xref: /freebsd-src/crypto/heimdal/kdc/windc.c (revision 6a068746777241722b2b32c5d0bc443a2a64d80b) 
1c19800e8SDoug Rabson /*
2*ae771770SStanislav Sedov  * Copyright (c) 2007 Kungliga Tekniska Högskolan
3c19800e8SDoug Rabson  * (Royal Institute of Technology, Stockholm, Sweden).
4c19800e8SDoug Rabson  * All rights reserved.
5c19800e8SDoug Rabson  *
6c19800e8SDoug Rabson  * Redistribution and use in source and binary forms, with or without
7c19800e8SDoug Rabson  * modification, are permitted provided that the following conditions
8c19800e8SDoug Rabson  * are met:
9c19800e8SDoug Rabson  *
10c19800e8SDoug Rabson  * 1. Redistributions of source code must retain the above copyright
11c19800e8SDoug Rabson  *    notice, this list of conditions and the following disclaimer.
12c19800e8SDoug Rabson  *
13c19800e8SDoug Rabson  * 2. Redistributions in binary form must reproduce the above copyright
14c19800e8SDoug Rabson  *    notice, this list of conditions and the following disclaimer in the
15c19800e8SDoug Rabson  *    documentation and/or other materials provided with the distribution.
16c19800e8SDoug Rabson  *
17c19800e8SDoug Rabson  * 3. Neither the name of the Institute nor the names of its contributors
18c19800e8SDoug Rabson  *    may be used to endorse or promote products derived from this software
19c19800e8SDoug Rabson  *    without specific prior written permission.
20c19800e8SDoug Rabson  *
21c19800e8SDoug Rabson  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22c19800e8SDoug Rabson  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23c19800e8SDoug Rabson  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24c19800e8SDoug Rabson  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25c19800e8SDoug Rabson  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26c19800e8SDoug Rabson  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27c19800e8SDoug Rabson  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28c19800e8SDoug Rabson  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29c19800e8SDoug Rabson  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30c19800e8SDoug Rabson  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31c19800e8SDoug Rabson  * SUCH DAMAGE.
32c19800e8SDoug Rabson  */
33c19800e8SDoug Rabson 
34c19800e8SDoug Rabson #include "kdc_locl.h"
35c19800e8SDoug Rabson 
36c19800e8SDoug Rabson static krb5plugin_windc_ftable *windcft;
37c19800e8SDoug Rabson static void *windcctx;
38c19800e8SDoug Rabson 
39c19800e8SDoug Rabson /*
40c19800e8SDoug Rabson  * Pick the first WINDC module that we find.
41c19800e8SDoug Rabson  */
42c19800e8SDoug Rabson 
43c19800e8SDoug Rabson krb5_error_code
krb5_kdc_windc_init(krb5_context context)44c19800e8SDoug Rabson krb5_kdc_windc_init(krb5_context context)
45c19800e8SDoug Rabson {
46c19800e8SDoug Rabson     struct krb5_plugin *list = NULL, *e;
47c19800e8SDoug Rabson     krb5_error_code ret;
48c19800e8SDoug Rabson 
49c19800e8SDoug Rabson     ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "windc", &list);
50c19800e8SDoug Rabson     if(ret != 0 || list == NULL)
51c19800e8SDoug Rabson 	return 0;
52c19800e8SDoug Rabson 
53c19800e8SDoug Rabson     for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) {
54c19800e8SDoug Rabson 
55c19800e8SDoug Rabson 	windcft = _krb5_plugin_get_symbol(e);
56*ae771770SStanislav Sedov 	if (windcft->minor_version < KRB5_WINDC_PLUGIN_MINOR)
57c19800e8SDoug Rabson 	    continue;
58c19800e8SDoug Rabson 
59c19800e8SDoug Rabson 	(*windcft->init)(context, &windcctx);
60c19800e8SDoug Rabson 	break;
61c19800e8SDoug Rabson     }
62c19800e8SDoug Rabson     _krb5_plugin_free(list);
