svn rev #25347: trunk/src/kdc/

Sat Oct 15 11:03:17 EDT 2011

http://src.mit.edu/fisheye/changelog/krb5/?cs=25347
Commit By: ghudson
Log Message:
Make get_preauth_hint_list respond via callback.

>From npmccallum at redhat.com with changes.


Changed Files:
U   trunk/src/kdc/do_as_req.c
U   trunk/src/kdc/kdc_preauth.c
U   trunk/src/kdc/kdc_util.h
Modified: trunk/src/kdc/do_as_req.c
===================================================================

--- trunk/src/kdc/do_as_req.c	2011-10-15 15:03:10 UTC (rev 25346)
+++ trunk/src/kdc/do_as_req.c	2011-10-15 15:03:17 UTC (rev 25347)
@@ -124,6 +124,8 @@
     char *sname, *cname;
     void *pa_context;
     const krb5_fulladdr *from;
+
+    krb5_error_code preauth_err;
 };
 
 static void
@@ -147,20 +149,6 @@
     if (errcode)
         goto egress;
 
-    /*
-     * Final check before handing out ticket: If the client requires
-     * preauthentication, verify that the proper kind of
-     * preauthentication was carried out.
-     */
-    state->status = missing_required_preauth(state->client,
-                                            state->server,
-                                            &state->enc_tkt_reply);
-    if (state->status) {
-        errcode = KRB5KDC_ERR_PREAUTH_REQUIRED;
-        get_preauth_hint_list(state->request, &state->rock, &state->e_data);
-        goto egress;
-    }
-
     if ((errcode = validate_forwardable(state->request, *state->client,
                                         *state->server, state->kdc_time,
                                         &state->status))) {
@@ -418,21 +406,46 @@
 }
 
 static void
-finish_preauth(void *arg, krb5_error_code errcode)
+finish_missing_required_preauth(void *arg)
 {
+    struct as_req_state *state = (struct as_req_state *)arg;
+
+    finish_process_as_req(state, state->preauth_err);
+}
+
+static void
+finish_preauth(void *arg, krb5_error_code code)
+{
     struct as_req_state *state = arg;
+    krb5_error_code real_code = code;
 
-    if (errcode) {
-        if (errcode == KRB5KDC_ERR_PREAUTH_FAILED)
-            get_preauth_hint_list(state->request, &state->rock,
-                                  &state->e_data);
-
+    if (code) {
+        if (vague_errors)
+            code = KRB5KRB_ERR_GENERIC;
         state->status = "PREAUTH_FAILED";
-        if (vague_errors)
-            errcode = KRB5KRB_ERR_GENERIC;
+        if (real_code == KRB5KDC_ERR_PREAUTH_FAILED) {
+            state->preauth_err = code;
+            get_preauth_hint_list(state->request, &state->rock, &state->e_data,
+                                  finish_missing_required_preauth, state);
+            return;
+        }
+    } else {
+        /*
+         * Final check before handing out ticket: If the client requires
+         * preauthentication, verify that the proper kind of
+         * preauthentication was carried out.
+         */
+        state->status = missing_required_preauth(state->client, state->server,
+                                                 &state->enc_tkt_reply);
+        if (state->status) {
+            state->preauth_err = KRB5KDC_ERR_PREAUTH_REQUIRED;
+            get_preauth_hint_list(state->request, &state->rock, &state->e_data,
+                                  finish_missing_required_preauth, state);
+            return;
+        }
     }
 
-    finish_process_as_req(state, errcode);
+    finish_process_as_req(state, code);
 }
 
 /*ARGSUSED*/
@@ -761,8 +774,9 @@
                      state->request, &state->enc_tkt_reply, &state->pa_context,
                      &state->e_data, &state->typed_e_data, finish_preauth,
                      state);
-        return;
-    }
+    } else
+        finish_preauth(state, 0);
+    return;
 
 errout:
     finish_process_as_req(state, errcode);

Modified: trunk/src/kdc/kdc_preauth.c
===================================================================
--- trunk/src/kdc/kdc_preauth.c	2011-10-15 15:03:10 UTC (rev 25346)
+++ trunk/src/kdc/kdc_preauth.c	2011-10-15 15:03:17 UTC (rev 25347)
@@ -746,7 +746,8 @@
 
 void
 get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
-                      krb5_pa_data ***e_data_out)
+                      krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
+                      void *arg)
 {
     int hw_only;
     preauth_system *ap;
@@ -758,8 +759,10 @@
     hw_only = isflagset(rock->client->attributes, KRB5_KDB_REQUIRES_HW_AUTH);
     /* Allocate two extra entries for the cookie and the terminator. */
     pa_data = calloc(n_preauth_systems + 2, sizeof(krb5_pa_data *));
-    if (pa_data == 0)
+    if (pa_data == 0) {
+        (*respond)(arg);
         return;
+    }
     pa = pa_data;
 
     for (ap = preauth_systems; ap->type != -1; ap++) {
@@ -801,7 +804,7 @@
 
 errout:
     krb5_free_pa_data(kdc_context, pa_data);
-    return;
+    (*respond)(arg);
 }
 
 /*

Modified: trunk/src/kdc/kdc_util.h
===================================================================
--- trunk/src/kdc/kdc_util.h	2011-10-15 15:03:10 UTC (rev 25346)
+++ trunk/src/kdc/kdc_util.h	2011-10-15 15:03:17 UTC (rev 25347)
@@ -166,9 +166,11 @@
 missing_required_preauth (krb5_db_entry *client,
                           krb5_db_entry *server,
                           krb5_enc_tkt_part *enc_tkt_reply);
+typedef void (*kdc_hint_respond_fn)(void *arg);
 void
 get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
-                      krb5_pa_data ***e_data_out);
+                      krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
+                      void *arg);
 void
 load_preauth_plugins(krb5_context context);
 void


