[PATCH 2/2] pass the verto_ctx into preauth plugins
Nathaniel McCallum
npmccallum at redhat.com
Wed Nov 9 16:54:40 EST 2011
---
src/include/krb5/preauth_plugin.h | 7 +++-
src/include/net-server.h | 2 +-
src/kadmin/server/schpw.c | 2 +-
src/kdc/dispatch.c | 7 +++--
src/kdc/do_as_req.c | 12 ++++++---
src/kdc/kdc_preauth.c | 27 +++++++++++--------
src/kdc/kdc_preauth_ec.c | 10 +++---
src/kdc/kdc_preauth_encts.c | 10 +++---
src/kdc/kdc_util.h | 13 +++++----
src/lib/apputils/net-server.c | 4 +-
src/plugins/preauth/cksum_body/cksum_body_main.c | 5 ++-
src/plugins/preauth/pkinit/pkinit_srv.c | 6 +++-
.../preauth/securid_sam2/securid_sam2_main.c | 2 +-
src/plugins/preauth/wpse/wpse_main.c | 6 +++-
14 files changed, 66 insertions(+), 47 deletions(-)
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
index 869ebd5..44d97ab 100644
--- a/src/include/krb5/preauth_plugin.h
+++ b/src/include/krb5/preauth_plugin.h
@@ -74,6 +74,7 @@
#define KRB5_PREAUTH_PLUGIN_H_INCLUDED
#include <krb5/krb5.h>
#include <krb5/plugin.h>
+#include <verto.h>
/*
* Preauth mechanism property flags, unified from previous definitions in the
@@ -425,7 +426,8 @@ typedef void
* follow-up request, or that it will hit this KDC if it does.
*/
typedef void
-(*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request,
+(*krb5_kdcpreauth_edata_fn)(verto_ctx *ctx, krb5_context context,
+ krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb,
krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata,
@@ -456,7 +458,8 @@ typedef void
* when complete, whether successful or not.
*/
typedef void
-(*krb5_kdcpreauth_verify_fn)(krb5_context context,
+(*krb5_kdcpreauth_verify_fn)(verto_ctx *ctx,
+ krb5_context context,
krb5_data *req_pkt, krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply,
krb5_pa_data *data,
diff --git a/src/include/net-server.h b/src/include/net-server.h
index e84bdac..3cb8b34 100644
--- a/src/include/net-server.h
+++ b/src/include/net-server.h
@@ -66,7 +66,7 @@ void loop_free(verto_ctx *ctx);
*/
typedef void (*loop_respond_fn)(void *arg, krb5_error_code code,
krb5_data *response);
-void dispatch(void *handle, struct sockaddr *local_addr,
+void dispatch(verto_ctx *ctx, void *handle, struct sockaddr *local_addr,
const krb5_fulladdr *remote_addr, krb5_data *request,
int is_tcp, loop_respond_fn respond, void *arg);
krb5_error_code make_toolong_error (void *handle, krb5_data **);
diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
index 8e38cfd..2722488 100644
--- a/src/kadmin/server/schpw.c
+++ b/src/kadmin/server/schpw.c
@@ -440,7 +440,7 @@ bailout:
/* Dispatch routine for set/change password */
void
-dispatch(void *handle, struct sockaddr *local_saddr,
+dispatch(verto_ctx *ctx, void *handle, struct sockaddr *local_saddr,
const krb5_fulladdr *remote_faddr, krb5_data *request, int is_tcp,
loop_respond_fn respond, void *arg)
{
diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
index 1398a33..978dcd0 100644
--- a/src/kdc/dispatch.c
+++ b/src/kdc/dispatch.c
@@ -81,8 +81,9 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
}
void
-dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
- krb5_data *pkt, int is_tcp, loop_respond_fn respond, void *arg)
+dispatch(verto_ctx *ctx, void *cb, struct sockaddr *local_saddr,
+ const krb5_fulladdr *from, krb5_data *pkt, int is_tcp,
+ loop_respond_fn respond, void *arg)
{
krb5_error_code retval;
krb5_kdc_req *as_req;
@@ -166,7 +167,7 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
* process_as_req frees the request if it is called
*/
if (!(retval = setup_server_realm(as_req->server))) {
- process_as_req(as_req, pkt, from, finish_dispatch, state);
+ process_as_req(ctx, as_req, pkt, from, finish_dispatch, state);
return;
}
else
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 0d5cbe5..3c47136 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -102,6 +102,7 @@ struct as_req_state {
loop_respond_fn respond;
void *arg;
+ verto_ctx *ctx;
krb5_enc_tkt_part enc_tkt_reply;
krb5_enc_kdc_rep_part reply_encpart;
krb5_ticket ticket_reply;
