From: Greg Hudson Date: Tue, 25 Oct 2011 18:30:14 +0000 (+0000) Subject: Make krb5_find_authdata public X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cf14be326bc26256dd88222100744e18ef139040;p=krb5.git Make krb5_find_authdata public Rename krb5int_find_authdata to krb5_find_authdata and make it public. ticket: 6992 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25414 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 53504c797..92cbe87f5 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2615,12 +2615,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_default_config_files(char ***filenames); void KRB5_CALLCONV krb5_free_config_files(char **filenames); -krb5_error_code krb5int_find_authdata(krb5_context context, - krb5_authdata *const *ticket_authdata, - krb5_authdata *const *ap_req_authdata, - krb5_authdatatype ad_type, - krb5_authdata ***results); - krb5_error_code krb5_rd_req_decoded(krb5_context, krb5_auth_context *, const krb5_ap_req *, krb5_const_principal, krb5_keytab, krb5_flags *, krb5_ticket **); diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index d3829791d..28f83d5ae 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -3843,6 +3843,27 @@ krb5_error_code KRB5_CALLCONV krb5_copy_authdata(krb5_context context, krb5_authdata *const *in_authdat, krb5_authdata ***out); +/** + * Find authorization data elements. + * + * @param [in] context Library context + * @param [in] ticket_authdata Authorization data list from ticket + * @param [in] ap_req_authdata Authorization data list from AP request + * @param [in] ad_type Authorization data type to find + * @param [out] results List of matching entries + * + * This function searches @a ticket_authdata and @a ap_req_authdata for + * elements of type @a ad_type. Either input list may be NULL, in which case + * it will not be searched; otherwise, the input lists must be terminated by + * NULL entries. This function will search inside AD-IF-RELEVANT containers if + * found in either list. Use krb5_free_authdata() to free @a results when it + * is no longer needed. + */ +krb5_error_code KRB5_CALLCONV +krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata, + krb5_authdata *const *ap_req_authdata, + krb5_authdatatype ad_type, krb5_authdata ***results); + /** * Merge two authorization data lists into a new list. * diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 0dc3725a8..ed0b28157 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -902,11 +902,8 @@ verify_ad_signedpath(krb5_context context, *pdelegated = NULL; *path_is_signed = FALSE; - code = krb5int_find_authdata(context, - enc_tkt_part->authorization_data, - NULL, - KRB5_AUTHDATA_SIGNTICKET, - &sp_authdata); + code = krb5_find_authdata(context, enc_tkt_part->authorization_data, NULL, + KRB5_AUTHDATA_SIGNTICKET, &sp_authdata); if (code != 0) goto cleanup; diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index e5c554f1b..039a06ac5 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -284,10 +284,10 @@ kdc_process_tgs_req(krb5_kdc_req *request, const krb5_fulladdr *from, &authenticator))) goto cleanup_auth_context; - retval = krb5int_find_authdata(kdc_context, - (*ticket)->enc_part2->authorization_data, - authenticator->authorization_data, - KRB5_AUTHDATA_FX_ARMOR, &authdata); + retval = krb5_find_authdata(kdc_context, + (*ticket)->enc_part2->authorization_data, + authenticator->authorization_data, + KRB5_AUTHDATA_FX_ARMOR, &authdata); if (retval != 0) goto cleanup_authenticator; if (authdata&& authdata[0]) { diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c index 414e8bcac..546fb82dc 100644 --- a/src/lib/krb5/krb/authdata.c +++ b/src/lib/krb5/krb/authdata.c @@ -514,11 +514,8 @@ k5_get_kdc_issued_authdata(krb5_context kcontext, ticket_authdata = ap_req->ticket->enc_part2->authorization_data; - code = krb5int_find_authdata(kcontext, - ticket_authdata, - NULL, - KRB5_AUTHDATA_KDC_ISSUED, - &authdata); + code = krb5_find_authdata(kcontext, ticket_authdata, NULL, + KRB5_AUTHDATA_KDC_ISSUED, &authdata); if (code != 0 || authdata == NULL) return code; @@ -573,11 +570,8 @@ krb5int_authdata_verify(krb5_context kcontext, if (kdc_issued_authdata != NULL && (module->flags & AD_USAGE_KDC_ISSUED)) { - code = krb5int_find_authdata(kcontext, - kdc_issued_authdata, - NULL, - module->ad_type, - &authdata); + code = krb5_find_authdata(kcontext, kdc_issued_authdata, NULL, + module->ad_type, &authdata); if (code != 