[PATCH 2/2] pass the verto_ctx into preauth plugins
Nathaniel McCallum
npmccallum at redhat.com
Wed Nov 9 16:59:16 EST 2011
This patch fails for me during make check because verto.h isn't copied
into gss-kernel-lib. I don't know the right way to do this.
On Wed, 2011-11-09 at 16:54 -0500, Nathaniel McCallum wrote:
> ---
> src/include/krb5/preauth_plugin.h | 7 +++-
> src/include/net-server.h | 2 +-
> src/kadmin/server/schpw.c | 2 +-
> src/kdc/dispatch.c | 7 +++--
> src/kdc/do_as_req.c | 12 ++++++---
> src/kdc/kdc_preauth.c | 27 +++++++++++--------
> src/kdc/kdc_preauth_ec.c | 10 +++---
> src/kdc/kdc_preauth_encts.c | 10 +++---
> src/kdc/kdc_util.h | 13 +++++----
> src/lib/apputils/net-server.c | 4 +-
> src/plugins/preauth/cksum_body/cksum_body_main.c | 5 ++-
> src/plugins/preauth/pkinit/pkinit_srv.c | 6 +++-
> .../preauth/securid_sam2/securid_sam2_main.c | 2 +-
> src/plugins/preauth/wpse/wpse_main.c | 6 +++-
> 14 files changed, 66 insertions(+), 47 deletions(-)
>
> diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
> index 869ebd5..44d97ab 100644
> --- a/src/include/krb5/preauth_plugin.h
> +++ b/src/include/krb5/preauth_plugin.h
> @@ -74,6 +74,7 @@
> #define KRB5_PREAUTH_PLUGIN_H_INCLUDED
> #include <krb5/krb5.h>
> #include <krb5/plugin.h>
> +#include <verto.h>
>
> /*
> * Preauth mechanism property flags, unified from previous definitions in the
> @@ -425,7 +426,8 @@ typedef void
> * follow-up request, or that it will hit this KDC if it does.
> */
> typedef void
> -(*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request,
> +(*krb5_kdcpreauth_edata_fn)(verto_ctx *ctx, krb5_context context,
> + krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb,
> krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata,
> @@ -456,7 +458,8 @@ typedef void
> * when complete, whether successful or not.
> */
> typedef void
> -(*krb5_kdcpreauth_verify_fn)(krb5_context context,
> +(*krb5_kdcpreauth_verify_fn)(verto_ctx *ctx,
> + krb5_context context,
> krb5_data *req_pkt, krb5_kdc_req *request,
> krb5_enc_tkt_part *enc_tkt_reply,
> krb5_pa_data *data,
> diff --git a/src/include/net-server.h b/src/include/net-server.h
> index e84bdac..3cb8b34 100644
> --- a/src/include/net-server.h
> +++ b/src/include/net-server.h
> @@ -66,7 +66,7 @@ void loop_free(verto_ctx *ctx);
> */
> typedef void (*loop_respond_fn)(void *arg, krb5_error_code code,
> krb5_data *response);
> -void dispatch(void *handle, struct sockaddr *local_addr,
> +void dispatch(verto_ctx *ctx, void *handle, struct sockaddr *local_addr,
> const krb5_fulladdr *remote_addr, krb5_data *request,
> int is_tcp, loop_respond_fn respond, void *arg);
> krb5_error_code make_toolong_error (void *handle, krb5_data **);
> diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c
> index 8e38cfd..2722488 100644
> --- a/src/kadmin/server/schpw.c
> +++ b/src/kadmin/server/schpw.c
> @@ -440,7 +440,7 @@ bailout:
>
> /* Dispatch routine for set/change password */
