Make krb5_find_authdata public
authorGreg Hudson <ghudson@mit.edu>
Tue, 25 Oct 2011 18:30:14 +0000 (18:30 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 25 Oct 2011 18:30:14 +0000 (18:30 +0000)
Rename krb5int_find_authdata to krb5_find_authdata and make it public.

ticket: 6992
target_version: 1.10
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25414 dc483132-0cff-0310-8789-dd5450dbe970

src/include/k5-int.h
src/include/krb5/krb5.hin
src/kdc/kdc_authdata.c
src/kdc/kdc_util.c
src/lib/krb5/krb/authdata.c
src/lib/krb5/krb/authdata_dec.c
src/lib/krb5/krb/t_authdata.c
src/lib/krb5/libkrb5.exports
src/lib/krb5_32.def
src/plugins/authdata/greet_server/greet_auth.c
src/plugins/kdb/hdb/kdb_windc.c

index 53504c7977c052f4e2d008b6963c7114742ce3cc..92cbe87f5e908592d0725dfe465c1f1493b43dbf 100644 (file)
@@ -2615,12 +2615,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_default_config_files(char ***filenames);
 
 void KRB5_CALLCONV krb5_free_config_files(char **filenames);
 
-krb5_error_code krb5int_find_authdata(krb5_context context,
-                                      krb5_authdata *const *ticket_authdata,
-                                      krb5_authdata *const *ap_req_authdata,
-                                      krb5_authdatatype ad_type,
-                                      krb5_authdata ***results);
-
 krb5_error_code krb5_rd_req_decoded(krb5_context, krb5_auth_context *,
                                     const krb5_ap_req *, krb5_const_principal,
                                     krb5_keytab, krb5_flags *, krb5_ticket **);
index d3829791dcddacc7cf2b8a380b778f89489098e4..28f83d5ae233982f6804b4d69af5c75c7f5cabe9 100644 (file)
@@ -3843,6 +3843,27 @@ krb5_error_code KRB5_CALLCONV
 krb5_copy_authdata(krb5_context context,
                    krb5_authdata *const *in_authdat, krb5_authdata ***out);
 
+/**
+ * Find authorization data elements.
+ *
+ * @param [in]  context         Library context
+ * @param [in]  ticket_authdata Authorization data list from ticket
+ * @param [in]  ap_req_authdata Authorization data list from AP request
+ * @param [in]  ad_type         Authorization data type to find
+ * @param [out] results         List of matching entries
+ *
+ * This function searches @a ticket_authdata and @a ap_req_authdata for
+ * elements of type @a ad_type.  Either input list may be NULL, in which case
+ * it will not be searched; otherwise, the input lists must be terminated by
+ * NULL entries.  This function will search inside AD-IF-RELEVANT containers if
+ * found in either list.  Use krb5_free_authdata() to free @a results when it
+ * is no longer needed.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata,
+                   krb5_authdata *const *ap_req_authdata,
+                   krb5_authdatatype ad_type, krb5_authdata ***results);
+
 /**
  * Merge two authorization data lists into a new list.
  *
index 0dc3725a8c171df915979ae98a1c4e050e97ee22..ed0b28157cd19a285902a5b5cd3f3b29dd819d54 100644 (file)
@@ -902,11 +902,8 @@ verify_ad_signedpath(krb5_context context,
     *pdelegated = NULL;
     *path_is_signed = FALSE;
 
-    code = krb5int_find_authdata(context,
-                                 enc_tkt_part->authorization_data,
-                                 NULL,
-                                 KRB5_AUTHDATA_SIGNTICKET,
-                                 &sp_authdata);
+    code = krb5_find_authdata(context, enc_tkt_part->authorization_data, NULL,
+                              KRB5_AUTHDATA_SIGNTICKET, &sp_authdata);
     if (code != 0)
         goto cleanup;
 
index e5c554f1b500aca486719c33ad03a9b6e12db1b8..039a06ac54f3bc63387621a3ef907047dabc0473 100644 (file)
@@ -284,10 +284,10 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from,
                                                  &authenticator)))
         goto cleanup_auth_context;
 
