Construct the initvt symbol name for this interface and module. */
if (asprintf(&symname, "%s_%s_initvt", iname, modname) < 0) {
symname = NULL;
}
/* Open the plugin and resolve the initvt symbol. */
- ret = krb5int_open_plugin(full_modpath, &handle, &context->err);
+ ret = krb5int_open_plugin(path, &handle, &context->err);
if (ret != 0)
goto cleanup;
ret = krb5int_get_plugin_func(handle, symname, &initvt_fn, &context->err);
handle = NULL; /* Now owned by the module mapping. */
cleanup:
- free(modname);
- free(modpath);
- free(full_modpath);
free(symname);
if (handle != NULL)
krb5int_close_plugin(handle);
return ret;
}
+/* Register the plugin module given by the profile string mod, if enabled
+ * according to the values of enable and disable. */
+static krb5_error_code
+register_dyn_mapping(krb5_context context, struct plugin_interface *interface,
+ const char *iname, const char *modstr, char **enable,
+ char **disable)
+{
+ krb5_error_code ret;
+ char *modname = NULL, *modpath = NULL, *fullpath = NULL;
+
+ /* Parse out the module name and path, and make sure it is enabled. */
+ ret = parse_modstr(context, modstr, &modname, &modpath);
+ if (ret != 0)
+ goto cleanup;
+ ret = expand_relative_modpath(context, modpath, &fullpath);
+ if (ret != 0)
+ goto cleanup;
+ if (!module_enabled(modname, enable, disable))
+ goto cleanup;
+ ret = register_dyn_module(context, interface, iname, modname, fullpath);
+
+cleanup:
+ free(modname);
+ free(modpath);
+ free(fullpath);
+ return ret;
+}
+
/* Ensure that a plugin interface is configured. id is assumed to be valid. */
static krb5_error_code
configure_interface(krb5_context context, int id)
/* Create mappings for dynamic modules which aren't filtered out. */
for (mod = modules; mod && *mod; mod++) {
- ret = register_dyn_module(context, interface, iname, *mod,
- enable, disable);
+ ret = register_dyn_mapping(context, interface, iname, *mod,
+ enable, disable);
if (ret != 0)
return ret;
}
return register_module(context, interface, modname, module, NULL);
}
+krb5_error_code
+k5_plugin_register_dyn(krb5_context context, int interface_id,
+ const char *modname, const char *modsubdir)
+{
+ krb5_error_code ret;
+ struct plugin_interface *interface = get_interface(context, interface_id);
+ char *path;
+
+ /* Disallow registering plugins after load. */
+ if (interface == NULL || interface->configured)
+ return EINVAL;
+ if (asprintf(&path, "%s/%s/%s%s", context->plugin_base_dir, modsubdir,
+ modname, PLUGIN_EXT) < 0)
+ return ENOMEM;
+
+ ret = register_dyn_module(context, interface,
+ interface_names[interface_id], modname, path);
+ free(path);
+ return ret;
+}
+
void
k5_plugin_free_context(krb5_context context)
{
projects / krb5.git / commitdiff