0) break; @@ -599,11 +593,10 @@ krb5int_authdata_verify(krb5_context kcontext, if (module->flags & AD_USAGE_AP_REQ) authen_usage = TRUE; - code = krb5int_find_authdata(kcontext, - ticket_usage ? ticket_authdata : NULL, - authen_usage ? authen_authdata : NULL, - module->ad_type, - &authdata); + code = krb5_find_authdata(kcontext, + ticket_usage ? ticket_authdata : NULL, + authen_usage ? authen_authdata : NULL, + module->ad_type, &authdata); if (code != 0) break; } diff --git a/src/lib/krb5/krb/authdata_dec.c b/src/lib/krb5/krb/authdata_dec.c index 9809b3376..8e95b2a91 100644 --- a/src/lib/krb5/krb/authdata_dec.c +++ b/src/lib/krb5/krb/authdata_dec.c @@ -154,11 +154,11 @@ find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat, return retval; } -krb5_error_code -krb5int_find_authdata(krb5_context context, - krb5_authdata *const *ticket_authdata, - krb5_authdata *const *ap_req_authdata, - krb5_authdatatype ad_type, krb5_authdata ***results) +krb5_error_code KRB5_CALLCONV +krb5_find_authdata(krb5_context context, + krb5_authdata *const *ticket_authdata, + krb5_authdata *const *ap_req_authdata, + krb5_authdatatype ad_type, krb5_authdata ***results) { krb5_error_code retval = 0; struct find_authdata_context fctx; diff --git a/src/lib/krb5/krb/t_authdata.c b/src/lib/krb5/krb/t_authdata.c index 6e4fb21c8..dd834b9b0 100644 --- a/src/lib/krb5/krb/t_authdata.c +++ b/src/lib/krb5/krb/t_authdata.c @@ -47,9 +47,8 @@ krb5_authdata ad3= { 3, (unsigned char *) "ab" }; -/* we want three results in the return from krb5int_find_authdata so - it has to grow its list. -*/ +/* We want three results in the return from krb5_find_authdata so it has to + * grow its list. */ krb5_authdata ad4 = { KV5M_AUTHDATA, 22, @@ -94,8 +93,8 @@ main() container[0] = &ad3; container[1] = NULL; assert(krb5_encode_authdata_container( context, KRB5_AUTHDATA_IF_RELEVANT, container, &container_out) == 0); - assert(krb5int_find_authdata(context, - adseq1, container_out, 22, &results) == 0); + assert(krb5_find_authdata(context, adseq1, container_out, 22, + &results) == 0); compare_authdata(&ad1, results[0]); compare_authdata( results[1], &ad4); compare_authdata( results[2], &ad3); diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index c9d1debf2..0afcab121 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -257,6 +257,7 @@ krb5_encrypt_tkt_part krb5_externalize_data krb5_externalize_opaque krb5_fcc_ops +krb5_find_authdata krb5_find_serializer krb5_free_ad_kdcissued krb5_free_ad_signedpath @@ -607,7 +608,6 @@ krb5int_cleanup_library krb5int_clean_hostname krb5int_cm_call_select krb5int_copy_data_contents_add0 -krb5int_find_authdata krb5int_find_pa_data krb5int_foreach_localaddr krb5int_free_data_list diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index 208b92b8f..d7ac5c464 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -419,3 +419,4 @@ EXPORTS krb5_free_string @393 krb5_cc_select @394 krb5_pac_sign @395 + krb5_find_authdata @396 diff --git a/src/plugins/authdata/greet_server/greet_auth.c b/src/plugins/authdata/greet_server/greet_auth.c index 5dbd8c12c..b26c86075 100644 --- a/src/plugins/authdata/greet_server/greet_auth.c +++ b/src/plugins/authdata/greet_server/greet_auth.c @@ -65,11 +65,8 @@ greet_kdc_verify(krb5_context context, krb5_authdata **kdc_issued = NULL; krb5_authdata **greet = NULL; - code = krb5int_find_authdata(context, - enc_tkt_request->authorization_data, - NULL, - KRB5_AUTHDATA_KDC_ISSUED, - &tgt_authdata); + code = krb5_find_authdata(context, enc_tkt_request->authorization_data, + NULL, KRB5_AUTHDATA_KDC_ISSUED, &tgt_authdata); if (code != 0 || tgt_authdata == NULL) return 0; @@ -83,11 +80,7 @@ greet_kdc_verify(krb5_context context, return code; } - code = krb5int_find_authdata(context, - kdc_issued, - NULL, - -42, - &greet); + code = krb5_find_authdata(context, kdc_issued, NULL, -42, &greet); if (code == 0) { krb5_data tmp; diff --git a/src/plugins/kdb/hdb/kdb_windc.c b/src/plugins/kdb/hdb/kdb_windc.c index a5d1567bf..bb07f4ccc 100644 --- a/src/plugins/kdb/hdb/kdb_windc.c +++ b/src/plugins/kdb/hdb/kdb_windc.c @@ -270,11 +270,8 @@ kh_db_sign_auth_data(krb5_context context, if (!is_as_req) { /* find the existing PAC, if present */ - code = krb5int_find_authdata(context, - tgt_auth_data, - NULL, - KRB5_AUTHDATA_WIN2K_PAC, - &authdata); + code = krb5_find_authdata(context, tgt_auth_data, NULL, + KRB5_AUTHDATA_WIN2K_PAC, &authdata); if (code != 0) goto cleanup; }