@@ -425,7 +426,8 @@ finish_preauth(void *arg, krb5_error_code code)
if (real_code == KRB5KDC_ERR_PREAUTH_FAILED) {
state->preauth_err = code;
get_preauth_hint_list(state->request, &state->rock, &state->e_data,
- finish_missing_required_preauth, state);
+ state->ctx, finish_missing_required_preauth,
+ state);
return;
}
} else {
@@ -439,7 +441,8 @@ finish_preauth(void *arg, krb5_error_code code)
if (state->status) {
state->preauth_err = KRB5KDC_ERR_PREAUTH_REQUIRED;
get_preauth_hint_list(state->request, &state->rock, &state->e_data,
- finish_missing_required_preauth, state);
+ state->ctx, finish_missing_required_preauth,
+ state);
return;
}
}
@@ -449,7 +452,7 @@ finish_preauth(void *arg, krb5_error_code code)
/*ARGSUSED*/
void
-process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
+process_as_req(verto_ctx *ctx, krb5_kdc_req *request, krb5_data *req_pkt,
const krb5_fulladdr *from, loop_respond_fn respond, void *arg)
{
krb5_error_code errcode;
@@ -465,6 +468,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
(*respond)(arg, errcode, NULL);
return;
}
+ state->ctx = ctx;
state->respond = respond;
state->arg = arg;
state->request = request;
@@ -751,7 +755,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
* Check the preauthentication if it is there.
*/
if (state->request->padata) {
- check_padata(kdc_context, &state->rock, state->req_pkt,
+ check_padata(ctx, kdc_context, &state->rock, state->req_pkt,
state->request, &state->enc_tkt_reply, &state->pa_context,
&state->e_data, &state->typed_e_data, finish_preauth,
state);
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index c106027..4c3a4c5 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -105,13 +105,13 @@ typedef struct preauth_system_st {
} preauth_system;
static void
-get_etype_info(krb5_context context, krb5_kdc_req *request,
+get_etype_info(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
krb5_kdcpreauth_edata_respond_fn respond, void *arg);
static void
-get_etype_info2(krb5_context context, krb5_kdc_req *request,
+get_etype_info2(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
krb5_kdcpreauth_edata_respond_fn respond, void *arg);
@@ -751,6 +751,7 @@ struct hint_state {
void *arg;
kdc_realm_t *realm;
+ verto_ctx *ctx;
krb5_kdcpreauth_rock rock;
krb5_kdc_req *request;
krb5_pa_data ***e_data_out;
@@ -826,8 +827,9 @@ hint_list_next(struct hint_state *state)
state->pa_type = ap->type;
if (ap->get_edata) {
- ap->get_edata(kdc_context, state->request, &callbacks, state->rock,
- ap->moddata, ap->type, finish_get_edata, state);
+ ap->get_edata(state->ctx, kdc_context, state->request, &callbacks,
+ state->rock, ap->moddata, ap->type, finish_get_edata,
+ state);
} else
finish_get_edata(state, 0, NULL);
return;
@@ -838,9 +840,9 @@ next:
}
void
-get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
- krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
- void *arg)
+get_preauth_hint_list(verto_ctx *ctx, krb5_kdc_req *request,
+ krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
+ kdc_hint_respond_fn respond, void *arg)
{
struct hint_state *state;
@@ -852,6 +854,7 @@ get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
(*respond)(arg);
return;
}
+ state->ctx = ctx;
state->hw_only = isflagset(rock->client->attributes,
KRB5_KDB_REQUIRES_HW_AUTH);
state->respond = respond;
@@ -928,6 +931,7 @@ struct padata_state {
void *arg;
kdc_realm_t *realm;
+ verto_ctx *ctx;
krb5_kdcpreauth_modreq *modreq_ptr;
krb5_pa_data **padata;
int pa_found;
@@ -1130,7 +1134,7 @@ next_padata(struct padata_state *state)
goto next;
state->pa_found++;
- state->pa_sys->verify_padata(state->context, state->req_pkt,
+ state->pa_sys->verify_padata(state->ctx, state->context, state->req_pkt,
state->request, state->enc_tkt_reply,
*state->padata, &callbacks, state->rock,
state->pa_sys->moddata, finish_verify_padata,
@@ -1150,7 +1154,7 @@ next:
*/
void
-check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
+check_padata(verto_ctx *ctx, krb5_context context, krb5_kdcpreauth_rock rock,
krb5_data *req_pkt, krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply, void **padata_context,
