Use an opaque handle in the kdcpreauth callback

Instead of passing a request and entry to the kdcpreauth get_data callback, pass an opaque handle. Remove DB entry and key data parameters from kdcpreauth methods (but keep the request, since that's transparent). The SecurID plugin links against libkdb5 and needs access to the client DB entry. Rather than continue to pass a DB entry to kdcpreauth methods, add a get_data callback to get the client DB entry for the few plugins which might need it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2011-10-05 17:27:15 +0000
committer: Greg Hudson <ghudson@mit.edu> 2011-10-05 17:27:15 +0000
commit: 4902dd11b115320f252f73d59a692db9ad7dd600 (patch)
tree: 2c05d6c2742979f5829012ec16c1b224e4f8cfc9 /src/include/krb5/preauth_plugin.h
parent: 57a52177feee207d8b3f4bd0fbf7a3d7ee09c070 (diff)
download: krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.gz
krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.xz
krb5-4902dd11b115320f252f73d59a692db9ad7dd600.zip
1 files changed, 16 insertions, 16 deletions
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
index 3f9dfcc351..c64cc36997 100644
--- a/src/include/krb5/preauth_plugin.h
+++ b/src/include/krb5/preauth_plugin.h
@@ -324,10 +324,8 @@ typedef struct krb5_clpreauth_vtable_st {
  * kdcpreauth plugin interface definition.
  */
 
-/* While arguments of these types are passed in, they are opaque to kdcpreauth
- * modules. */
-struct _krb5_db_entry_new;
-struct _krb5_key_data;
+/* Abstract type for a KDC callback data handle. */
+typedef struct krb5_kdcpreauth_rock_st *krb5_kdcpreauth_rock;
 
 /* Abstract type for module data and per-request module data. */
 typedef struct krb5_kdcpreauth_moddata_st *krb5_kdcpreauth_moddata;
@@ -346,8 +344,9 @@ enum krb5_kdcpreauth_request_type {
     krb5_kdcpreauth_max_time_skew = 2,
     /*
      * The returned krb5_data_item holds an array of krb5_keyblock structures,
-     * terminated by an entry with key type = 0.  Each keyblock should have its
-     * contents freed in turn, and then the data item itself should be freed.
+     * containing the client keys, terminated by an entry with key type = 0.
+     * Each keyblock should have its contents freed in turn, and then the data
+     * item itself should be freed.
      */
     krb5_kdcpreauth_keys = 3,
     /*
@@ -368,13 +367,16 @@ enum krb5_kdcpreauth_request_type {
      * the keyblock using krb5_free_keyblock; in that case, this function
      * simply frees the data.
      */
-    krb5_kdcpreauth_free_fast_armor = 6
+    krb5_kdcpreauth_free_fast_armor = 6,
+    /*
+     * The returned krb5_data contains a pointer to the client DB entry.  The
+     * pointer is an alias and should not be freed.
+     */
+    krb5_kdcpreauth_get_client = 7
 };
 typedef krb5_error_code
-(*krb5_kdcpreauth_get_data_fn)(krb5_context context, krb5_kdc_req *request,
-                               struct _krb5_db_entry_new *entry,
-                               krb5_int32 request_type,
-                               krb5_data **);
+(*krb5_kdcpreauth_get_data_fn)(krb5_context context, krb5_kdcpreauth_rock rock,
+                               krb5_int32 request_type, krb5_data **);
 
 /* Optional: preauth plugin initialization function. */
 typedef krb5_error_code
@@ -411,9 +413,8 @@ typedef int
  */
 typedef krb5_error_code
 (*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request,
-                            struct _krb5_db_entry_new *client,
-                            struct _krb5_db_entry_new *server,
                             krb5_kdcpreauth_get_data_fn get_data,
+                            krb5_kdcpreauth_rock rock,
                             krb5_kdcpreauth_moddata moddata,
                             krb5_pa_data *pa_out);
 
@@ -441,11 +442,11 @@ typedef void
  */
 typedef void
 (*krb5_kdcpreauth_verify_fn)(krb5_context context,
-                             struct _krb5_db_entry_new *client,
                              krb5_data *req_pkt, krb5_kdc_req *request,
                              krb5_enc_tkt_part *enc_tkt_reply,
                              krb5_pa_data *data,
                              krb5_kdcpreauth_get_data_fn get_data,
+                             krb5_kdcpreauth_rock rock,
                              krb5_kdcpreauth_moddata moddata,
                              krb5_kdcpreauth_verify_respond_fn respond,
                              void *arg);
@@ -458,14 +459,13 @@ typedef void
 typedef krb5_error_code
 (*krb5_kdcpreauth_return_fn)(krb5_context context,
                              krb5_pa_data *padata,
-                             struct _krb5_db_entry_new *client,
                              krb5_data *req_pkt,
                              krb5_kdc_req *request,
                              krb5_kdc_rep *reply,
-                             struct _krb5_key_data *client_keys,
                              krb5_keyblock *encrypting_key,
                              krb5_pa_data **send_pa_out,
                              krb5_kdcpreauth_get_data_fn get_data,
+                             krb5_kdcpreauth_rock rock,
                              krb5_kdcpreauth_moddata moddata,
                              krb5_kdcpreauth_modreq modreq);
author	Greg Hudson <ghudson@mit.edu>	2011-10-05 17:27:15 +0000
committer	Greg Hudson <ghudson@mit.edu>	2011-10-05 17:27:15 +0000
commit	4902dd11b115320f252f73d59a692db9ad7dd600 (patch)
tree	2c05d6c2742979f5829012ec16c1b224e4f8cfc9 /src/include/krb5/preauth_plugin.h
parent	57a52177feee207d8b3f4bd0fbf7a3d7ee09c070 (diff)
download	krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.gz krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.xz krb5-4902dd11b115320f252f73d59a692db9ad7dd600.zip