> void
> -dispatch(void *handle, struct sockaddr *local_saddr,
> +dispatch(verto_ctx *ctx, void *handle, struct sockaddr *local_saddr,
> const krb5_fulladdr *remote_faddr, krb5_data *request, int is_tcp,
> loop_respond_fn respond, void *arg)
> {
> diff --git a/src/kdc/dispatch.c b/src/kdc/dispatch.c
> index 1398a33..978dcd0 100644
> --- a/src/kdc/dispatch.c
> +++ b/src/kdc/dispatch.c
> @@ -81,8 +81,9 @@ finish_dispatch(void *arg, krb5_error_code code, krb5_data *response)
> }
>
> void
> -dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
> - krb5_data *pkt, int is_tcp, loop_respond_fn respond, void *arg)
> +dispatch(verto_ctx *ctx, void *cb, struct sockaddr *local_saddr,
> + const krb5_fulladdr *from, krb5_data *pkt, int is_tcp,
> + loop_respond_fn respond, void *arg)
> {
> krb5_error_code retval;
> krb5_kdc_req *as_req;
> @@ -166,7 +167,7 @@ dispatch(void *cb, struct sockaddr *local_saddr, const krb5_fulladdr *from,
> * process_as_req frees the request if it is called
> */
> if (!(retval = setup_server_realm(as_req->server))) {
> - process_as_req(as_req, pkt, from, finish_dispatch, state);
> + process_as_req(ctx, as_req, pkt, from, finish_dispatch, state);
> return;
> }
> else
> diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
> index 0d5cbe5..3c47136 100644
> --- a/src/kdc/do_as_req.c
> +++ b/src/kdc/do_as_req.c
> @@ -102,6 +102,7 @@ struct as_req_state {
> loop_respond_fn respond;
> void *arg;
>
> + verto_ctx *ctx;
> krb5_enc_tkt_part enc_tkt_reply;
> krb5_enc_kdc_rep_part reply_encpart;
> krb5_ticket ticket_reply;
> @@ -425,7 +426,8 @@ finish_preauth(void *arg, krb5_error_code code)
> if (real_code == KRB5KDC_ERR_PREAUTH_FAILED) {
> state->preauth_err = code;
> get_preauth_hint_list(state->request, &state->rock, &state->e_data,
> - finish_missing_required_preauth, state);
> + state->ctx, finish_missing_required_preauth,
> + state);
> return;
> }
> } else {
> @@ -439,7 +441,8 @@ finish_preauth(void *arg, krb5_error_code code)
> if (state->status) {
> state->preauth_err = KRB5KDC_ERR_PREAUTH_REQUIRED;
> get_preauth_hint_list(state->request, &state->rock, &state->e_data,
> - finish_missing_required_preauth, state);
> + state->ctx, finish_missing_required_preauth,
> + state);
> return;
> }
> }
> @@ -449,7 +452,7 @@ finish_preauth(void *arg, krb5_error_code code)
>
> /*ARGSUSED*/
> void
> -process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
> +process_as_req(verto_ctx *ctx, krb5_kdc_req *request, krb5_data *req_pkt,
> const krb5_fulladdr *from, loop_respond_fn respond, void *arg)
> {
> krb5_error_code errcode;
> @@ -465,6 +468,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
> (*respond)(arg, errcode, NULL);
> return;
> }
> + state->ctx = ctx;
> state->respond = respond;
> state->arg = arg;
> state->request = request;
> @@ -751,7 +755,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
> * Check the preauthentication if it is there.
