From: Sam Hartman Date: Mon, 6 Jan 2003 22:51:16 +0000 (+0000) Subject: Implement krb5_auth_con_set_checksum_func, an API for setting a X-Git-Tag: krb5-1.3-alpha1~191 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1e7b3aff6d2e43f507774b2db887086035cd32a9;p=krb5.git Implement krb5_auth_con_set_checksum_func, an API for setting a callback to specify the data to be checksummed by krb5_mk_req after the auth_context has been set up. Mainly useful for GSSAPI. Ticket: 1054 Status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15084 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 2b6e7d46e..76a2a95ec 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +2003-01-06 Sam Hartman + + * krb5.hin: Add support for setting a callback to generate the + data checksummed by mk_req + 2003-01-03 Ezra Peisach * fake-addrinfo.h (freeaddrinfo): Do not free a NULL pointer. diff --git a/src/include/krb5.hin b/src/include/krb5.hin index 9d2d1ef8e..e238f7a60 100644 --- a/src/include/krb5.hin +++ b/src/include/krb5.hin @@ -1,7 +1,7 @@ /* * include/krb5.h * - * Copyright 1989,1990,1995,2001 by the Massachusetts Institute of Technology. + * Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -1159,6 +1159,13 @@ typedef struct krb5_replay_data { #define KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR 0x00000004 #define KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR 0x00000008 +/* type of function used as a callback to generate checksum data for + * mk_req*/ + +typedef krb5_error_code KRB5_CALLCONV +(* krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context , void *, + krb5_data **); + /* * end "safepriv.h" */ @@ -2103,6 +2110,14 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getflags krb5_auth_context, krb5_int32 *); +krb5_error_code KRB5_CALLCONV +krb5_auth_con_set_checksum_func (krb5_context, krb5_auth_context, + krb5_mk_req_checksum_func, void *); + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_get_checksum_func( krb5_context, krb5_auth_context, + krb5_mk_req_checksum_func *, void **); + krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_setaddrs (krb5_context, krb5_auth_context, diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index 96bc29cb1..ebebb7334 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,7 @@ +2003-01-06 Sam Hartman + + * krb5_32.def: Export krb5_auth_con_*_checksum_func + 2002-12-02 Tom Yu * win_glue.c: Put kadm_err.et references back in. diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index b0a1ec724..e12afdce6 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,16 @@ +2003-01-06 Sam Hartman + + * mk_req_ext.c (krb5_mk_req_extended): Inf no in_data is provided + but krb5_auth_con_set_checksum_func has been called, then use that + callback to generate the in_data. + + * auth_con.c (krb5_auth_con_init): Initialize checksum_func fields + (krb5_auth_con_set_checksum_func): new function-- set the mk_req + checksum function + (krb5_auth_con_get_checksum_func): return the same + + * auth_con.h: Add checksum_func and checksum_func_data + 2002-12-23 Ezra Peisach * t_kerb.c: Include string.h for strcmp prototype. diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c index 7c60785ad..09ccf9808 100644 --- a/src/lib/krb5/krb/auth_con.c +++ b/src/lib/krb5/krb/auth_con.c @@ -38,6 +38,8 @@ krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context) (*auth_context)->req_cksumtype = context->default_ap_req_sumtype; (*auth_context)->safe_cksumtype = context->default_safe_sumtype; + (*auth_context) -> checksum_func = NULL; + (*auth_context)->checksum_func_data = NULL; (*auth_context)->magic = KV5M_AUTH_CONTEXT; return 0; } @@ -335,3 +337,25 @@ krb5_auth_con_getpermetypes(krb5_context context, krb5_auth_context auth_context return(0); } + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_set_checksum_func( krb5_context context, + krb5_auth_context auth_context, + krb5_mk_req_checksum_func func, + void *data) +{ + auth_context->checksum_func = func; + auth_context->checksum_func_data = data; + return 0; +} + +krb5_error_code KRB5_CALLCONV +krb5_auth_con_get_checksum_func( krb5_context context, + krb5_auth_context auth_context, + krb5_mk_req_checksum_func *func, + void **data) +{ + *func = auth_context->checksum_func; + *data = auth_context->checksum_func_data; + return 0; +} diff --git a/src/lib/krb5/krb/auth_con.h b/src/lib/krb5/krb/auth_con.h index e6704169e..d83d6b86e 100644 --- a/src/lib/krb5/krb/auth_con.h +++ b/src/lib/krb5/krb/auth_con.h @@ -21,6 +21,8 @@ struct _krb5_auth_context { krb5_pointer i_vector; /* mk_priv, rd_priv only */ krb5_rcache rcache; krb5_enctype * permitted_etypes; /* rd_req */ + krb5_mk_req_checksum_func checksum_func; + void *checksum_func_data; }; diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c index 5e07f7b66..c2cd63b91 100644 --- a/src/lib/krb5/krb/mk_req_ext.c +++ b/src/lib/krb5/krb/mk_req_ext.c @@ -140,7 +140,17 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, goto cleanup; } + if (!in_data &&(*auth_context)->checksum_func) { + if (in_data) { + retval = (*auth_context)->checksum_func( context, + *auth_context, + (*auth_context)->checksum_func_data, + &in_data); + if (retval) + goto cleanup_cksum; + } + if ((*auth_context)->req_cksumtype == 0x8003) { /* XXX Special hack for GSSAPI */ checksum.checksum_type = 0x8003; diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index 2e9d5fc3f..79f4cc74a 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -181,6 +181,8 @@ EXPORTS krb5_auth_con_getauthenticator krb5_auth_con_set_req_cksumtype krb5_auth_con_setrcache +krb5_auth_con_set_checksum_func +krb5_auth_con_get_checksum_func ; krb5_cc_default krb5_cc_default_name