-    retval = krb5int_find_authdata(kdc_context,
-                                   (*ticket)->enc_part2->authorization_data,
-                                   authenticator->authorization_data,
-                                   KRB5_AUTHDATA_FX_ARMOR, &authdata);
+    retval = krb5_find_authdata(kdc_context,
+                                (*ticket)->enc_part2->authorization_data,
+                                authenticator->authorization_data,
+                                KRB5_AUTHDATA_FX_ARMOR, &authdata);
     if (retval != 0)
         goto cleanup_authenticator;
     if (authdata&& authdata[0]) {
index 414e8bcac6097e784d7b3c24bf3f2bf3375150eb..546fb82dc583d90e71062907f50539b07d556a46 100644 (file)
@@ -514,11 +514,8 @@ k5_get_kdc_issued_authdata(krb5_context kcontext,
 
     ticket_authdata = ap_req->ticket->enc_part2->authorization_data;
 
-    code = krb5int_find_authdata(kcontext,
-                                 ticket_authdata,
-                                 NULL,
-                                 KRB5_AUTHDATA_KDC_ISSUED,
-                                 &authdata);
+    code = krb5_find_authdata(kcontext, ticket_authdata, NULL,
+                              KRB5_AUTHDATA_KDC_ISSUED, &authdata);
     if (code != 0 || authdata == NULL)
         return code;
 
@@ -573,11 +570,8 @@ krb5int_authdata_verify(krb5_context kcontext,
 
         if (kdc_issued_authdata != NULL &&
             (module->flags & AD_USAGE_KDC_ISSUED)) {
-            code = krb5int_find_authdata(kcontext,
-                                         kdc_issued_authdata,
-                                         NULL,
-                                         module->ad_type,
-                                         &authdata);
+            code = krb5_find_authdata(kcontext, kdc_issued_authdata, NULL,
+                                      module->ad_type, &authdata);
             if (code != 0)
                 break;
 
@@ -599,11 +593,10 @@ krb5int_authdata_verify(krb5_context kcontext,
             if (module->flags & AD_USAGE_AP_REQ)
                 authen_usage = TRUE;
 
-            code = krb5int_find_authdata(kcontext,
-                                         ticket_usage ? ticket_authdata : NULL,
-                                         authen_usage ? authen_authdata : NULL,
-                                         module->ad_type,
-                                         &authdata);
+            code = krb5_find_authdata(kcontext,
+                                      ticket_usage ? ticket_authdata : NULL,
+                                      authen_usage ? authen_authdata : NULL,
+                                      module->ad_type, &authdata);
             if (code != 0)
                 break;
         }
index 9809b3376d9b4b9595d9512bfa63c6c9955b1123..8e95b2a91cd668fc21604d05b987564bb8805fbf 100644 (file)
@@ -154,11 +154,11 @@ find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat,
     return retval;
 }
 