> */
> if (state->request->padata) {
> - check_padata(kdc_context, &state->rock, state->req_pkt,
> + check_padata(ctx, kdc_context, &state->rock, state->req_pkt,
> state->request, &state->enc_tkt_reply, &state->pa_context,
> &state->e_data, &state->typed_e_data, finish_preauth,
> state);
> diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
> index c106027..4c3a4c5 100644
> --- a/src/kdc/kdc_preauth.c
> +++ b/src/kdc/kdc_preauth.c
> @@ -105,13 +105,13 @@ typedef struct preauth_system_st {
> } preauth_system;
>
> static void
> -get_etype_info(krb5_context context, krb5_kdc_req *request,
> +get_etype_info(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
> krb5_kdcpreauth_edata_respond_fn respond, void *arg);
>
> static void
> -get_etype_info2(krb5_context context, krb5_kdc_req *request,
> +get_etype_info2(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
> krb5_kdcpreauth_edata_respond_fn respond, void *arg);
> @@ -751,6 +751,7 @@ struct hint_state {
> void *arg;
> kdc_realm_t *realm;
>
> + verto_ctx *ctx;
> krb5_kdcpreauth_rock rock;
> krb5_kdc_req *request;
> krb5_pa_data ***e_data_out;
> @@ -826,8 +827,9 @@ hint_list_next(struct hint_state *state)
>
> state->pa_type = ap->type;
> if (ap->get_edata) {
> - ap->get_edata(kdc_context, state->request, &callbacks, state->rock,
> - ap->moddata, ap->type, finish_get_edata, state);
> + ap->get_edata(state->ctx, kdc_context, state->request, &callbacks,
> + state->rock, ap->moddata, ap->type, finish_get_edata,
> + state);
> } else
> finish_get_edata(state, 0, NULL);
> return;
> @@ -838,9 +840,9 @@ next:
> }
>
> void
> -get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
> - krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
> - void *arg)
> +get_preauth_hint_list(verto_ctx *ctx, krb5_kdc_req *request,
> + krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
> + kdc_hint_respond_fn respond, void *arg)
> {
> struct hint_state *state;
>
> @@ -852,6 +854,7 @@ get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
> (*respond)(arg);
> return;
> }
> + state->ctx = ctx;
> state->hw_only = isflagset(rock->client->attributes,
> KRB5_KDB_REQUIRES_HW_AUTH);
> state->respond = respond;
> @@ -928,6 +931,7 @@ struct padata_state {
> void *arg;
> kdc_realm_t *realm;
>
> + verto_ctx *ctx;
> krb5_kdcpreauth_modreq *modreq_ptr;
> krb5_pa_data **padata;
> int pa_found;
> @@ -1130,7 +1134,7 @@ next_padata(struct padata_state *state)
> goto next;
>
> state->pa_found++;
> - state->pa_sys->verify_padata(state->context, state->req_pkt,
> + state->pa_sys->verify_padata(state->ctx, state->context, state->req_pkt,
> state->request, state->enc_tkt_reply,
> *state->padata, &callbacks, state->rock,
> state->pa_sys->moddata, finish_verify_padata,
> @@ -1150,7 +1154,7 @@ next:
> */
>
> void
> -check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
> +check_padata(verto_ctx *ctx, krb5_context context, krb5_kdcpreauth_rock rock,
> krb5_data *req_pkt, krb5_kdc_req *request,
> krb5_enc_tkt_part *enc_tkt_reply, void **padata_context,
> krb5_pa_data ***e_data, krb5_boolean *typed_e_data,
> @@ -1173,6 +1177,7 @@ check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
> (*respond)(arg, ENOMEM);
> return;
> }
> + state->ctx = ctx;
> state->respond = respond;
> state->arg = arg;
> state->context = context;
> @@ -1457,7 +1462,7 @@ cleanup:
> }
>
> static void
> -get_etype_info(krb5_context context, krb5_kdc_req *request,
> +get_etype_info(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
> krb5_kdcpreauth_edata_respond_fn respond, void *arg)
> @@ -1476,7 +1481,7 @@ get_etype_info(krb5_context context, krb5_kdc_req *request,
> }
>
> static void
> -get_etype_info2(krb5_context context, krb5_kdc_req *request,
> +get_etype_info2(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
> krb5_kdcpreauth_edata_respond_fn respond, void *arg)
> diff --git a/src/kdc/kdc_preauth_ec.c b/src/kdc/kdc_preauth_ec.c
> index 9d7236c..620538c 100644
> --- a/src/kdc/kdc_preauth_ec.c