krb5_pa_data ***e_data, krb5_boolean *typed_e_data,
@@ -1173,6 +1177,7 @@ check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
(*respond)(arg, ENOMEM);
return;
}
+ state->ctx = ctx;
state->respond = respond;
state->arg = arg;
state->context = context;
@@ -1457,7 +1462,7 @@ cleanup:
}
static void
-get_etype_info(krb5_context context, krb5_kdc_req *request,
+get_etype_info(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
krb5_kdcpreauth_edata_respond_fn respond, void *arg)
@@ -1476,7 +1481,7 @@ get_etype_info(krb5_context context, krb5_kdc_req *request,
}
static void
-get_etype_info2(krb5_context context, krb5_kdc_req *request,
+get_etype_info2(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
krb5_kdcpreauth_edata_respond_fn respond, void *arg)
diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c
index 9d7236c..620538c 100644
--- a/src/kdc/kdc_preauth_ec.c
+++ b/src/kdc/kdc_preauth_ec.c
@@ -34,7 +34,7 @@
#include "kdc_util.h"
static void
-ec_edata(krb5_context context, krb5_kdc_req *request,
+ec_edata(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
krb5_kdcpreauth_edata_respond_fn respond, void *arg)
@@ -44,10 +44,10 @@ ec_edata(krb5_context context, krb5_kdc_req *request,
}
static void
-ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
- krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
- krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
- krb5_kdcpreauth_moddata moddata,
+ec_verify(verto_ctx *ctx, krb5_context context, krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+ krb5_pa_data *data, krb5_kdcpreauth_callbacks cb,
+ krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
krb5_kdcpreauth_verify_respond_fn respond, void *arg)
{
krb5_error_code retval = 0;
diff --git a/src/kdc/kdc_preauth_encts.c b/src/kdc/kdc_preauth_encts.c
index d708061..5e9c076 100644
--- a/src/kdc/kdc_preauth_encts.c
+++ b/src/kdc/kdc_preauth_encts.c
@@ -29,7 +29,7 @@
#include "kdc_util.h"
static void
-enc_ts_get(krb5_context context, krb5_kdc_req *request,
+enc_ts_get(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
krb5_kdcpreauth_edata_respond_fn respond, void *arg)
@@ -40,10 +40,10 @@ enc_ts_get(krb5_context context, krb5_kdc_req *request,
}
static void
-enc_ts_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
- krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *pa,
- krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
- krb5_kdcpreauth_moddata moddata,
+enc_ts_verify(verto_ctx *ctx, krb5_context context, krb5_data *req_pkt,
+ krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
+ krb5_pa_data *pa, krb5_kdcpreauth_callbacks cb,
+ krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
krb5_kdcpreauth_verify_respond_fn respond, void *arg)
{
krb5_pa_enc_ts * pa_enc = 0;
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index f4773ae..360c82d 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -115,7 +115,7 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
/* do_as_req.c */
void
-process_as_req (krb5_kdc_req *, krb5_data *,
+process_as_req (verto_ctx *ctx, krb5_kdc_req *, krb5_data *,
const krb5_fulladdr *,
loop_respond_fn, void *);
@@ -126,7 +126,8 @@ process_tgs_req (krb5_data *,
krb5_data ** );
/* dispatch.c */
void
-dispatch (void *,
+dispatch (verto_ctx *,
+ void *,
struct sockaddr *,
const krb5_fulladdr *,
krb5_data *,
@@ -164,9 +165,9 @@ missing_required_preauth (krb5_db_entry *client,
krb5_enc_tkt_part *enc_tkt_reply);
typedef void (*kdc_hint_respond_fn)(void *arg);
void
-get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
- krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
- void *arg);
+get_preauth_hint_list(verto_ctx *ctx, krb5_kdc_req *request,
+ krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
+ kdc_hint_respond_fn respond, void *arg);
void
load_preauth_plugins(krb5_context context);
void
@@ -175,7 +176,7 @@ unload_preauth_plugins(krb5_context context);
typedef void (*kdc_preauth_respond_fn)(void *arg, krb5_error_code code);
void
-check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