-krb5_error_code
-krb5int_find_authdata(krb5_context context,
-                      krb5_authdata *const *ticket_authdata,
-                      krb5_authdata *const *ap_req_authdata,
-                      krb5_authdatatype ad_type, krb5_authdata ***results)
+krb5_error_code KRB5_CALLCONV
+krb5_find_authdata(krb5_context context,
+                   krb5_authdata *const *ticket_authdata,
+                   krb5_authdata *const *ap_req_authdata,
+                   krb5_authdatatype ad_type, krb5_authdata ***results)
 {
     krb5_error_code retval = 0;
     struct find_authdata_context fctx;
index 6e4fb21c897a83d4fc2b8c37aed00cea4a385181..dd834b9b0cd7ef5fb6abb2a53e7e5604f04b20a4 100644 (file)
@@ -47,9 +47,8 @@ krb5_authdata ad3= {
     3,
     (unsigned char *) "ab"
 };
-/* we want three results in the return from krb5int_find_authdata so
-   it has to grow its list.
-*/
+/* We want three results in the return from krb5_find_authdata so it has to
+ * grow its list.  */
 krb5_authdata ad4 = {
     KV5M_AUTHDATA,
     22,
@@ -94,8 +93,8 @@ main()
     container[0] = &ad3;
     container[1] = NULL;
     assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0);
-    assert(krb5int_find_authdata(context,
-                                 adseq1, container_out, 22, &results) == 0);
+    assert(krb5_find_authdata(context, adseq1, container_out, 22,
+                              &results) == 0);
     compare_authdata(&ad1, results[0]);
     compare_authdata( results[1], &ad4);
     compare_authdata( results[2], &ad3);
index c9d1debf204a6470b4e2d5fb6b464802bf4d1976..0afcab121ce9b63579d2697b8bc2fd9749ac4e3a 100644 (file)
@@ -257,6 +257,7 @@ krb5_encrypt_tkt_part
 krb5_externalize_data
 krb5_externalize_opaque
 krb5_fcc_ops
+krb5_find_authdata
 krb5_find_serializer
 krb5_free_ad_kdcissued
 krb5_free_ad_signedpath
@@ -607,7 +608,6 @@ krb5int_cleanup_library
 krb5int_clean_hostname
 krb5int_cm_call_select
 krb5int_copy_data_contents_add0
-krb5int_find_authdata
 krb5int_find_pa_data
 krb5int_foreach_localaddr
 krb5int_free_data_list
index 208b92b8fb44453af9110fc020b774a37ddee35c..d7ac5c4649e0136f22c60b056316595fb2d44d2f 100644 (file)
@@ -419,3 +419,4 @@ EXPORTS
        krb5_free_string                                @393
        krb5_cc_select                                  @394
        krb5_pac_sign                                   @395
+       krb5_find_authdata                              @396
index 5dbd8c12c7c24a8580718359428dbc0ac01a22b4..b26c8607594fbcd73b361ec5ec97ec2f6dc3df64 100644 (file)
@@ -65,11 +65,8 @@ greet_kdc_verify(krb5_context context,
     krb5_authdata **kdc_issued = NULL;
     krb5_authdata **greet = NULL;
 
-    code = krb5int_find_authdata(context,
-                                 enc_tkt_request->authorization_data,
-                                 NULL,
-                                 KRB5_AUTHDATA_KDC_ISSUED,
-                                 &tgt_authdata);
+    code = krb5_find_authdata(context, enc_tkt_request->authorization_data,
+                              NULL, KRB5_AUTHDATA_KDC_ISSUED, &tgt_authdata);
     if (code != 0 || tgt_authdata == NULL)
         return 0;
 
@@ -83,11 +80,7 @@ greet_kdc_verify(krb5_context context,
         return code;
     }
 
-    code = krb5int_find_authdata(context,
-                                 kdc_issued,
-                                 NULL,
-                                 -42,
-                                 &greet);
+    code = krb5_find_authdata(context, kdc_issued, NULL, -42, &greet);
     if (code == 0) {
         krb5_data tmp;
 
index a5d1567bf4c1cfda7951d5341163a9c24e9bda4c..bb07f4cccf31e5bf5102d24353cdf08fb6a2938b 100644 (file)
@@ -270,11 +270,8 @@ kh_db_sign_auth_data(krb5_context context,
 
     if (!is_as_req) {
         /* find the existing PAC, if present */
-        code = krb5int_find_authdata(context,
-                                     tgt_auth_data,
-                                     NULL,
-                                     KRB5_AUTHDATA_WIN2K_PAC,
-                                     &authdata);
+        code = krb5_find_authdata(context, tgt_auth_data, NULL,
+                                  KRB5_AUTHDATA_WIN2K_PAC, &authdata);
         if (code != 0)
             goto cleanup;
     }