63*ae771770SStanislav Sedov     if (e == NULL) {
64*ae771770SStanislav Sedov 	krb5_set_error_message(context, ENOENT, "Did not find any WINDC plugin");
65c19800e8SDoug Rabson 	windcft = NULL;
66c19800e8SDoug Rabson 	return ENOENT;
67c19800e8SDoug Rabson     }
68c19800e8SDoug Rabson 
69c19800e8SDoug Rabson     return 0;
70c19800e8SDoug Rabson }
71c19800e8SDoug Rabson 
72c19800e8SDoug Rabson 
73c19800e8SDoug Rabson krb5_error_code
_kdc_pac_generate(krb5_context context,hdb_entry_ex * client,krb5_pac * pac)74c19800e8SDoug Rabson _kdc_pac_generate(krb5_context context,
75c19800e8SDoug Rabson 		  hdb_entry_ex *client,
76c19800e8SDoug Rabson 		  krb5_pac *pac)
77c19800e8SDoug Rabson {
78c19800e8SDoug Rabson     *pac = NULL;
79c19800e8SDoug Rabson     if (windcft == NULL)
80c19800e8SDoug Rabson 	return 0;
81c19800e8SDoug Rabson     return (windcft->pac_generate)(windcctx, context, client, pac);
82c19800e8SDoug Rabson }
83c19800e8SDoug Rabson 
84c19800e8SDoug Rabson krb5_error_code
_kdc_pac_verify(krb5_context context,const krb5_principal client_principal,const krb5_principal delegated_proxy_principal,hdb_entry_ex * client,hdb_entry_ex * server,hdb_entry_ex * krbtgt,krb5_pac * pac,int * verified)85c19800e8SDoug Rabson _kdc_pac_verify(krb5_context context,
86c19800e8SDoug Rabson 		const krb5_principal client_principal,
87*ae771770SStanislav Sedov 		const krb5_principal delegated_proxy_principal,
88c19800e8SDoug Rabson 		hdb_entry_ex *client,
89c19800e8SDoug Rabson 		hdb_entry_ex *server,
90*ae771770SStanislav Sedov 		hdb_entry_ex *krbtgt,
91*ae771770SStanislav Sedov 		krb5_pac *pac,
92*ae771770SStanislav Sedov 		int *verified)
93c19800e8SDoug Rabson {
94*ae771770SStanislav Sedov     krb5_error_code ret;
95*ae771770SStanislav Sedov 
96*ae771770SStanislav Sedov     if (windcft == NULL)
97*ae771770SStanislav Sedov 	return 0;
98*ae771770SStanislav Sedov 
99*ae771770SStanislav Sedov     ret = windcft->pac_verify(windcctx, context,
100*ae771770SStanislav Sedov 			      client_principal,
101*ae771770SStanislav Sedov 			      delegated_proxy_principal,
102*ae771770SStanislav Sedov 			      client, server, krbtgt, pac);
103*ae771770SStanislav Sedov     if (ret == 0)
104*ae771770SStanislav Sedov 	*verified = 1;
105*ae771770SStanislav Sedov     return ret;
106c19800e8SDoug Rabson }
107c19800e8SDoug Rabson 
108c19800e8SDoug Rabson krb5_error_code
_kdc_check_access(krb5_context context,krb5_kdc_configuration * config,hdb_entry_ex * client_ex,const char * client_name,hdb_entry_ex * server_ex,const char * server_name,KDC_REQ * req,krb5_data * e_data)109*ae771770SStanislav Sedov _kdc_check_access(krb5_context context,
110*ae771770SStanislav Sedov 		  krb5_kdc_configuration *config,
111*ae771770SStanislav Sedov 		  hdb_entry_ex *client_ex, const char *client_name,
112*ae771770SStanislav Sedov 		  hdb_entry_ex *server_ex, const char *server_name,
113*ae771770SStanislav Sedov 		  KDC_REQ *req,
114*ae771770SStanislav Sedov 		  krb5_data *e_data)
115c19800e8SDoug Rabson {
116c19800e8SDoug Rabson     if (windcft == NULL)
117*ae771770SStanislav Sedov 	    return kdc_check_flags(context, config,
118*ae771770SStanislav Sedov 				   client_ex, client_name,
119*ae771770SStanislav Sedov 				   server_ex, server_name,
120*ae771770SStanislav Sedov 				   req->msg_type == krb_as_req);
121*ae771770SStanislav Sedov 
122*ae771770SStanislav Sedov     return (windcft->client_access)(windcctx,
123*ae771770SStanislav Sedov 				    context, config,
124*ae771770SStanislav Sedov 				    client_ex, client_name,
125*ae771770SStanislav Sedov 				    server_ex, server_name,
126*ae771770SStanislav Sedov 				    req, e_data);
127c19800e8SDoug Rabson }
128