IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add a skeleton kdcpolicy plugin

Browse Source 
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
This commit is contained in:
Robbie Harwood 2018-07-11 16:48:01 -04:00 committed by Alexander Bokovoy
parent 39e3704a06
commit 179c8f4009
6 changed files with 85 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configure.ac
View File

@ -231,6 +231,9 @@ AM_COND_IF([BUILD_IPA_CERTAUTH_PLUGIN], [
[AC_MSG_WARN([Cannot build IPA KDB certauth plugin])])
])
AM_CONDITIONAL([BUILD_IPA_KDCPOLICY_PLUGIN],
[test x$have_kdcpolicy_plugin = xyes])
dnl ---------------------------------------------------------------------------
dnl - Check for program paths
dnl ---------------------------------------------------------------------------

8
daemons/ipa-kdb/Makefile.am
View File

@ -46,6 +46,10 @@ if BUILD_IPA_CERTAUTH_PLUGIN
ipadb_la_SOURCES += ipa_kdb_certauth.c
endif
if BUILD_IPA_KDCPOLICY_PLUGIN
ipadb_la_SOURCES += ipa_kdb_kdcpolicy.c
endif
ipadb_la_LDFLAGS = \
-avoid-version \
-module \
@ -85,6 +89,10 @@ if BUILD_IPA_CERTAUTH_PLUGIN
ipa_kdb_tests_SOURCES += ipa_kdb_certauth.c
endif
if BUILD_IPA_KDCPOLICY_PLUGIN
ipa_kdb_tests_SOURCES += ipa_kdb_kdcpolicy.c
endif
ipa_kdb_tests_CFLAGS = $(CMOCKA_CFLAGS)
ipa_kdb_tests_LDADD = \
$(CMOCKA_LIBS) \

1
daemons/ipa-kdb/ipa_kdb.exports
View File

@ -4,6 +4,7 @@ EXPORTED {
global:
kdb_function_table;
certauth_ipakdb_initvt;
kdcpolicy_ipakdb_initvt;
# everything else is local
local:

64
daemons/ipa-kdb/ipa_kdb_kdcpolicy.c Normal file
View File

@ -0,0 +1,64 @@
/*
* Copyright (C) 2018 FreeIPA Contributors see COPYING for license
*/
#include <errno.h>
#include <syslog.h>
#include <krb5/kdcpolicy_plugin.h>
#include "ipa_krb5.h"
#include "ipa_kdb.h"
static krb5_error_code
ipa_kdcpolicy_check_as(krb5_context context, krb5_kdcpolicy_moddata moddata,
const krb5_kdc_req *request,
const krb5_db_entry *client,
const krb5_db_entry *server,
const char *const *auth_indicators,
const char **status, krb5_deltat *lifetime_out,
krb5_deltat *renew_lifetime_out)
{
*status = NULL;
*lifetime_out = 0;
*renew_lifetime_out = 0;
krb5_klog_syslog(LOG_INFO, "IPA kdcpolicy: checking AS-REQ.");
return 0;
}
static krb5_error_code
ipa_kdcpolicy_check_tgs(krb5_context context, krb5_kdcpolicy_moddata moddata,
const krb5_kdc_req *request,
const krb5_db_entry *server,
const krb5_ticket *ticket,
const char *const *auth_indicators,
const char **status, krb5_deltat *lifetime_out,
krb5_deltat *renew_lifetime_out)
{
*status = NULL;
*lifetime_out = 0;
*renew_lifetime_out = 0;
krb5_klog_syslog(LOG_INFO, "IPA kdcpolicy: checking TGS-REQ.");
return 0;
}
krb5_error_code kdcpolicy_ipakdb_initvt(krb5_context context,
int maj_ver, int min_ver,
krb5_plugin_vtable vtable)
{
krb5_kdcpolicy_vtable vt;
if (maj_ver != 1)
return KRB5_PLUGIN_VER_NOTSUPP;
vt = (krb5_kdcpolicy_vtable)vtable;
vt->name = "ipakdb";
vt->init = NULL;
vt->fini = NULL;
vt->check_as = ipa_kdcpolicy_check_as;
vt->check_tgs = ipa_kdcpolicy_check_tgs;
return 0;
}

4
install/share/freeipa-server.template
View File

@ -3,3 +3,7 @@
module = ipakdb:kdb/ipadb.so
enable_only = ipakdb
}
kdcpolicy = {
module = ipakdb:kdb/ipadb.so
enable_only = ipakdb
}

5
server.m4
View File

@ -53,6 +53,11 @@ AC_CHECK_HEADER([krb5/certauth_plugin.h],
[have_certauth_plugin=yes],
[have_certauth_plugin=no])
dnl -- Check if we can build the kdcpolicy plugin
AC_CHECK_HEADER([krb5/kdcpolicy_plugin.h],
[have_kdcpolicy_plugin=yes],
[have_kdcpolicy_plugin=no])
dnl ---------------------------------------------------------------------------
dnl - Check for KRB5 krad
dnl ---------------------------------------------------------------------------