xref: /freebsd/crypto/krb5/src/plugins/authdata/greet_server/greet_auth.c (revision 7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* plugins/authdata/greet_server/greet_auth.c */
3 /*
4  * Copyright 2009 by the Massachusetts Institute of Technology.
5  *
6  * Export of this software from the United States of America may
7  *   require a specific license from the United States Government.
8  *   It is the responsibility of any person or organization contemplating
9  *   export to obtain such a license before exporting.
10  *
11  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12  * distribute this software and its documentation for any purpose and
13  * without fee is hereby granted, provided that the above copyright
14  * notice appear in all copies and that both that copyright notice and
15  * this permission notice appear in supporting documentation, and that
16  * the name of M.I.T. not be used in advertising or publicity pertaining
17  * to distribution of the software without specific, written prior
18  * permission.  Furthermore if you modify this software you must label
19  * your software as modified software and not distribute it in such a
20  * fashion that it might be confused with the original M.I.T. software.
21  * M.I.T. makes no representations about the suitability of
22  * this software for any purpose.  It is provided "as is" without express
23  * or implied warranty.
24  */
25 
26 /*
27  *
28  * Sample authorization data plugin
29  */
30 
31 #include <k5-int.h>
32 #include <krb5/kdcauthdata_plugin.h>
33 
greet_hello(krb5_context context,krb5_data ** ret)34 static krb5_error_code greet_hello(krb5_context context, krb5_data **ret)
35 {
36     krb5_data tmp;
37 
38     tmp.data = "Hello, KDC issued acceptor world!";
39     tmp.length = strlen(tmp.data);
40 
41     return krb5_copy_data(context, &tmp, ret);
42 }
43 
44 static krb5_error_code
greet_kdc_sign(krb5_context context,krb5_enc_tkt_part * enc_tkt_reply,krb5_const_principal tgs,krb5_data * greeting)45 greet_kdc_sign(krb5_context context,
46                krb5_enc_tkt_part *enc_tkt_reply,
47                krb5_const_principal tgs,
48                krb5_data *greeting)
49 {
50     krb5_error_code code;
51     krb5_authdata ad_datum, *ad_data[2], **kdc_issued = NULL;
52     krb5_authdata **if_relevant = NULL;
53     krb5_authdata **tkt_authdata;
54 
55     ad_datum.ad_type = -42;
56     ad_datum.contents = (krb5_octet *)greeting->data;
57     ad_datum.length = greeting->length;
58 
59     ad_data[0] = &ad_datum;
60     ad_data[1] = NULL;
61 
62     code = krb5_make_authdata_kdc_issued(context,
63                                          enc_tkt_reply->session,
64                                          tgs,
65                                          ad_data,
66                                          &kdc_issued);
67     if (code != 0)
68         return code;
69 
70     code = krb5_encode_authdata_container(context,
71                                           KRB5_AUTHDATA_IF_RELEVANT,
72                                           kdc_issued,
73                                           &if_relevant);
74     if (code != 0) {
75         krb5_free_authdata(context, kdc_issued);
76         return code;
77     }
78 
79     code = krb5_merge_authdata(context,
80                                if_relevant,
81                                enc_tkt_reply->authorization_data,
82                                &tkt_authdata);
83     if (code == 0) {
84         krb5_free_authdata(context, enc_tkt_reply->authorization_data);
85         enc_tkt_reply->authorization_data = tkt_authdata;
86     }
87 
88     krb5_free_authdata(context, if_relevant);
89     krb5_free_authdata(context, kdc_issued);
90 
91     return code;
92 }
93 
94 static krb5_error_code
greet_authdata(krb5_context context,krb5_kdcauthdata_moddata moddata,unsigned int flags,krb5_db_entry * client,krb5_db_entry * server,krb5_db_entry * tgs,krb5_keyblock * client_key,krb5_keyblock * server_key,krb5_keyblock * krbtgt_key,krb5_data * req_pkt,krb5_kdc_req * request,krb5_const_principal for_user_princ,krb5_enc_tkt_part * enc_tkt_request,krb5_enc_tkt_part * enc_tkt_reply)95 greet_authdata(krb5_context context,
96                krb5_kdcauthdata_moddata moddata,
97                unsigned int flags,
98                krb5_db_entry *client,
99                krb5_db_entry *server,
100                krb5_db_entry *tgs,
101                krb5_keyblock *client_key,
102                krb5_keyblock *server_key,
103                krb5_keyblock *krbtgt_key,
104                krb5_data *req_pkt,
105                krb5_kdc_req *request,
106                krb5_const_principal for_user_princ,
107                krb5_enc_tkt_part *enc_tkt_request,
108                krb5_enc_tkt_part *enc_tkt_reply)
109 {
110     krb5_error_code code;
111     krb5_data *greeting = NULL;
112 
113     if (request->msg_type != KRB5_TGS_REQ)
114         return 0;
115 
116     code = greet_hello(context, &greeting);
117     if (code != 0)
118         return code;
119 
120     code = greet_kdc_sign(context, enc_tkt_reply, tgs->princ, greeting);
121 
122     krb5_free_data(context, greeting);
123 
124     return code;
125 }
126 
127 krb5_error_code
128 kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,
129                          krb5_plugin_vtable vtable);
130 
131 krb5_error_code
kdcauthdata_greet_initvt(krb5_context context,int maj_ver,int min_ver,krb5_plugin_vtable vtable)132 kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver,
133                          krb5_plugin_vtable vtable)
134 {
135     krb5_kdcauthdata_vtable vt = (krb5_kdcauthdata_vtable)vtable;
136 
137     vt->name = "greet";
138     vt->handle = greet_authdata;
139     return 0;
140 }
141