Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: ghudson@mit.edu Subject: git commit X-RT-Original-Encoding: iso-8859-1 Content-Length: 2161 Add KDC policy pluggable interface Add the header include/krb5/kdcpolicy_plugin.h, defining a pluggable interface for modules to deny AS and TGS requests and set maximum ticket lifetimes. This interface replaces the policy.c stub functions. Add check_kdcpolicy_as() and check_kdcpolicy_tgs() as entry functions. Call them after auth indicators and ticket lifetimes have been determined. Add a test module and a test script with basic kdcpolicy tests. Add plugin interface documentation in doc/plugindev/policy.rst. Also authored by Matt Rogers . https://github.com/krb5/krb5/commit/d0969f6a8170344031ef58fd2a161190f1edfb96 Author: Robbie Harwood Committer: Greg Hudson Commit: d0969f6a8170344031ef58fd2a161190f1edfb96 Branch: master doc/plugindev/index.rst | 1 + doc/plugindev/kdcpolicy.rst | 24 ++ src/Makefile.in | 1 + src/configure.in | 1 + src/include/Makefile.in | 1 + src/include/k5-int.h | 3 +- src/include/k5-trace.h | 5 + src/include/krb5/kdcpolicy_plugin.h | 128 +++++++++++ src/kdc/do_as_req.c | 7 + src/kdc/do_tgs_req.c | 6 + src/kdc/kdc_util.c | 7 - src/kdc/kdc_util.h | 11 - src/kdc/main.c | 8 + src/kdc/policy.c | 267 ++++++++++++++++++++---- src/kdc/policy.h | 19 ++- src/kdc/tgs_policy.c | 6 - src/lib/krb5/krb/plugin.c | 3 +- src/plugins/kdcpolicy/test/Makefile.in | 20 ++ src/plugins/kdcpolicy/test/main.c | 111 ++++++++++ src/plugins/kdcpolicy/test/policy_test.exports | 1 + src/tests/Makefile.in | 1 + src/tests/t_kdcpolicy.py | 57 +++++ 22 files changed, 614 insertions(+), 74 deletions(-)