[PATCH 2/2] pass the verto_ctx into preauth plugins

Greg Hudson ghudson at MIT.EDU
Thu Nov 10 15:54:24 EST 2011

On 11/10/2011 02:44 PM, Sam Hartman wrote:
> Can't the virto context be an incomplete type declared in the preauth
> plugin header?

Yes, although that creates knowledge of the underlying structure name.
(Which is struct _verto_ctx.  Tom, should we ask for that to be changed
not to begin with an underscore?)

> Why does the kernel lib depend on the preauth plugin header anyway?

The relevant source files include <k5-int.h>, which includes
<krb5/preauth_plugin.h>.  k5-int.h is a huge octopus bringing in all
sorts of headers declaring stuff which the kernel lib comes nowhere near
using, like port-sockets.h and com_err.h.

In http://k5wiki.kerberos.org/wiki/Projects/Kernel_subset I discuss
reorganizing k5-int.h to make it possible to get the declarations needed
by the kernel subset code without including everything, but I didn't do
that work.

Regardless, we're going to have this problem again if and when krb5.h
starts declaring async functionality.  Again, we'll have the choice
between declaring verto_ctx ourselves and making verto.h a hard
dependency of krb5.h (and thus the kernel subset).

More information about the krbdev mailing list