diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-11-06 14:15:34 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:45:50 -0500 |
| commit | fb2394d309f33bdccde3a4e17f6fd994d452b425 (patch) | |
| tree | f1caf0a70e1fb2729b15f03564d1b68dbaa412e3 /source4/heimdal/lib/hdb | |
| parent | df5b70db2c228bd781d8472440858dcdf502f9f9 (diff) | |
| download | samba-fb2394d309f33bdccde3a4e17f6fd994d452b425.tar.gz samba-fb2394d309f33bdccde3a4e17f6fd994d452b425.tar.bz2 samba-fb2394d309f33bdccde3a4e17f6fd994d452b425.zip | |
r11536: Add a hook for client-principal access control to hdb-ldb, re-using
the code in auth/auth_sam.c for consistancy. This will also allow us
to have one place for a backend directory hook.
I will use a very similar hook to add the PAC.
Andrew Bartlett
(This used to be commit 4315836cd8c94eb8340c4050804face4d0066810)
Diffstat (limited to 'source4/heimdal/lib/hdb')
| -rw-r--r-- | source4/heimdal/lib/hdb/hdb-protos.h | 3 | ||||
| -rw-r--r-- | source4/heimdal/lib/hdb/hdb.c | 10 | ||||
| -rw-r--r-- | source4/heimdal/lib/hdb/hdb.h | 21 |
3 files changed, 33 insertions, 1 deletions
diff --git a/source4/heimdal/lib/hdb/hdb-protos.h b/source4/heimdal/lib/hdb/hdb-protos.h index 799f013eba..7557b46bff 100644 --- a/source4/heimdal/lib/hdb/hdb-protos.h +++ b/source4/heimdal/lib/hdb/hdb-protos.h @@ -120,6 +120,9 @@ hdb_free_entry ( hdb_entry */*ent*/); void +hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent); + +void hdb_free_key (Key */*key*/); void diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index c66579fab0..e8161afbc1 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -144,6 +144,16 @@ hdb_free_entry(krb5_context context, hdb_entry *ent) free_hdb_entry(ent); } +void +hdb_free_entry_ex(krb5_context context, hdb_entry_ex *ent) +{ + if (ent->free_private) { + ent->free_private(context, ent); + } + + free_hdb_entry(&ent->entry); +} + krb5_error_code hdb_foreach(krb5_context context, HDB *db, diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index fe86f0ae72..41cc03cf36 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -54,6 +54,23 @@ enum hdb_ent_type{ HDB_ENT_TYPE_CLIENT, HDB_ENT_TYPE_SERVER, HDB_ENT_TYPE_ANY }; typedef struct hdb_master_key_data *hdb_master_key; +typedef struct hdb_entry_ex { + struct hdb_entry entry; + void *private; + + krb5_error_code (*free_private)(krb5_context, struct hdb_entry_ex *); + krb5_error_code (*check_client_access)(krb5_context, struct hdb_entry_ex *, HostAddresses *); + krb5_error_code (*authz_data_as_req)(krb5_context, struct hdb_entry_ex *, + AuthorizationData *in, + EncryptionKey *tgtkey, + AuthorizationData *out); + krb5_error_code (*authz_data_tgs_req)(krb5_context, struct hdb_entry_ex *, + AuthorizationData *in, + EncryptionKey *tgtkey, + EncryptionKey *servicekey, + AuthorizationData *out); +} hdb_entry_ex; + typedef struct HDB{ void *hdb_db; void *hdb_dbc; @@ -66,6 +83,8 @@ typedef struct HDB{ krb5_error_code (*hdb_close)(krb5_context, struct HDB*); krb5_error_code (*hdb_fetch)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, enum hdb_ent_type ent_type, hdb_entry*); + krb5_error_code (*hdb_fetch_ex)(krb5_context,struct HDB*,unsigned hdb_flags, krb5_const_principal principal, + enum hdb_ent_type ent_type, hdb_entry_ex*); krb5_error_code (*hdb_store)(krb5_context,struct HDB*,unsigned,hdb_entry*); krb5_error_code (*hdb_remove)(krb5_context, struct HDB*, hdb_entry*); krb5_error_code (*hdb_firstkey)(krb5_context, struct HDB*, @@ -82,7 +101,7 @@ typedef struct HDB{ krb5_error_code (*hdb_destroy)(krb5_context, struct HDB*); }HDB; -#define HDB_INTERFACE_VERSION 2 +#define HDB_INTERFACE_VERSION 3 struct hdb_so_method { int version; |