[PATCH] Plugin Interface Change

Greg Hudson ghudson at MIT.EDU
Mon Oct 3 15:29:16 EDT 2011 

I applied theses four patches with changes.  Due to time pressures, I
made these changes myself rather than bouncing them back.  I also noted
that you had begun work on the edata method, but I wasn't sure if you
were finished and adding an error code to the state structure set off a
red flag, so I deferred that for now.

The two most notable changes:

* I adjusted the callback style so that in opaque form (as a void *),
the callback argument is called "arg" and comes first in the callback
argument list.  Only in typed form in the invoker and callback is it
called "state".  A side benefit is that we don't need the name
"newstate" when constructing state structures, since "state" won't
conflict with the "arg" of the outer callback.

* The kdcpreauth verify method still had an output argument for the
modreq state.  This works (assuming the caller can pass a pointer with
appropriate lifetime) but is inconsistent.  I turned it into a callback
argument.  I thought about doing the same with the check_padata
padata_context pointer, but decided that could be cleaned up later since
it's internal to the KDC code.

More minor changes:

* There were some "misc"s and "ec"s in the patches still, which I
cleaned up.

* I made a typedef kdc_preauth_respond_fn for the check_padata callback
rather than use a raw function pointer type, and I changed the name of
krb5_responder to loop_respond_fn.

* There were some comma-separated structure fields in udp_dispatch_state
and as_req_state.

* I moved useenctype out of as_req_state and turned it back into local
variables in process_as_req and finish_process_as_req, since the uses of
that variable in the two functions are independent of each other.

* I un-renamed "rqst" back to "request" in process_as_req.

* I renamed the FAST request state field from "state" to "rstate" in
as_req_state to be a little less confusing.  I expect to check this up
further somehow when I make changes to the kdcpreauth get_data callback.

I observed a bunch of fields in struct as_req_state which are only
really used in finish_process_as_req: server_keyblock, client_keyblock,
reply, reply_encpart, ticket_reply, cname, and sname.  I left those in
there for now because they might come in handy there if handle_authdata
or return_padata are converted to use callbacks.

More information about the krbdev mailing list