1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* plugins/authdata/greet_server/greet_auth.c */ 3 /* 4 * Copyright 2009 by the Massachusetts Institute of Technology. 5 * 6 * Export of this software from the United States of America may 7 * require a specific license from the United States Government. 8 * It is the responsibility of any person or organization contemplating 9 * export to obtain such a license before exporting. 10 * 11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 12 * distribute this software and its documentation for any purpose and 13 * without fee is hereby granted, provided that the above copyright 14 * notice appear in all copies and that both that copyright notice and 15 * this permission notice appear in supporting documentation, and that 16 * the name of M.I.T. not be used in advertising or publicity pertaining 17 * to distribution of the software without specific, written prior 18 * permission. Furthermore if you modify this software you must label 19 * your software as modified software and not distribute it in such a 20 * fashion that it might be confused with the original M.I.T. software. 21 * M.I.T. makes no representations about the suitability of 22 * this software for any purpose. It is provided "as is" without express 23 * or implied warranty. 24 */ 25 26 /* 27 * 28 * Sample authorization data plugin 29 */ 30 31 #include <k5-int.h> 32 #include <krb5/kdcauthdata_plugin.h> 33 34 static krb5_error_code greet_hello(krb5_context context, krb5_data **ret) 35 { 36 krb5_data tmp; 37 38 tmp.data = "Hello, KDC issued acceptor world!"; 39 tmp.length = strlen(tmp.data); 40 41 return krb5_copy_data(context, &tmp, ret); 42 } 43 44 static krb5_error_code 45 greet_kdc_sign(krb5_context context, 46 krb5_enc_tkt_part *enc_tkt_reply, 47 krb5_const_principal tgs, 48 krb5_data *greeting) 49 { 50 krb5_error_code code; 51 krb5_authdata ad_datum, *ad_data[2], **kdc_issued = NULL; 52 krb5_authdata **if_relevant = NULL; 53 krb5_authdata **tkt_authdata; 54 55 ad_datum.ad_type = -42; 56 ad_datum.contents = (krb5_octet *)greeting->data; 57 ad_datum.length = greeting->length; 58 59 ad_data[0] = &ad_datum; 60 ad_data[1] = NULL; 61 62 code = krb5_make_authdata_kdc_issued(context, 63 enc_tkt_reply->session, 64 tgs, 65 ad_data, 66 &kdc_issued); 67 if (code != 0) 68 return code; 69 70 code = krb5_encode_authdata_container(context, 71 KRB5_AUTHDATA_IF_RELEVANT, 72 kdc_issued, 73 &if_relevant); 74 if (code != 0) { 75 krb5_free_authdata(context, kdc_issued); 76 return code; 77 } 78 79 code = krb5_merge_authdata(context, 80 if_relevant, 81 enc_tkt_reply->authorization_data, 82 &tkt_authdata); 83 if (code == 0) { 84 krb5_free_authdata(context, enc_tkt_reply->authorization_data); 85 enc_tkt_reply->authorization_data = tkt_authdata; 86 } 87 88 krb5_free_authdata(context, if_relevant); 89 krb5_free_authdata(context, kdc_issued); 90 91 return code; 92 } 93 94 static krb5_error_code 95 greet_authdata(krb5_context context, 96 krb5_kdcauthdata_moddata moddata, 97 unsigned int flags, 98 krb5_db_entry *client, 99 krb5_db_entry *server, 100 krb5_db_entry *tgs, 101 krb5_keyblock *client_key, 102 krb5_keyblock *server_key, 103 krb5_keyblock *krbtgt_key, 104 krb5_data *req_pkt, 105 krb5_kdc_req *request, 106 krb5_const_principal for_user_princ, 107 krb5_enc_tkt_part *enc_tkt_request, 108 krb5_enc_tkt_part *enc_tkt_reply) 109 { 110 krb5_error_code code; 111 krb5_data *greeting = NULL; 112 113 if (request->msg_type != KRB5_TGS_REQ) 114 return 0; 115 116 code = greet_hello(context, &greeting); 117 if (code != 0) 118 return code; 119 120 code = greet_kdc_sign(context, enc_tkt_reply, tgs->princ, greeting); 121 122 krb5_free_data(context, greeting); 123 124 return code; 125 } 126 127 krb5_error_code 128 kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver, 129 krb5_plugin_vtable vtable); 130 131 krb5_error_code 132 kdcauthdata_greet_initvt(krb5_context context, int maj_ver, int min_ver, 133 krb5_plugin_vtable vtable) 134 { 135 krb5_kdcauthdata_vtable vt = (krb5_kdcauthdata_vtable)vtable; 136 137 vt->name = "greet"; 138 vt->handle = greet_authdata; 139 return 0; 140 } 141