------------------------------------------------------------------------
r25479 | ghudson | 2011-11-19 17:06:15 -0500 (Sat, 19 Nov 2011) | 8 lines
ticket: 7019
Improve documentation in preauth_plugin.h
Also declare the verto_context structure to ensure that it is has the
proper scope when used as the return type of the event_context
callback.
------------------------------------------------------------------------
r25475 | ghudson | 2011-11-14 21:42:58 -0500 (Mon, 14 Nov 2011) | 9 lines
ticket: 7019
subject: Make verto context available to kdcpreauth modules
target_version: 1.10
tags: pullup
Add an event_context callback to kdcpreauth. Adjust the internal KDC
and main loop interfaces to pass around the event context, and expose
it to kdcpreauth modules via the rock.
ticket: 7019
version_fixed: 1.10
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25510
dc483132-0cff-0310-8789-
dd5450dbe970
typedef struct krb5_kdcpreauth_moddata_st *krb5_kdcpreauth_moddata;
typedef struct krb5_kdcpreauth_modreq_st *krb5_kdcpreauth_modreq;
+/* The verto context structure type (typedef is in verto.h; we want to avoid a
+ * header dependency for the moment). */
+struct verto_context;
+
/* Before using a callback after version 1, modules must check the vers
* field of the callback structure. */
typedef struct krb5_kdcpreauth_callbacks_st {
* avoid a dependency on a libkdb5 type). */
void *(*client_entry)(krb5_context context, krb5_kdcpreauth_rock rock);
+ /* Get a pointer to the verto context which should be used by an
+ * asynchronous edata or verify method. */
+ struct verto_ctx *(*event_context)(krb5_context context,
+ krb5_kdcpreauth_rock rock);
+
/* End of version 1 kdcpreauth callbacks. */
} *krb5_kdcpreauth_callbacks;
/*
* Optional: provide pa_data to send to the client as part of the "you need to
- * use preauthentication" error. This function is not allowed to create a
- * modreq object because we have no guarantee that the client will ever make a
- * follow-up request, or that it will hit this KDC if it does.
+ * use preauthentication" error. The implementation must invoke the respond
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
+ *
+ * This function is not allowed to create a modreq object because we have no
+ * guarantee that the client will ever make a follow-up request, or that it
+ * will hit this KDC if it does.
*/
typedef void
(*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request,
* Optional: verify preauthentication data sent by the client, setting the
* TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags"
* field as appropriate. The implementation must invoke the respond function
- * when complete, whether successful or not.
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
*/
typedef void
(*krb5_kdcpreauth_verify_fn)(krb5_context context,
krb5_data *response);
void dispatch(void *handle, struct sockaddr *local_addr,
const krb5_fulladdr *remote_addr, krb5_data *request,
- int is_tcp, loop_respond_fn respond, void *arg);
+ int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg);
krb5_error_code make_toolong_error (void *handle, krb5_data **);
/*
void
dispatch(void *handle, struct sockaddr *local_saddr,
const krb5_fulladdr *remote_faddr, krb5_data *request, int is_tcp,
- loop_respond_fn respond, void *arg)
+ verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code ret;
krb5_keytab kt = NULL;
}
void
-dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
- krb5_data *pkt, int is_tcp, loop_respond_fn respond, void *arg)
+dispatch(void *cb, struct sockaddr *local_saddr,
+ const krb5_fulladdr *from, krb5_data *pkt, int is_tcp,
+ verto_ctx *vctx, loop_respond_fn respond, void *arg)
{
krb5_error_code retval;
krb5_kdc_req *as_req;
* process_as_req frees the request if it is called
*/
if (!(retval = setup_server_realm(as_req->server))) {
- process_as_req(as_req, pkt, from, finish_dispatch, state);
+ process_as_req(as_req, pkt, from, vctx, finish_dispatch,
+ state);
return;
}
else
/*ARGSUSED*/
void
process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
- const krb5_fulladdr *from, loop_respond_fn respond, void *arg)
+ const krb5_fulladdr *from, verto_ctx *vctx,
+ loop_respond_fn respond, void *arg)
{
krb5_error_code errcode;
krb5_timestamp rtime;
state->rock.request = state->request;
state->rock.inner_body = state->inner_body;
state->rock.rstate = state->rstate;
+ state->rock.vctx = vctx;
if (!state->request->client) {
state->status = "NULL_CLIENT";
errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
return rock->client;
}
+static verto_ctx *
+event_context(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+ return rock->vctx;
+}
+
static struct krb5_kdcpreauth_callbacks_st callbacks = {
1,
max_time_skew,
fast_armor,
get_string,
free_string,
- client_entry
+ client_entry,
+ event_context
};
static krb5_error_code
void
process_as_req (krb5_kdc_req *, krb5_data *,
const krb5_fulladdr *,
- loop_respond_fn, void *);
+ verto_ctx *, loop_respond_fn, void *);
/* do_tgs_req.c */
krb5_error_code
const krb5_fulladdr *,
krb5_data *,
int,
+ verto_ctx *,
loop_respond_fn,
void *);
krb5_enc_tkt_part *enc_tkt_reply);
typedef void (*kdc_hint_respond_fn)(void *arg);
void
-get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
- krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
- void *arg);
+get_preauth_hint_list(krb5_kdc_req *request,
+ krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
+ kdc_hint_respond_fn respond, void *arg);
void
load_preauth_plugins(krb5_context context);
void
krb5_db_entry *client;
krb5_key_data *client_key;
struct kdc_request_state *rstate;
+ verto_ctx *vctx;
};
#define isflagset(flagfield, flag) (flagfield & (flag))
init_addr(&state->faddr, ss2sa(&state->saddr));
/* This address is in net order. */
dispatch(state->handle, ss2sa(&state->daddr), &state->faddr,
- &state->request, 0, process_packet_response, state);
+ &state->request, 0, ctx, process_packet_response, state);
}
static int
local_saddrp = ss2sa(&state->local_saddr);
dispatch(state->conn->handle, local_saddrp, &conn->faddr,
- &state->request, 1, process_tcp_response, state);
+ &state->request, 1, ctx, process_tcp_response, state);
}
return;
projects / krb5.git / commitdiff