Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/plugins/authdata/greet_server/greet_auth.c
34909 views
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */

2
/* plugins/authdata/greet_server/greet_auth.c */

3
/*

4
 * Copyright 2009 by the Massachusetts Institute of Technology.

5
 *

6
 * Export of this software from the United States of America may

7
 *   require a specific license from the United States Government.

8
 *   It is the responsibility of any person or organization contemplating

9
 *   export to obtain such a license before exporting.

10
 *

11
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and

12
 * distribute this software and its documentation for any purpose and

13
 * without fee is hereby granted, provided that the above copyright

14
 * notice appear in all copies and that both that copyright notice and

15
 * this permission notice appear in supporting documentation, and that

16
 * the name of M.I.T. not be used in advertising or publicity pertaining

17
 * to distribution of the software without specific, written prior

18
 * permission.  Furthermore if you modify this software you must label

19
 * your software as modified software and not distribute it in such a

20
 * fashion that it might be confused with the original M.I.T. software.

21
 * M.I.T. makes no representations about the suitability of

22
 * this software for any purpose.  It is provided "as is" without express

23
 * or implied warranty.

24
 */

25


26
/*

27
 *

28
 * Sample authorization data plugin

29
 */

30


31
#include <k5-int.h>

32
#include <krb5/kdcauthdata_plugin.h>

33


34
static krb5_error_code greet_hello(krb5_context context, krb5_data **ret)

35
{

36
    krb5_data tmp;

37


38
    tmp.data = "Hello, KDC issued acceptor world!";

39
    tmp.length = strlen(tmp.data);

40


41
    return krb5_copy_data(context, &tmp, ret);

42
}

43


44
static krb5_error_code

45
greet_kdc_sign(krb5_context context,

46
               krb5_enc_tkt_part *enc_tkt_reply,

47
               krb5_const_principal tgs,

48
               krb5_data *greeting)

49
{

50
    krb5_error_code code;

51
    krb5_authdata ad_datum, *ad_data[2], **kdc_issued = NULL;

52
    krb5_authdata **if_relevant = NULL;

53
    krb5_authdata **tkt_authdata;

54


55
    ad_datum.ad_type = -42;

56
    ad_datum.contents = (krb5_octet *)greeting->data;

57
    ad_datum.length = greeting->length;

58


59
    ad_data[0] = &ad_datum;

60
    ad_data[1] = NULL;

61


62
    code = krb5_make_authdata_kdc_issued(context,

63
                                         enc_tkt_reply->session,

64
                                         tgs,

65
                                         ad_data,

66
                                         &kdc_issued);

67
    if (code != 0)

68
        return code;

69


70
    code = krb5_encode_authdata_container(context,

71
                                          KRB5_AUTHDATA_IF_RELEVANT,

72
                                          kdc_issued,

73
                                          &if_relevant);

74
    if (code != 0) {

75
        krb5_free_authdata(context, kdc_issued);

76
        return code;

77
    }

78


79
    code = krb5_merge_authdata(context,

80
                               if_relevant,

81
                               enc_tkt_reply->authorization_data,

82
                               &tkt_authdata);

83
    if (code == 0) {

84
        krb5_free_authdata(context, enc_tkt_reply->authorization_data);

85
        enc_tkt_reply->authorization_data = tkt_authdata;

86
    }

87


88
    krb5_free_authdata(context, if_relevant);

89
    krb5_free_authdata(context, kdc_issued);

90


91
    return code;

92
}

93


94
static krb5_error_code

95
greet_authdata(krb5_context context,

96
               krb5_kdcauthdata_moddata moddata,

97
               unsigned int flags,

98
               krb5_db_entry *client,

99
               krb5_db_entry *server,

100
               krb5_db_entry *tgs,

101
               krb5_keyblock *client_key,

102
               krb5_keyblock *server_key,

103
               krb5_keyblock *krbtgt_key,

104
               krb5_data *req_pkt,

105
               krb5_kdc_req *request,

106
               krb5_const_principal for_user_princ,

107
               krb5_enc_tkt_part *enc_tkt_request,

108
               krb5_enc_tkt_part *enc_tkt_reply)

109
{

110
    krb5_error_code code;

111
    krb5_data *greeting = NULL;

112


113
    if (request->msg_type != KRB5_TGS_REQ)

114
        return 0;

115


116
    code = greet_hello(context, &greeting);

117
    if (code != 0)

118
        return code;

119


120
    code = greet_kdc_sign(context, enc_tkt_reply, tgs->princ, greeting);

121


122
    krb5_free_data(context, greeting);

123


124
    return code;

125
}

126


127
krb5_error_code

128
kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,

129
                         krb5_plugin_vtable vtable);

130


131
krb5_error_code

132
kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,

133
                         krb5_plugin_vtable vtable)

134
{

135
    krb5_kdcauthdata_vtable vt = (krb5_kdcauthdata_vtable)vtable;

136


137
    vt->name = "greet";

138
    vt->handle = greet_authdata;

139
    return 0;

140
}

141


142