From: Tom Yu <tlyu@mit.edu>
Date: Mon, 5 Dec 2011 20:16:05 +0000 (+0000)
Subject: pull up r25475 and r25479 from trunk
X-Git-Tag: krb5-1.10-alpha2~18
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=2989a193c5f7d6199f30de9d97043f276a369788;p=krb5.git

pull up r25475 and r25479 from trunk

 ------------------------------------------------------------------------
 r25479 | ghudson | 2011-11-19 17:06:15 -0500 (Sat, 19 Nov 2011) | 8 lines

 ticket: 7019

 Improve documentation in preauth_plugin.h

 Also declare the verto_context structure to ensure that it is has the
 proper scope when used as the return type of the event_context
 callback.

 ------------------------------------------------------------------------
 r25475 | ghudson | 2011-11-14 21:42:58 -0500 (Mon, 14 Nov 2011) | 9 lines

 ticket: 7019
 subject: Make verto context available to kdcpreauth modules
 target_version: 1.10
 tags: pullup

 Add an event_context callback to kdcpreauth.  Adjust the internal KDC
 and main loop interfaces to pass around the event context, and expose
 it to kdcpreauth modules via the rock.

ticket: 7019
version_fixed: 1.10
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-10@25510 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
index cbc57f147..a0b15a810 100644
--- a/src/include/krb5/preauth_plugin.h
+++ b/src/include/krb5/preauth_plugin.h
@@ -328,6 +328,10 @@ typedef struct krb5_kdcpreauth_rock_st *krb5_kdcpreauth_rock;
 typedef struct krb5_kdcpreauth_moddata_st *krb5_kdcpreauth_moddata;
 typedef struct krb5_kdcpreauth_modreq_st *krb5_kdcpreauth_modreq;
 
+/* The verto context structure type (typedef is in verto.h; we want to avoid a
+ * header dependency for the moment). */
+struct verto_context;
+
 /* Before using a callback after version 1, modules must check the vers
  * field of the callback structure. */
 typedef struct krb5_kdcpreauth_callbacks_st {
@@ -377,6 +381,11 @@ typedef struct krb5_kdcpreauth_callbacks_st {
      * avoid a dependency on a libkdb5 type). */
     void *(*client_entry)(krb5_context context, krb5_kdcpreauth_rock rock);
 
+    /* Get a pointer to the verto context which should be used by an
+     * asynchronous edata or verify method. */
+    struct verto_ctx *(*event_context)(krb5_context context,
+                                       krb5_kdcpreauth_rock rock);
+
     /* End of version 1 kdcpreauth callbacks. */
 } *krb5_kdcpreauth_callbacks;
 
@@ -417,9 +426,13 @@ typedef void
 
 /*
  * Optional: provide pa_data to send to the client as part of the "you need to
- * use preauthentication" error.  This function is not allowed to create a
- * modreq object because we have no guarantee that the client will ever make a
- * follow-up request, or that it will hit this KDC if it does.
+ * use preauthentication" error.  The implementation must invoke the respond
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
+ *
+ * This function is not allowed to create a modreq object because we have no
+ * guarantee that the client will ever make a follow-up request, or that it
+ * will hit this KDC if it does.
  */
 typedef void
 (*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request,
@@ -450,7 +463,8 @@ typedef void
  * Optional: verify preauthentication data sent by the client, setting the
  * TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags"
  * field as appropriate.  The implementation must invoke the respond function
- * when complete, whether successful or not.
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
  */
 typedef void
 (*krb5_kdcpreauth_verify_fn)(krb5_context context,
diff --git a/src/include/net-server.h b/src/include/net-server.h
index e84bdac24..43310ceb0 100644
--- a/src/include/net-server.h
+++ b/src/include/net-server.h
@@ -68,7 +68,7 @@ typedef void (*loop_respond_fn)(void *arg, krb5_error_code code,
                                 krb5_data *response);
 void dispatch(void *handle, struct sockaddr *local_addr,
               const krb5_fulladdr *remote_addr, krb5_data *request,
-              int is_tcp, loop_respond_fn respond, void *arg);
+              int is_tcp, verto_ctx *vctx, loop_respond_fn respond, void *arg);
 krb5_error_code make_toolong_error (void *handle, krb5_data **);
 
