From: | ghudson@mit.edu |
Subject: | git commit |
Add KDC policy pluggable interface
Add the header include/krb5/kdcpolicy_plugin.h, defining a pluggable
interface for modules to deny AS and TGS requests and set maximum
ticket lifetimes. This interface replaces the policy.c stub functions.
Add check_kdcpolicy_as() and check_kdcpolicy_tgs() as entry functions.
Call them after auth indicators and ticket lifetimes have been
determined.
Add a test module and a test script with basic kdcpolicy tests. Add
plugin interface documentation in doc/plugindev/policy.rst.
Also authored by Matt Rogers <mrogers@redhat.com>.
https://github.com/krb5/krb5/commit/d0969f6a8170344031ef58fd2a161190f1edfb96
Author: Robbie Harwood <rharwood@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: d0969f6a8170344031ef58fd2a161190f1edfb96
Branch: master
doc/plugindev/index.rst | 1 +
doc/plugindev/kdcpolicy.rst | 24 ++
src/Makefile.in | 1 +
src/configure.in | 1 +
src/include/Makefile.in | 1 +
src/include/k5-int.h | 3 +-
src/include/k5-trace.h | 5 +
src/include/krb5/kdcpolicy_plugin.h | 128 +++++++++++
src/kdc/do_as_req.c | 7 +
src/kdc/do_tgs_req.c | 6 +
src/kdc/kdc_util.c | 7 -
src/kdc/kdc_util.h | 11 -
src/kdc/main.c | 8 +
src/kdc/policy.c | 267 ++++++++++++++++++++----
src/kdc/policy.h | 19 ++-
src/kdc/tgs_policy.c | 6 -
src/lib/krb5/krb/plugin.c | 3 +-
src/plugins/kdcpolicy/test/Makefile.in | 20 ++
src/plugins/kdcpolicy/test/main.c | 111 ++++++++++
src/plugins/kdcpolicy/test/policy_test.exports | 1 +
src/tests/Makefile.in | 1 +
src/tests/t_kdcpolicy.py | 57 +++++
22 files changed, 614 insertions(+), 74 deletions(-)