diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-10-05 17:27:15 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-10-05 17:27:15 +0000 |
| commit | 4902dd11b115320f252f73d59a692db9ad7dd600 (patch) | |
| tree | 2c05d6c2742979f5829012ec16c1b224e4f8cfc9 /src/plugins/preauth/pkinit | |
| parent | 57a52177feee207d8b3f4bd0fbf7a3d7ee09c070 (diff) | |
| download | krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.gz krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.xz krb5-4902dd11b115320f252f73d59a692db9ad7dd600.zip | |
Use an opaque handle in the kdcpreauth callback
Instead of passing a request and entry to the kdcpreauth get_data
callback, pass an opaque handle. Remove DB entry and key data
parameters from kdcpreauth methods (but keep the request, since that's
transparent).
The SecurID plugin links against libkdb5 and needs access to the client
DB entry. Rather than continue to pass a DB entry to kdcpreauth
methods, add a get_data callback to get the client DB entry for the few
plugins which might need it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins/preauth/pkinit')
| -rw-r--r-- | src/plugins/preauth/pkinit/deps | 22 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_clnt.c | 2 | ||||
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_srv.c | 22 |
3 files changed, 21 insertions, 25 deletions
diff --git a/src/plugins/preauth/pkinit/deps b/src/plugins/preauth/pkinit/deps index 8ad6b14dba..ceff74918c 100644 --- a/src/plugins/preauth/pkinit/deps +++ b/src/plugins/preauth/pkinit/deps @@ -16,16 +16,16 @@ pkinit_accessor.so pkinit_accessor.po $(OUTPRE)pkinit_accessor.$(OBJEXT): \ pkinit_srv.so pkinit_srv.po $(OUTPRE)pkinit_srv.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(srcdir)/../fast_factor.h $(top_srcdir)/include/k5-buf.h \ - $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ - $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ - $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ - $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ - $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \ - $(top_srcdir)/include/krb5/plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \ - $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ - pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \ - pkinit_srv.c + $(COM_ERR_DEPS) $(top_srcdir)/include/fast_factor.h \ + $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \ + $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \ + $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \ + $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \ + $(top_srcdir)/include/k5-trace.h $(top_srcdir)/include/krb5.h \ + $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ + $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \ + $(top_srcdir)/include/socket-utils.h pkcs11.h pkinit.h \ + pkinit_accessor.h pkinit_crypto.h pkinit_srv.c pkinit_lib.so pkinit_lib.po $(OUTPRE)pkinit_lib.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \ @@ -49,7 +49,7 @@ pkinit_kdf_constants.so pkinit_kdf_constants.po $(OUTPRE)pkinit_kdf_constants.$( pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_kdf_constants.c pkinit_clnt.so pkinit_clnt.po $(OUTPRE)pkinit_clnt.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../fast_factor.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/fast_factor.h \ $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-platform.h \ $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5/plugin.h \ $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \ diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 4860e0712e..f8cfac5ad7 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -42,7 +42,7 @@ #include "pkinit.h" /* Remove when FAST PKINIT is settled. */ -#include "../fast_factor.h" +#include "fast_factor.h" /* * It is anticipated that all the special checks currently diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c index 2fbc243913..a79b25c295 100644 --- a/src/plugins/preauth/pkinit/pkinit_srv.c +++ b/src/plugins/preauth/pkinit/pkinit_srv.c @@ -38,7 +38,7 @@ #include "pkinit.h" /* Remove when FAST PKINIT is settled. */ -#include "../fast_factor.h" +#include "fast_factor.h" static krb5_error_code pkinit_init_kdc_req_context(krb5_context, pkinit_kdc_req_context *blob); @@ -101,9 +101,8 @@ cleanup: static krb5_error_code pkinit_server_get_edata(krb5_context context, krb5_kdc_req *request, - struct _krb5_db_entry_new *client, - struct _krb5_db_entry_new *server, - krb5_kdcpreauth_get_data_fn server_get_entry_data, + krb5_kdcpreauth_get_data_fn get, + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_pa_data *data) { @@ -114,8 +113,7 @@ pkinit_server_get_edata(krb5_context context, pkiDebug("pkinit_server_get_edata: entered!\n"); /* Remove (along with armor_key) when FAST PKINIT is settled. */ - retval = fast_kdc_get_armor_key(context, server_get_entry_data, request, - client, &armor_key); + retval = fast_kdc_get_armor_key(context, get, rock, &armor_key); if (retval == 0 && armor_key != NULL) { /* Don't advertise PKINIT if the client used FAST. */ krb5_free_keyblock(context, armor_key); @@ -289,12 +287,12 @@ out: static void pkinit_server_verify_padata(krb5_context context, - struct _krb5_db_entry_new * client, krb5_data *req_pkt, krb5_kdc_req * request, krb5_enc_tkt_part * enc_tkt_reply, krb5_pa_data * data, - krb5_kdcpreauth_get_data_fn server_get_entry_data, + krb5_kdcpreauth_get_data_fn get, + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_verify_respond_fn respond, void *arg) @@ -324,8 +322,7 @@ pkinit_server_verify_padata(krb5_context context, } /* Remove (along with armor_key) when FAST PKINIT is settled. */ - retval = fast_kdc_get_armor_key(context, server_get_entry_data, request, - client, &armor_key); + retval = fast_kdc_get_armor_key(context, get, rock, &armor_key); if (retval == 0 && armor_key != NULL) { /* Don't allow PKINIT if the client used FAST. */ krb5_free_keyblock(context, armor_key); @@ -697,14 +694,13 @@ cleanup: static krb5_error_code pkinit_server_return_padata(krb5_context context, krb5_pa_data * padata, - struct _krb5_db_entry_new * client, krb5_data *req_pkt, krb5_kdc_req * request, krb5_kdc_rep * reply, - struct _krb5_key_data * client_key, krb5_keyblock * encrypting_key, krb5_pa_data ** send_pa, - krb5_kdcpreauth_get_data_fn server_get_entry_data, + krb5_kdcpreauth_get_data_fn get, + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq) { |