From 5c23bce0e8d3328bb36bc85ee10cfac486b8ae9b Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 23 Oct 2012 13:02:12 -0400 Subject: Use a proper consumer interface for clpreauth In preauth2.c, use wrapper functions for calls to clpreauth functions. Get rid of the expanded-out module table, instead using a helper function to find the handle for a preauth type. Replace use counts with a list of previously processed pa types. Check for pa type conflicts when loading clpreauth modules. --- src/include/k5-trace.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src/include') diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h index df7159fe5..53dcba54c 100644 --- a/src/include/k5-trace.h +++ b/src/include/k5-trace.h @@ -235,6 +235,9 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); #define TRACE_MSPAC_DISCARD_UNVERF(c) \ TRACE(c, "Filtering out unverified MS PAC") +#define TRACE_PREAUTH_CONFLICT(c, name1, name2, patype) \ + TRACE(c, "Preauth module {str} conflicts with module {str} for pa " \ + "type {int}", name1, name2, (int) patype) #define TRACE_PREAUTH_COOKIE(c, len, data) \ TRACE(c, "Received cookie: {lenstr}", (size_t) len, data) #define TRACE_PREAUTH_ENC_TS_KEY_GAK(c, keyblock) \ @@ -252,9 +255,9 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); TRACE(c, "Processing preauth types: {patypes}", padata) #define TRACE_PREAUTH_OUTPUT(c, padata) \ TRACE(c, "Produced preauth for next request: {patypes}", padata) -#define TRACE_PREAUTH_PROCESS(c, name, patype, flags, code) \ - TRACE(c, "Preauth module {str} ({int}) (flags={int}) returned: " \ - "{kerr}", name, (int) patype, flags, code) +#define TRACE_PREAUTH_PROCESS(c, name, patype, real, code) \ + TRACE(c, "Preauth module {str} ({int}) ({str}) returned: " \ + "{kerr}", name, (int) patype, real ? "real" : "info", code) #define TRACE_PREAUTH_SAM_KEY_GAK(c, keyblock) \ TRACE(c, "AS key obtained for SAM: {keyblock}", keyblock) #define TRACE_PREAUTH_SALT(c, salt, patype) \ -- cgit