> +++ b/src/kdc/kdc_preauth_ec.c
> @@ -34,7 +34,7 @@
> #include "kdc_util.h"
>
> static void
> -ec_edata(krb5_context context, krb5_kdc_req *request,
> +ec_edata(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
> krb5_kdcpreauth_edata_respond_fn respond, void *arg)
> @@ -44,10 +44,10 @@ ec_edata(krb5_context context, krb5_kdc_req *request,
> }
>
> static void
> -ec_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
> - krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
> - krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> - krb5_kdcpreauth_moddata moddata,
> +ec_verify(verto_ctx *ctx, krb5_context context, krb5_data *req_pkt,
> + krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
> + krb5_pa_data *data, krb5_kdcpreauth_callbacks cb,
> + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
> krb5_kdcpreauth_verify_respond_fn respond, void *arg)
> {
> krb5_error_code retval = 0;
> diff --git a/src/kdc/kdc_preauth_encts.c b/src/kdc/kdc_preauth_encts.c
> index d708061..5e9c076 100644
> --- a/src/kdc/kdc_preauth_encts.c
> +++ b/src/kdc/kdc_preauth_encts.c
> @@ -29,7 +29,7 @@
> #include "kdc_util.h"
>
> static void
> -enc_ts_get(krb5_context context, krb5_kdc_req *request,
> +enc_ts_get(verto_ctx *ctx, krb5_context context, krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
> krb5_kdcpreauth_edata_respond_fn respond, void *arg)
> @@ -40,10 +40,10 @@ enc_ts_get(krb5_context context, krb5_kdc_req *request,
> }
>
> static void
> -enc_ts_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
> - krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *pa,
> - krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> - krb5_kdcpreauth_moddata moddata,
> +enc_ts_verify(verto_ctx *ctx, krb5_context context, krb5_data *req_pkt,
> + krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
> + krb5_pa_data *pa, krb5_kdcpreauth_callbacks cb,
> + krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
> krb5_kdcpreauth_verify_respond_fn respond, void *arg)
> {
> krb5_pa_enc_ts * pa_enc = 0;
> diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
> index f4773ae..360c82d 100644
> --- a/src/kdc/kdc_util.h
> +++ b/src/kdc/kdc_util.h
> @@ -115,7 +115,7 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep);
>
> /* do_as_req.c */
> void
> -process_as_req (krb5_kdc_req *, krb5_data *,
> +process_as_req (verto_ctx *ctx, krb5_kdc_req *, krb5_data *,
> const krb5_fulladdr *,
> loop_respond_fn, void *);
>
> @@ -126,7 +126,8 @@ process_tgs_req (krb5_data *,
> krb5_data ** );
> /* dispatch.c */
> void
> -dispatch (void *,
> +dispatch (verto_ctx *,
> + void *,
> struct sockaddr *,
> const krb5_fulladdr *,
> krb5_data *,
> @@ -164,9 +165,9 @@ missing_required_preauth (krb5_db_entry *client,
> krb5_enc_tkt_part *enc_tkt_reply);
> typedef void (*kdc_hint_respond_fn)(void *arg);
> void
> -get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock,
> - krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond,
> - void *arg);
> +get_preauth_hint_list(verto_ctx *ctx, krb5_kdc_req *request,
> + krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
> + kdc_hint_respond_fn respond, void *arg);
> void
> load_preauth_plugins(krb5_context context);
> void
> @@ -175,7 +176,7 @@ unload_preauth_plugins(krb5_context context);
> typedef void (*kdc_preauth_respond_fn)(void *arg, krb5_error_code code);
>
> void
> -check_padata(krb5_context context, krb5_kdcpreauth_rock rock,
> +check_padata(verto_ctx *ctx, krb5_context context, krb5_kdcpreauth_rock rock,
> krb5_data *req_pkt, krb5_kdc_req *request,
> krb5_enc_tkt_part *enc_tkt_reply, void **padata_context,
> krb5_pa_data ***e_data, krb5_boolean *typed_e_data,
> diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
> index 9df909f..45d0eb2 100644
> --- a/src/lib/apputils/net-server.c
> +++ b/src/lib/apputils/net-server.c
> @@ -1664,7 +1664,7 @@ process_packet(verto_ctx *ctx, verto_ev *ev)
> state->faddr.address = &state->addr;
