int
main()
{
k5_response_items *ri;
check(k5_response_items_new(&ri));
check_pred(k5_response_items_empty(ri));
check(k5_response_items_ask_question(ri, TEST_STR1, TEST_STR1));
check(k5_response_items_ask_question(ri, TEST_STR2, NULL));
check_pred(nstrcmp(k5_response_items_get_challenge(ri, TEST_STR1),
TEST_STR1) == 0);
check_pred(nstrcmp(k5_response_items_get_challenge(ri, TEST_STR2),
NULL) == 0);
check_pred(!k5_response_items_empty(ri));
k5_response_items_reset(ri);
check_pred(k5_response_items_empty(ri));
check_pred(k5_response_items_get_challenge(ri, TEST_STR1) == NULL);
check_pred(k5_response_items_get_challenge(ri, TEST_STR2) == NULL);
check(k5_response_items_ask_question(ri, TEST_STR1, TEST_STR1));
check_pred(nstrcmp(k5_response_items_get_challenge(ri, TEST_STR1),
TEST_STR1) == 0);
check(k5_response_items_set_answer(ri, TEST_STR1, TEST_STR1));
check_pred(nstrcmp(k5_response_items_get_answer(ri, TEST_STR1),
TEST_STR1) == 0);
k5_response_items_free(ri);
return 0;
}
krb5_error_code KRB5_CALLCONV
krb5_do_preauth(krb5_context context, krb5_kdc_req *request,
krb5_data *encoded_request_body,
krb5_data *encoded_previous_request,
krb5_pa_data **in_padata, krb5_pa_data ***out_padata,
krb5_prompter_fct prompter, void *prompter_data,
krb5_clpreauth_rock rock, krb5_gic_opt_ext *opte,
krb5_boolean *got_real_out)
{
size_t i, h;
int out_pa_list_size = 0;
krb5_pa_data **out_pa_list = NULL;
krb5_error_code ret, module_ret;
krb5_responder_fn responder = opte->opt_private->responder;
static const int paorder[] = { PA_INFO, PA_REAL };
*out_padata = NULL;
*got_real_out = FALSE;
if (in_padata == NULL)
return 0;
TRACE_PREAUTH_INPUT(context, in_padata);
/* Scan the padata list and process etype-info or salt elements. */
ret = get_etype_info(context, in_padata, request, rock);
if (ret)
return ret;
/* Copy the cookie if there is one. */
ret = copy_cookie(context, in_padata, &out_pa_list, &out_pa_list_size);
if (ret)
goto error;
if (krb5int_find_pa_data(context, in_padata,
KRB5_PADATA_S4U_X509_USER) != NULL) {
/* Fulfill a private contract with krb5_get_credentials_for_user. */
ret = add_s4u_x509_user_padata(context, *rock->gak_data,
request->client, &out_pa_list,
&out_pa_list_size);
if (ret)
goto error;
}
/* If we can't initialize the preauth context, stop with what we have. */
krb5_init_preauth_context(context);
if (context->preauth_context == NULL) {
*out_padata = out_pa_list;
goto error;
}
/* Get a list of response items for in_padata from the preauth modules. */
ret = fill_response_items(context, request, encoded_request_body,
encoded_previous_request, in_padata, rock, opte);
if (ret)
goto error;
/* Call the responder to answer response items. */
if (responder != NULL && !k5_response_items_empty(rock->rctx.items)) {
ret = (*responder)(context, opte->opt_private->responder_data,
&rock->rctx);
if (ret)
goto error;
}
/* Produce output padata, first from all the informational preauths, then
* the from first real one. */
for (h = 0; h < sizeof(paorder) / sizeof(paorder[0]); h++) {
for (i = 0; in_padata[i] != NULL; i++) {
#ifdef DEBUG
fprintf (stderr, "trying modules for pa_type %d, flag %d\n",
in_padata[i]->pa_type, paorder[h]);
#endif
ret = run_preauth_plugins(context, paorder[h], request,
encoded_request_body,
encoded_previous_request, in_padata[i],
prompter, prompter_data, rock,
&out_pa_list, &out_pa_list_size,
&module_ret, opte);
if (ret == 0 && module_ret == 0 && paorder[h] == PA_REAL) {
*got_real_out = TRUE;
break;
}
}
}
TRACE_PREAUTH_OUTPUT(context, out_pa_list);
*out_padata = out_pa_list;
return 0;
error:
krb5_free_pa_data(context, out_pa_list);
return ret;
}
