diff options
| author | Tom Yu <tlyu@mit.edu> | 2012-09-07 20:18:41 -0400 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2012-10-15 19:41:14 -0400 |
| commit | 0a2f14f752c32a24200363cc6b6ae64a92f81379 (patch) | |
| tree | 707f1dce91dfbe42df0eead38b33cbf7728d9703 /src/kdc/kdc_util.h | |
| parent | 1a3f548db030b764f46820c342fb2abb226dc43b (diff) | |
| download | krb5-0a2f14f752c32a24200363cc6b6ae64a92f81379.tar.gz krb5-0a2f14f752c32a24200363cc6b6ae64a92f81379.tar.xz krb5-0a2f14f752c32a24200363cc6b6ae64a92f81379.zip | |
Eliminate some KDC globals
Make kdc_active_realm a local variable in every function that needs
it. Pass it around in various state structures as needed. Keep the
macros that reference its members remain for now.
Diffstat (limited to 'src/kdc/kdc_util.h')
| -rw-r--r-- | src/kdc/kdc_util.h | 64 |
1 files changed, 25 insertions, 39 deletions
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 0cd7989fc..2f215a741 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -32,10 +32,12 @@ #include "kdb.h" #include "net-server.h" +#include "realm_data.h" +#include "reqstate.h" krb5_error_code check_hot_list (krb5_ticket *); -krb5_boolean realm_compare (krb5_const_principal, krb5_const_principal); -krb5_boolean is_local_principal(krb5_const_principal princ1); +krb5_boolean is_local_principal(kdc_realm_t *kdc_active_realm, + krb5_const_principal princ1); krb5_boolean krb5_is_tgs_principal (krb5_const_principal); krb5_boolean is_cross_tgs_principal(krb5_const_principal); krb5_error_code @@ -49,7 +51,8 @@ compress_transited (krb5_data *, krb5_principal, krb5_data *); krb5_error_code -concat_authorization_data (krb5_authdata **, +concat_authorization_data (krb5_context, + krb5_authdata **, krb5_authdata **, krb5_authdata ***); krb5_error_code @@ -58,7 +61,7 @@ fetch_last_req_info (krb5_db_entry *, krb5_last_req_entry ***); krb5_error_code kdc_convert_key (krb5_keyblock *, krb5_keyblock *, int); krb5_error_code -kdc_process_tgs_req (krb5_kdc_req *, +kdc_process_tgs_req (kdc_realm_t *, krb5_kdc_req *, const krb5_fulladdr *, krb5_data *, krb5_ticket **, @@ -67,12 +70,12 @@ kdc_process_tgs_req (krb5_kdc_req *, krb5_pa_data **pa_tgs_req); krb5_error_code -kdc_get_server_key (krb5_ticket *, unsigned int, +kdc_get_server_key (krb5_context, krb5_ticket *, unsigned int, krb5_boolean match_enctype, krb5_db_entry **, krb5_keyblock **, krb5_kvno *); int -validate_as_request (krb5_kdc_req *, krb5_db_entry, +validate_as_request (kdc_realm_t *, krb5_kdc_req *, krb5_db_entry, krb5_db_entry, krb5_timestamp, const char **, krb5_pa_data ***); @@ -82,7 +85,7 @@ validate_forwardable(krb5_kdc_req *, krb5_db_entry, const char **); int -validate_tgs_request (krb5_kdc_req *, krb5_db_entry, +validate_tgs_request (kdc_realm_t *, krb5_kdc_req *, krb5_db_entry, krb5_ticket *, krb5_timestamp, const char **, krb5_pa_data ***); @@ -90,7 +93,7 @@ int fetch_asn1_field (unsigned char *, unsigned int, unsigned int, krb5_data *); krb5_enctype -select_session_keytype (krb5_context context, +select_session_keytype (kdc_realm_t *kdc_active_realm, krb5_db_entry *server, int nktypes, krb5_enctype *ktypes); @@ -106,12 +109,12 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep); /* do_as_req.c */ void process_as_req (krb5_kdc_req *, krb5_data *, - const krb5_fulladdr *, + const krb5_fulladdr *, kdc_realm_t *, verto_ctx *, loop_respond_fn, void *); /* do_tgs_req.c */ krb5_error_code -process_tgs_req (krb5_data *, +process_tgs_req (struct server_handle *, krb5_data *, const krb5_fulladdr *, krb5_data ** ); /* dispatch.c */ @@ -125,8 +128,6 @@ dispatch (void *, loop_respond_fn, void *); -krb5_error_code -setup_server_realm (krb5_principal); void kdc_err(krb5_context call_context, errcode_t code, const char *fmt, ...) #if !defined(__cplusplus) && (__GNUC__ > 2) @@ -159,7 +160,7 @@ get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond, void *arg); void -load_preauth_plugins(krb5_context context); +load_preauth_plugins(struct server_handle * handle, krb5_context context); void unload_preauth_plugins(krb5_context context); @@ -180,9 +181,6 @@ return_padata(krb5_context context, krb5_kdcpreauth_rock rock, void free_padata_context(krb5_context context, void *padata_context); -krb5_pa_data * -find_pa_data (krb5_pa_data **padata, krb5_preauthtype pa_type); - krb5_error_code add_pa_data_element (krb5_context context, krb5_pa_data *padata, @@ -222,13 +220,13 @@ handle_authdata (krb5_context context, /* replay.c */ krb5_error_code kdc_init_lookaside(krb5_context context); -krb5_boolean kdc_check_lookaside (krb5_data *, krb5_data **); -void kdc_insert_lookaside (krb5_data *, krb5_data *); +krb5_boolean kdc_check_lookaside (krb5_context, krb5_data *, krb5_data **); +void kdc_insert_lookaside (krb5_context, krb5_data *, krb5_data *); void kdc_remove_lookaside (krb5_context kcontext, krb5_data *); void kdc_free_lookaside(krb5_context); /* kdc_util.c */ -void reset_for_hangup(void); +void reset_for_hangup(void *); krb5_boolean include_pac_p(krb5_context context, krb5_kdc_req *request); @@ -242,7 +240,7 @@ return_enc_padata(krb5_context context, krb5_boolean is_referral); krb5_error_code -kdc_process_s4u2self_req (krb5_context context, +kdc_process_s4u2self_req (kdc_realm_t *kdc_active_realm, krb5_kdc_req *request, krb5_const_principal client_princ, const krb5_db_entry *server, @@ -262,7 +260,7 @@ kdc_make_s4u2self_rep (krb5_context context, krb5_enc_kdc_rep_part *reply_encpart); krb5_error_code -kdc_process_s4u2proxy_req (krb5_context context, +kdc_process_s4u2proxy_req (kdc_realm_t *kdc_active_realm, krb5_kdc_req *request, const krb5_enc_tkt_part *t2enc, const krb5_db_entry *server, @@ -271,7 +269,7 @@ kdc_process_s4u2proxy_req (krb5_context context, const char **status); krb5_error_code -kdc_check_transited_list (krb5_context context, +kdc_check_transited_list (kdc_realm_t *kdc_active_realm, const krb5_data *trans, const krb5_data *realm1, const krb5_data *realm2); @@ -296,7 +294,7 @@ validate_transit_path(krb5_context context, krb5_db_entry *server, krb5_db_entry *krbtgt); void -kdc_get_ticket_endtime(krb5_context context, +kdc_get_ticket_endtime(kdc_realm_t *kdc_active_realm, krb5_timestamp now, krb5_timestamp endtime, krb5_timestamp till, @@ -305,7 +303,7 @@ kdc_get_ticket_endtime(krb5_context context, krb5_timestamp *out_endtime); void -log_as_req(const krb5_fulladdr *from, +log_as_req(krb5_context context, const krb5_fulladdr *from, krb5_kdc_req *request, krb5_kdc_rep *reply, krb5_db_entry *client, const char *cname, krb5_db_entry *server, const char *sname, @@ -319,20 +317,7 @@ log_tgs_req(const krb5_fulladdr *from, unsigned int c_flags, const char *s4u_name, const char *status, krb5_error_code errcode, const char *emsg); void -log_tgs_alt_tgt(krb5_principal p); - -/*Request state*/ - -struct kdc_request_state { - krb5_keyblock *armor_key; - krb5_keyblock *strengthen_key; - krb5_pa_data *cookie; - krb5_int32 fast_options; - krb5_int32 fast_internal_flags; -}; - -krb5_error_code kdc_make_rstate(struct kdc_request_state **out); -void kdc_free_rstate (struct kdc_request_state *s); +log_tgs_alt_tgt(krb5_context context, krb5_principal p); /* FAST*/ enum krb5_fast_kdc_flags { @@ -374,7 +359,8 @@ krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state, krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state, krb5_pa_data **cookie); krb5_error_code -kdc_handle_protected_negotiation( krb5_data *req_pkt, krb5_kdc_req *request, +kdc_handle_protected_negotiation( krb5_context context, + krb5_data *req_pkt, krb5_kdc_req *request, const krb5_keyblock *reply_key, krb5_pa_data ***out_enc_padata); krb5_error_code |