diff options
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/fast_factor.h | 15 | ||||
| -rw-r--r-- | src/include/krb5/krb5.hin | 7 | ||||
| -rw-r--r-- | src/include/krb5/preauth_plugin.h | 32 |
3 files changed, 22 insertions, 32 deletions
diff --git a/src/include/fast_factor.h b/src/include/fast_factor.h index 42f1b27a7..734d37779 100644 --- a/src/include/fast_factor.h +++ b/src/include/fast_factor.h @@ -47,20 +47,17 @@ fast_get_armor_key(krb5_context context, krb5_clpreauth_get_data_fn get_data, static inline krb5_error_code fast_kdc_get_armor_key(krb5_context context, - krb5_kdcpreauth_get_data_fn get_entry, - krb5_kdc_req *request, - struct _krb5_db_entry_new *client, + krb5_kdcpreauth_get_data_fn get_data, + krb5_kdcpreauth_rock rock, krb5_keyblock **armor_key) { krb5_error_code retval; krb5_data *data; - retval = get_entry(context, request, client, krb5_kdcpreauth_fast_armor, - &data); + retval = (*get_data)(context, rock, krb5_kdcpreauth_fast_armor, &data); if (retval == 0) { *armor_key = (krb5_keyblock *) data->data; data->data = NULL; - get_entry(context, request, client, - krb5_kdcpreauth_free_fast_armor, &data); + (*get_data)(context, rock, krb5_kdcpreauth_free_fast_armor, &data); } return retval; } @@ -69,8 +66,8 @@ fast_kdc_get_armor_key(krb5_context context, static inline krb5_error_code fast_kdc_replace_reply_key(krb5_context context, - krb5_kdcpreauth_get_data_fn get_data, - krb5_kdc_req *request) + krb5_kdcpreauth_get_data_fn get, + krb5_kdcpreauth_rock rock) { return 0; } diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index 935ac8640..3d9dbbfb7 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -2012,13 +2012,6 @@ typedef struct _krb5_kdc_req { krb5_enc_data authorization_data; /**< Encrypted authz data (optional) */ krb5_authdata **unenc_authdata; /**< Unencrypted authz data */ krb5_ticket **second_ticket; /**< Second ticket array (optional) */ - /* - * The following field is added in March 2009; it is a hack so that FAST - * state can be carried to pre-authentication plugins. A new plugin - * interface may be a better long-term approach. It is believed to be safe - * to extend this structure because it is not found in any public APIs. - */ - void *kdc_state; } krb5_kdc_req; /** diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index 3f9dfcc35..c64cc3699 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -324,10 +324,8 @@ typedef struct krb5_clpreauth_vtable_st { * kdcpreauth plugin interface definition. */ -/* While arguments of these types are passed in, they are opaque to kdcpreauth - * modules. */ -struct _krb5_db_entry_new; -struct _krb5_key_data; +/* Abstract type for a KDC callback data handle. */ +typedef struct krb5_kdcpreauth_rock_st *krb5_kdcpreauth_rock; /* Abstract type for module data and per-request module data. */ typedef struct krb5_kdcpreauth_moddata_st *krb5_kdcpreauth_moddata; @@ -346,8 +344,9 @@ enum krb5_kdcpreauth_request_type { krb5_kdcpreauth_max_time_skew = 2, /* * The returned krb5_data_item holds an array of krb5_keyblock structures, - * terminated by an entry with key type = 0. Each keyblock should have its - * contents freed in turn, and then the data item itself should be freed. + * containing the client keys, terminated by an entry with key type = 0. + * Each keyblock should have its contents freed in turn, and then the data + * item itself should be freed. */ krb5_kdcpreauth_keys = 3, /* @@ -368,13 +367,16 @@ enum krb5_kdcpreauth_request_type { * the keyblock using krb5_free_keyblock; in that case, this function * simply frees the data. */ - krb5_kdcpreauth_free_fast_armor = 6 + krb5_kdcpreauth_free_fast_armor = 6, + /* + * The returned krb5_data contains a pointer to the client DB entry. The + * pointer is an alias and should not be freed. + */ + krb5_kdcpreauth_get_client = 7 }; typedef krb5_error_code -(*krb5_kdcpreauth_get_data_fn)(krb5_context context, krb5_kdc_req *request, - struct _krb5_db_entry_new *entry, - krb5_int32 request_type, - krb5_data **); +(*krb5_kdcpreauth_get_data_fn)(krb5_context context, krb5_kdcpreauth_rock rock, + krb5_int32 request_type, krb5_data **); /* Optional: preauth plugin initialization function. */ typedef krb5_error_code @@ -411,9 +413,8 @@ typedef int */ typedef krb5_error_code (*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request, - struct _krb5_db_entry_new *client, - struct _krb5_db_entry_new *server, krb5_kdcpreauth_get_data_fn get_data, + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_pa_data *pa_out); @@ -441,11 +442,11 @@ typedef void */ typedef void (*krb5_kdcpreauth_verify_fn)(krb5_context context, - struct _krb5_db_entry_new *client, krb5_data *req_pkt, krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data, krb5_kdcpreauth_get_data_fn get_data, + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_verify_respond_fn respond, void *arg); @@ -458,14 +459,13 @@ typedef void typedef krb5_error_code (*krb5_kdcpreauth_return_fn)(krb5_context context, krb5_pa_data *padata, - struct _krb5_db_entry_new *client, krb5_data *req_pkt, krb5_kdc_req *request, krb5_kdc_rep *reply, - struct _krb5_key_data *client_keys, krb5_keyblock *encrypting_key, krb5_pa_data **send_pa_out, krb5_kdcpreauth_get_data_fn get_data, + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq); |