 /*
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 8e38cfd04..d2df5db73 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -442,7 +442,7 @@ bailout:
 void
 dispatch(void *handle, struct sockaddr *local_saddr,
          const krb5_fulladdr *remote_faddr, krb5_data *request, int is_tcp,
-         loop_respond_fn respond, void *arg)
+         verto_ctx *vctx, loop_respond_fn respond, void *arg)
 {
     krb5_error_code ret;
     krb5_keytab kt = NULL;
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index eeb95ff73..75e6f0a60 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -81,8 +81,9 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
 }
 
 void
-dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
-         krb5_data *pkt, int is_tcp, loop_respond_fn respond, void *arg)
+dispatch(void *cb, struct sockaddr *local_saddr,
+         const krb5_fulladdr *from, krb5_data *pkt, int is_tcp,
+         verto_ctx *vctx, loop_respond_fn respond, void *arg)
 {
     krb5_error_code retval;
     krb5_kdc_req *as_req;
@@ -166,7 +167,8 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
              * process_as_req frees the request if it is called
              */
             if (!(retval = setup_server_realm(as_req->server))) {
-                process_as_req(as_req, pkt, from, finish_dispatch, state);
+                process_as_req(as_req, pkt, from, vctx, finish_dispatch,
+                               state);
                 return;
             }
             else
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 08da953a1..5d7fc221c 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -452,7 +452,8 @@ finish_preauth(void *arg, krb5_error_code code)
 /*ARGSUSED*/
 void
 process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
-               const krb5_fulladdr *from, loop_respond_fn respond, void *arg)
+               const krb5_fulladdr *from, verto_ctx *vctx,
+               loop_respond_fn respond, void *arg)
 {
     krb5_error_code errcode;
     krb5_timestamp rtime;
@@ -531,6 +532,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     state->rock.request = state->request;
     state->rock.inner_body = state->inner_body;
     state->rock.rstate = state->rstate;
+    state->rock.vctx = vctx;
     if (!state->request->client) {
         state->status = "NULL_CLIENT";
         errcode = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 83f73dbbd..9d8cb3453 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -574,6 +574,12 @@ client_entry(krb5_context context, krb5_kdcpreauth_rock rock)
     return rock->client;
 }
 
+static verto_ctx *
+event_context(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->vctx;
+}
+
 static struct krb5_kdcpreauth_callbacks_st callbacks = {
     1,
     max_time_skew,
@@ -583,7 +589,8 @@ static struct krb5_kdcpreauth_callbacks_st callbacks = {
     fast_armor,
     get_string,
     free_string,
-    client_entry
+    client_entry,
+    event_context
 };
 
 static krb5_error_code
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index 3b146c72b..defb5bb79 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -121,7 +121,7 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
 void
 process_as_req (krb5_kdc_req *, krb5_data *,
                 const krb5_fulladdr *,
-                loop_respond_fn, void *);
+                verto_ctx *, loop_respond_fn, void *);
 
 /* do_tgs_req.c */
 krb5_error_code
@@ -135,6 +135,7 @@ dispatch (void *,
           const krb5_fulladdr *,
           krb5_data *,
           int,
+          verto_ctx *,
           loop_respond_fn,
           void *);
 
@@ -168,9 +169,9 @@ missing_required_preauth (krb5_db_entry *client,
                           krb5_enc_tkt_part *enc_tkt_reply);
 typedef void (*kdc_hint_respond_fn)(void *arg);
 void
-get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
-                      krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
-                      void *arg);
+get_preauth_hint_list(krb5_kdc_req *request,
+                      krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
+                      kdc_hint_respond_fn respond, void *arg);
 void
 load_preauth_plugins(krb5_context context);
 void
@@ -400,6 +401,7 @@ struct krb5_kdcpreauth_rock_st {
     krb5_db_entry *client;
     krb5_key_data *client_key;
     struct kdc_request_state *rstate;
+    verto_ctx *vctx;
 };
 
 #define isflagset(flagfield, flag) (flagfield & (flag))
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index 9df909fac..43be27c95 100644
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -1665,7 +1665,7 @@ process_packet(verto_ctx *ctx, verto_ev *ev)
     init_addr(&state->faddr, ss2sa(&state->saddr));
     /* This address is in net order. */
     dispatch(state->handle, ss2sa(&state->daddr), &state->faddr,
-             &state->request, 0, process_packet_response, state);
+             &state->request, 0, ctx, process_packet_response, state);
 }
 
 static int
@@ -1936,7 +1936,7 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
             local_saddrp = ss2sa(&state->local_saddr);
 
         dispatch(state->conn->handle, local_saddrp, &conn->faddr,
-                 &state->request, 1, process_tcp_response, state);
+                 &state->request, 1, ctx, process_tcp_response, state);
     }
 
     return;