> init_addr(&state->faddr, ss2sa(&state->saddr));
> /* This address is in net order. */
> - dispatch(state->handle, ss2sa(&state->daddr), &state->faddr,
> + dispatch(ctx, state->handle, ss2sa(&state->daddr), &state->faddr,
> &state->request, 0, process_packet_response, state);
> }
>
> @@ -1935,7 +1935,7 @@ process_tcp_connection_read(verto_ctx *ctx, verto_ev *ev)
> &local_saddrlen) == 0)
> local_saddrp = ss2sa(&state->local_saddr);
>
> - dispatch(state->conn->handle, local_saddrp, &conn->faddr,
> + dispatch(ctx, state->conn->handle, local_saddrp, &conn->faddr,
> &state->request, 1, process_tcp_response, state);
> }
>
> diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c
> index c0a438f..8fb92c2 100644
> --- a/src/plugins/preauth/cksum_body/cksum_body_main.c
> +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c
> @@ -240,7 +240,7 @@ server_fini(krb5_context kcontext, krb5_kdcpreauth_moddata moddata)
> /* Obtain and return any preauthentication data (which is destined for the
> * client) which matches type data->pa_type. */
> static void
> -server_get_edata(krb5_context kcontext, krb5_kdc_req *request,
> +server_get_edata(verto_ctx *ctx, krb5_context kcontext, krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock,
> krb5_kdcpreauth_moddata moddata, krb5_preauthtype pa_type,
> krb5_kdcpreauth_edata_respond_fn respond, void *arg)
> @@ -297,7 +297,8 @@ server_get_edata(krb5_context kcontext, krb5_kdc_req *request,
>
> /* Verify a request from a client. */
> static void
> -server_verify(krb5_context kcontext,
> +server_verify(verto_ctx *ctx,
> + krb5_context kcontext,
> krb5_data *req_pkt,
> krb5_kdc_req *request,
> krb5_enc_tkt_part *enc_tkt_reply,
> diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
> index 44e310c..9cfc3ad 100644
> --- a/src/plugins/preauth/pkinit/pkinit_srv.c
> +++ b/src/plugins/preauth/pkinit/pkinit_srv.c
> @@ -96,7 +96,8 @@ cleanup:
> }
>
> static void
> -pkinit_server_get_edata(krb5_context context,
> +pkinit_server_get_edata(verto_ctx *ctx,
> + krb5_context context,
> krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb,
> krb5_kdcpreauth_rock rock,
> @@ -284,7 +285,8 @@ out:
> }
>
> static void
> -pkinit_server_verify_padata(krb5_context context,
> +pkinit_server_verify_padata(verto_ctx *ctx,
> + krb5_context context,
> krb5_data *req_pkt,
> krb5_kdc_req * request,
> krb5_enc_tkt_part * enc_tkt_reply,
> diff --git a/src/plugins/preauth/securid_sam2/securid_sam2_main.c b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
> index 80335ff..675bd2f 100644
> --- a/src/plugins/preauth/securid_sam2/securid_sam2_main.c
> +++ b/src/plugins/preauth/securid_sam2/securid_sam2_main.c
> @@ -193,7 +193,7 @@ cleanup:
> }
>
> static void
> -kdc_verify_preauth(krb5_context context, krb5_data *req_pkt,
> +kdc_verify_preauth(verto_ctx *ctx, krb5_context context, krb5_data *req_pkt,
> krb5_kdc_req *request, krb5_enc_tkt_part *enc_tkt_reply,
> krb5_pa_data *pa_data, krb5_kdcpreauth_callbacks cb,
> krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata,
> diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c
> index c14ec75..dcd20b4 100644
> --- a/src/plugins/preauth/wpse/wpse_main.c
> +++ b/src/plugins/preauth/wpse/wpse_main.c
> @@ -240,7 +240,8 @@ server_free_modreq(krb5_context kcontext,
> /* Obtain and return any preauthentication data (which is destined for the
> * client) which matches type data->pa_type. */
> static void
> -server_get_edata(krb5_context kcontext,
> +server_get_edata(verto_ctx *ctx,
> + krb5_context kcontext,
> krb5_kdc_req *request,
> krb5_kdcpreauth_callbacks cb,
> krb5_kdcpreauth_rock rock,
> @@ -254,7 +255,8 @@ server_get_edata(krb5_context kcontext,
>
> /* Verify a request from a client. */
> static void
> -server_verify(krb5_context kcontext,
> +server_verify(verto_ctx *ctx,
> + krb5_context kcontext,
> krb5_data *req_pkt,
> krb5_kdc_req *request,
> krb5_enc_tkt_part *enc_tkt_reply,
More information about the krbdev
mailing list