+check_padata(verto_ctx *ctx, krb5_context context, krb5_kdcpreauth_rock rock,
krb5_data *req_pkt, krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply, void **padata_context,
krb5_pa_data ***e_data, krb5_boolean *typed_e_data,
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index 9df909f..45d0eb2 100644
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -1664,7 +1664,7 @@ process_packet(verto_ctx *ctx, verto_ev *ev)
state->faddr.address = &state->addr;
init_addr(&state->faddr, ss2sa(&state->saddr));
/* This address is in net order. */
- dispatch(state->handle, ss2sa(&state->daddr), &state->faddr,
+ dispatch(ctx, state->handle, ss2sa(&state->daddr), &state->faddr,
&state->request, 0, process_packet_response, state);
}
@@ -1935,7 +1935,7 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
&local_saddrlen) == 0)
local_saddrp = ss2sa(&state->local_saddr);
- dispatch(state->conn->handle, local_saddrp, &conn->faddr,
+ dispatch(ctx, state->conn->handle, local_saddrp, &conn->faddr,
&state->request, 1, process_tcp_response, state);
}
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c
index c0a438f..8fb92c2 100644
--- a/src/plugins/preauth/cksum_body/cksum_body_main.c
+++ b/src/plugins/preauth/cksum_body/cksum_body_main.c
@@ -240,7 +240,7 @@ server_fini(krb5_context kcontext, krb5_kdcpreauth_moddata moddata)
/* Obtain and return any preauthentication data (which is destined for the
* client) which matches type data->pa_type. */
static void
-server_get_edata(krb5_context kcontext, krb5_kdc_req *request,
+server_get_edata(verto_ctx *ctx, krb5_context kcontext, krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
krb5_kdcpreauth_edata_respond_fn respond, void *arg)
@@ -297,7 +297,8 @@ server_get_edata(krb5_context kcontext, krb5_kdc_req *request,
/* Verify a request from a client. */
static void
-server_verify(krb5_context kcontext,
+server_verify(verto_ctx *ctx,
+ krb5_context kcontext,
krb5_data *req_pkt,
krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply,
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 44e310c..9cfc3ad 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -96,7 +96,8 @@ cleanup:
}
static void
-pkinit_server_get_edata(krb5_context context,
+pkinit_server_get_edata(verto_ctx *ctx,
+ krb5_context context,
krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb,
krb5_kdcpreauth_rock rock,
@@ -284,7 +285,8 @@ out:
}
static void
-pkinit_server_verify_padata(krb5_context context,
+pkinit_server_verify_padata(verto_ctx *ctx,
+ krb5_context context,
krb5_data *req_pkt,
krb5_kdc_req * request,
krb5_enc_tkt_part * enc_tkt_reply,
diff --git a/src/plugins/preauth/securid_sam2/securid_sam2_main.c b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
index 80335ff..675bd2f 100644
--- a/src/plugins/preauth/securid_sam2/securid_sam2_main.c
+++ b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
@@ -193,7 +193,7 @@ cleanup:
}
static void
-kdc_verify_preauth(krb5_context context, krb5_data *req_pkt,
+kdc_verify_preauth(verto_ctx *ctx, krb5_context context, krb5_data *req_pkt,
krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
krb5_pa_data *pa_data, krb5_kdcpreauth_callbacks cb,
krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c
index c14ec75..dcd20b4 100644
--- a/src/plugins/preauth/wpse/wpse_main.c
+++ b/src/plugins/preauth/wpse/wpse_main.c
@@ -240,7 +240,8 @@ server_free_modreq(krb5_context kcontext,
/* Obtain and return any preauthentication data (which is destined for the
* client) which matches type data->pa_type. */
static void
-server_get_edata(krb5_context kcontext,
+server_get_edata(verto_ctx *ctx,
+ krb5_context kcontext,
krb5_kdc_req *request,
krb5_kdcpreauth_callbacks cb,
krb5_kdcpreauth_rock rock,
@@ -254,7 +255,8 @@ server_get_edata(krb5_context kcontext,
/* Verify a request from a client. */
static void
-server_verify(krb5_context kcontext,
+server_verify(verto_ctx *ctx,
+ krb5_context kcontext,
krb5_data *req_pkt,
krb5_kdc_req *request,
krb5_enc_tkt_part *enc_tkt_reply,
--
1.7.7
More information about the krbdev
mailing list