From: Greg Hudson Date: Mon, 28 Dec 2009 19:59:10 +0000 (+0000) Subject: Add a new profile variable preauth_module_dir, which specifies X-Git-Tag: krb5-1.8-alpha1~52 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=2ac5e971bc33535cc37edf4668cbdfa9f3e3b7a8;p=krb5.git Add a new profile variable preauth_module_dir, which specifies directories to look for preauth plugins in prior to the hardcoded locations. Undocumented for now since, like db_module_dir, this is mostly intended for the test suite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23531 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index a70eae9c5..ec5843f35 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -242,6 +242,7 @@ typedef INT64_TYPE krb5_int64; #define KRB5_CONF_MAX_RENEWABLE_LIFE "max_renewable_life" #define KRB5_CONF_NOADDRESSES "noaddresses" #define KRB5_CONF_PERMITTED_ENCTYPES "permitted_enctypes" +#define KRB5_CONF_PREAUTH_MODULE_DIR "preauth_module_dir" #define KRB5_CONF_PREFERRED_PREAUTH_TYPES "preferred_preauth_types" #define KRB5_CONF_PROXIABLE "proxiable" #define KRB5_CONF_RDNS "rdns" diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 8b9cd36cd..d1d2827de 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -45,7 +45,9 @@ #endif #if TARGET_OS_MAC -static const char *objdirs[] = { KRB5_PLUGIN_BUNDLE_DIR, LIBDIR "/krb5/plugins/preauth", NULL }; /* should be a list */ +static const char *objdirs[] = { KRB5_PLUGIN_BUNDLE_DIR, + LIBDIR "/krb5/plugins/preauth", + NULL }; #else static const char *objdirs[] = { LIBDIR "/krb5/plugins/preauth", NULL }; #endif @@ -68,6 +70,50 @@ typedef struct _pa_types_t { int flags; } pa_types_t; +/* Open plugin directories for preauth modules. */ +static krb5_error_code +open_preauth_plugin_dirs(krb5_context kcontext) +{ + static const char *path[] = { + KRB5_CONF_LIBDEFAULTS, KRB5_CONF_PREAUTH_MODULE_DIR, NULL, + }; + char **profpath = NULL; + const char **plugindirs = NULL; + size_t nprofdirs, nobjdirs; + krb5_error_code retval; + + /* Fetch the list of paths specified in the profile, if any. */ + retval = profile_get_values(kcontext->profile, path, &profpath); + if (retval != 0 && retval != PROF_NO_RELATION) + return retval; + + /* Count the number of profile dirs. */ + nprofdirs = 0; + if (profpath) { + while (profpath[nprofdirs] != NULL) + nprofdirs++; + } + + nobjdirs = sizeof(objdirs) / sizeof(*objdirs); + plugindirs = k5alloc((nprofdirs + nobjdirs) * sizeof(char *), &retval); + if (retval != 0) + goto cleanup; + + /* Concatenate the profile and hardcoded directory lists. */ + if (profpath) + memcpy(plugindirs, profpath, nprofdirs * sizeof(char *)); + memcpy(plugindirs + nprofdirs, objdirs, nobjdirs * sizeof(char *)); + + retval = krb5int_open_plugin_dirs(plugindirs, NULL, + &kcontext->preauth_plugins, + &kcontext->err); + +cleanup: + profile_free_list(profpath); + free(plugindirs); + return retval; +} + /* Create the per-krb5_context context. This means loading the modules * if we haven't done that yet (applications which never obtain initial * credentials should never hit this routine), breaking up the module's @@ -90,11 +136,8 @@ krb5_init_preauth_context(krb5_context kcontext) /* load the plugins for the current context */ if (PLUGIN_DIR_OPEN(&kcontext->preauth_plugins) == 0) { - if (krb5int_open_plugin_dirs(objdirs, NULL, - &kcontext->preauth_plugins, - &kcontext->err) != 0) { + if (open_preauth_plugin_dirs(kcontext) != 0) return; - } } /* pull out the module function tables for all of the modules */