svn rev #25479: trunk/src/include/krb5/
ghudson@MIT.EDU
ghudson at MIT.EDU
Sat Nov 19 17:06:15 EST 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25479
Commit By: ghudson
Log Message:
ticket: 7019
Improve documentation in preauth_plugin.h
Also declare the verto_context structure to ensure that it is has the
proper scope when used as the return type of the event_context
callback.
Changed Files:
U trunk/src/include/krb5/preauth_plugin.h
Modified: trunk/src/include/krb5/preauth_plugin.h
===================================================================
--- trunk/src/include/krb5/preauth_plugin.h 2011-11-18 18:58:59 UTC (rev 25478)
+++ trunk/src/include/krb5/preauth_plugin.h 2011-11-19 22:06:15 UTC (rev 25479)
@@ -328,6 +328,10 @@
typedef struct krb5_kdcpreauth_moddata_st *krb5_kdcpreauth_moddata;
typedef struct krb5_kdcpreauth_modreq_st *krb5_kdcpreauth_modreq;
+/* The verto context structure type (typedef is in verto.h; we want to avoid a
+ * header dependency for the moment). */
+struct verto_context;
+
/* Before using a callback after version 1, modules must check the vers
* field of the callback structure. */
typedef struct krb5_kdcpreauth_callbacks_st {
@@ -377,8 +381,8 @@
* avoid a dependency on a libkdb5 type). */
void *(*client_entry)(krb5_context context, krb5_kdcpreauth_rock rock);
- /* Get a pointer to the verto context an asynchronous plugin should
- * use to create events in the edata or verify method. */
+ /* Get a pointer to the verto context which should be used by an
+ * asynchronous edata or verify method. */
struct verto_ctx *(*event_context)(krb5_context context,
krb5_kdcpreauth_rock rock);
@@ -422,9 +426,13 @@
/*
* Optional: provide pa_data to send to the client as part of the "you need to
- * use preauthentication" error. This function is not allowed to create a
- * modreq object because we have no guarantee that the client will ever make a
- * follow-up request, or that it will hit this KDC if it does.
+ * use preauthentication" error. The implementation must invoke the respond
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
+ *
+ * This function is not allowed to create a modreq object because we have no
+ * guarantee that the client will ever make a follow-up request, or that it
+ * will hit this KDC if it does.
*/
typedef void
(*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request,
@@ -455,7 +463,8 @@
* Optional: verify preauthentication data sent by the client, setting the
* TKT_FLG_PRE_AUTH or TKT_FLG_HW_AUTH flag in the enc_tkt_reply's "flags"
* field as appropriate. The implementation must invoke the respond function
- * when complete, whether successful or not.
+ * when complete, whether successful or not, either before returning or
+ * asynchronously using the verto context returned by cb->event_context().
*/
typedef void
(*krb5_kdcpreauth_verify_fn)(krb5_context context,
More information about the cvs-krb5
mailing list