diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-10-06 16:18:56 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-10-06 16:18:56 +0000 |
commit | 7003d3dbdfd0a7f4f6843068affb290c844ccb65 (patch) | |
tree | 2b31a19ce468926f02f471597b68cb60d3bffe82 /src/lib/krb5/krb/preauth2.c | |
parent | 72dc9d3ca51e6b54f088f7dc6a68c38504cde1d9 (diff) | |
download | krb5-7003d3dbdfd0a7f4f6843068affb290c844ccb65.tar.gz krb5-7003d3dbdfd0a7f4f6843068affb290c844ccb65.tar.xz krb5-7003d3dbdfd0a7f4f6843068affb290c844ccb65.zip |
Use type-safe callbacks in preauth interface
Replace the generic get_data functions in clpreauth and kdcpreauth
with structures containing callback functions. Each structure has a
minor version number to allow adding new callbacks.
For simplicity, the new fast armor key callbacks return aliases, which
is how we would supply the armor key as a function parameter. The new
client keys callback is paired with a free_keys callback to reduce the
amount of cleanup code needed in modules.
ticket: 6971
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25315 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/preauth2.c')
-rw-r--r-- | src/lib/krb5/krb/preauth2.c | 103 |
1 files changed, 16 insertions, 87 deletions
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index 9807eeafd..8c43938ef 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -372,94 +372,24 @@ grow_pa_list(krb5_pa_data ***out_pa_list, int *out_pa_list_size, return 0; } -/* - * Retrieve a specific piece of information required by the plugin and - * return it in a new krb5_data item. There are separate request_types - * to obtain the data and free it. - * - * This may require massaging data into a contrived format, but it will - * hopefully keep us from having to reveal library-internal functions - * or data to the plugin modules. - */ - -static krb5_error_code -client_data_proc(krb5_context kcontext, krb5_clpreauth_rock rock, - krb5_int32 request_type, krb5_data **retdata) +static krb5_enctype +get_etype(krb5_context context, krb5_clpreauth_rock rock) { - krb5_data *ret; - krb5_error_code retval; - char *data; - - if (rock->magic != CLIENT_ROCK_MAGIC) - return EINVAL; - if (retdata == NULL) - return EINVAL; + return *rock->etype; +} - switch (request_type) { - case krb5_clpreauth_get_etype: - { - krb5_enctype *eptr; - ret = malloc(sizeof(krb5_data)); - if (ret == NULL) - return ENOMEM; - data = malloc(sizeof(krb5_enctype)); - if (data == NULL) { - free(ret); - return ENOMEM; - } - ret->data = data; - ret->length = sizeof(krb5_enctype); - eptr = (krb5_enctype *)data; - *eptr = *rock->etype; - *retdata = ret; - return 0; - } - break; - case krb5_clpreauth_free_etype: - ret = *retdata; - if (ret == NULL) - return 0; - if (ret->data) - free(ret->data); - free(ret); - return 0; - break; - case krb5_clpreauth_fast_armor: { - krb5_keyblock *key = NULL; - ret = calloc(1, sizeof(krb5_data)); - if (ret == NULL) - return ENOMEM; - retval = 0; - if (rock->fast_state->armor_key) - retval = krb5_copy_keyblock(kcontext, rock->fast_state->armor_key, - &key); - if (retval == 0) { - ret->data = (char *) key; - ret->length = key?sizeof(krb5_keyblock):0; - key = NULL; - } - if (retval == 0) { - *retdata = ret; - ret = NULL; - } - if (ret) - free(ret); - return retval; - } - case krb5_clpreauth_free_fast_armor: - ret = *retdata; - if (ret) { - if (ret->data) - krb5_free_keyblock(kcontext, (krb5_keyblock *) ret->data); - free(ret); - *retdata = NULL; - } - return 0; - default: - return EINVAL; - } +static krb5_keyblock * +fast_armor(krb5_context context, krb5_clpreauth_rock rock) +{ + return rock->fast_state->armor_key; } +static struct krb5_clpreauth_callbacks_st callbacks = { + 1, + get_etype, + fast_armor +}; + /* Tweak the request body, for now adding any enctypes which the module claims * to add support for to the list, but in the future perhaps doing more * involved things. */ @@ -545,7 +475,7 @@ run_preauth_plugins(krb5_context kcontext, ret = module->client_process(kcontext, module->moddata, *module->modreq_p, (krb5_get_init_creds_opt *)opte, - client_data_proc, preauth_rock, + &callbacks, preauth_rock, request, encoded_request_body, encoded_previous_request, in_padata, prompter, prompter_data, gak_fct, @@ -1535,8 +1465,7 @@ krb5_do_preauth_tryagain(krb5_context kcontext, if ((*module->client_tryagain)(kcontext, module->moddata, *module->modreq_p, (krb5_get_init_creds_opt *)opte, - client_data_proc, - preauth_rock, + &callbacks, preauth_rock, request, encoded_request_body, encoded_previous_request, |