diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-10-05 17:27:15 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-10-05 17:27:15 +0000 |
| commit | 4902dd11b115320f252f73d59a692db9ad7dd600 (patch) | |
| tree | 2c05d6c2742979f5829012ec16c1b224e4f8cfc9 /src/kdc/kdc_util.h | |
| parent | 57a52177feee207d8b3f4bd0fbf7a3d7ee09c070 (diff) | |
| download | krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.gz krb5-4902dd11b115320f252f73d59a692db9ad7dd600.tar.xz krb5-4902dd11b115320f252f73d59a692db9ad7dd600.zip | |
Use an opaque handle in the kdcpreauth callback
Instead of passing a request and entry to the kdcpreauth get_data
callback, pass an opaque handle. Remove DB entry and key data
parameters from kdcpreauth methods (but keep the request, since that's
transparent).
The SecurID plugin links against libkdb5 and needs access to the client
DB entry. Rather than continue to pass a DB entry to kdcpreauth
methods, add a get_data callback to get the client DB entry for the few
plugins which might need it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25300 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.h')
| -rw-r--r-- | src/kdc/kdc_util.h | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index e0be83fe6..6d91822ff 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -167,10 +167,8 @@ missing_required_preauth (krb5_db_entry *client, krb5_db_entry *server, krb5_enc_tkt_part *enc_tkt_reply); void -get_preauth_hint_list (krb5_kdc_req * request, - krb5_db_entry *client, - krb5_db_entry *server, - krb5_pa_data ***e_data_out); +get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock, + krb5_pa_data ***e_data_out); void load_preauth_plugins(krb5_context context); void @@ -179,18 +177,16 @@ unload_preauth_plugins(krb5_context context); typedef void (*kdc_preauth_respond_fn)(void *arg, krb5_error_code code); void -check_padata (krb5_context context, krb5_db_entry *client, krb5_data *req_pkt, - krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, - void **padata_context, krb5_pa_data ***e_data, - krb5_boolean *typed_e_data, kdc_preauth_respond_fn respond, - void *state); +check_padata(krb5_context context, krb5_kdcpreauth_rock rock, + krb5_data *req_pkt, krb5_kdc_req *request, + krb5_enc_tkt_part *enc_tkt_reply, void **padata_context, + krb5_pa_data ***e_data, krb5_boolean *typed_e_data, + kdc_preauth_respond_fn respond, void *state); krb5_error_code -return_padata (krb5_context context, krb5_db_entry *client, - krb5_data *req_pkt, krb5_kdc_req *request, - krb5_kdc_rep *reply, - krb5_key_data *client_key, krb5_keyblock *encrypting_key, - void **padata_context); +return_padata(krb5_context context, krb5_kdcpreauth_rock rock, + krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply, + krb5_keyblock *encrypting_key, void **padata_context); void free_padata_context(krb5_context context, void *padata_context); @@ -380,6 +376,13 @@ krb5_error_code krb5int_get_domain_realm_mapping(krb5_context context, const char *host, char ***realmsp); +/* Information handle for kdcpreauth callbacks. All pointers are aliases. */ +struct krb5_kdcpreauth_rock_st { + krb5_kdc_req *request; + krb5_db_entry *client; + krb5_key_data *client_key; + struct kdc_request_state *rstate; +}; #define isflagset(flagfield, flag) (flagfield & (flag)) #define setflag(flagfield, flag) (flagfield |= (flag)) |