diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2012-10-23 15:08:26 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-10-23 22:27:45 -0400 |
| commit | 83b4ecd20e50ad330cd761977d5dadefe30a785b (patch) | |
| tree | e00fb41319db6e2f3ead22ec56d416f2f038166c /src | |
| parent | 0e6cd4de33c401b2911a5001dc476d11bfb969a3 (diff) | |
| download | krb5-83b4ecd20e50ad330cd761977d5dadefe30a785b.zip krb5-83b4ecd20e50ad330cd761977d5dadefe30a785b.tar.gz krb5-83b4ecd20e50ad330cd761977d5dadefe30a785b.tar.bz2 | |
Add loop() kdcpreauth method
[ghudson@mit.edu: avoid verto.h header dependency; minor fixes]
ticket: 7426 (new)
target_version: 1.11
tags: pullup
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/krb5/preauth_plugin.h | 13 | ||||
| -rw-r--r-- | src/kdc/kdc_preauth.c | 21 | ||||
| -rw-r--r-- | src/kdc/kdc_util.h | 3 | ||||
| -rw-r--r-- | src/kdc/main.c | 2 |
4 files changed, 34 insertions, 5 deletions
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index 9a241f2..9c4ec0f 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -47,7 +47,7 @@ * int min_ver, krb5_plugin_vtable vtable); * * The kdcpreauth interface has a single supported major version, which is 1. - * Major version 1 has a current minor version of 1. kdcpreauth modules should + * Major version 1 has a current minor version of 2. kdcpreauth modules should * define a function named kdcpreauth_<modulename>_initvt, matching the * signature: * @@ -578,6 +578,13 @@ typedef void krb5_kdcpreauth_moddata moddata, krb5_kdcpreauth_modreq modreq); +/* Optional: invoked after init_fn to provide the module with a pointer to the + * verto main loop. */ +typedef krb5_error_code +(*krb5_kdcpreauth_loop_fn)(krb5_context context, + krb5_kdcpreauth_moddata moddata, + struct verto_ctx *ctx); + typedef struct krb5_kdcpreauth_vtable_st { /* Mandatory: name of module. */ char *name; @@ -593,6 +600,10 @@ typedef struct krb5_kdcpreauth_vtable_st { krb5_kdcpreauth_verify_fn verify; krb5_kdcpreauth_return_fn return_padata; krb5_kdcpreauth_free_modreq_fn free_modreq; + /* Minor 1 ends here. */ + + krb5_kdcpreauth_loop_fn loop; + /* Minor 2 ends here. */ } *krb5_kdcpreauth_vtable; #endif /* KRB5_PREAUTH_PLUGIN_H_INCLUDED */ diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 19998d8..29485a3 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -98,6 +98,7 @@ typedef struct preauth_system_st { krb5_kdcpreauth_verify_fn verify_padata; krb5_kdcpreauth_return_fn return_padata; krb5_kdcpreauth_free_modreq_fn free_modreq; + krb5_kdcpreauth_loop_fn loop; } preauth_system; static void @@ -251,7 +252,7 @@ get_plugin_vtables(krb5_context context, if (vtables == NULL) goto cleanup; for (pl = plugins, n_tables = 0; *pl != NULL; pl++) { - if ((*pl)(context, 1, 1, (krb5_plugin_vtable)&vtables[n_tables]) == 0) + if ((*pl)(context, 1, 2, (krb5_plugin_vtable)&vtables[n_tables]) == 0) n_tables++; } for (i = 0, n_systems = 0; i < n_tables; i++) { @@ -285,7 +286,8 @@ get_realm_names(struct server_handle *handle, const char ***list_out) } void -load_preauth_plugins(struct server_handle *handle, krb5_context context) +load_preauth_plugins(struct server_handle *handle, krb5_context context, + verto_ctx *ctx) { krb5_error_code ret; struct krb5_kdcpreauth_vtable_st *vtables = NULL, *vt; @@ -327,6 +329,20 @@ load_preauth_plugins(struct server_handle *handle, krb5_context context) continue; } } + + if (vt->loop) { + ret = vt->loop(context, moddata, ctx); + if (ret) { + emsg = krb5_get_error_message(context, ret); + krb5_klog_syslog(LOG_ERR, _("preauth %s failed to setup " + "loop: %s"), vt->name, emsg); + krb5_free_error_message(context, emsg); + if (vt->fini) + vt->fini(context, moddata); + continue; + } + } + /* Add this module to the systems list once for each pa type. */ for (j = 0; vt->pa_type_list[j] > 0; j++) { sys = &preauth_systems[n_systems]; @@ -341,6 +357,7 @@ load_preauth_plugins(struct server_handle *handle, krb5_context context) sys->verify_padata = vt->verify; sys->return_padata = vt->return_padata; sys->free_modreq = vt->free_modreq; + sys->loop = vt->loop; n_systems++; } } diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h index 96b1aef..09bde66 100644 --- a/src/kdc/kdc_util.h +++ b/src/kdc/kdc_util.h @@ -160,7 +160,8 @@ get_preauth_hint_list(krb5_kdc_req *request, krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out, kdc_hint_respond_fn respond, void *arg); void -load_preauth_plugins(struct server_handle * handle, krb5_context context); +load_preauth_plugins(struct server_handle * handle, krb5_context context, + verto_ctx *ctx); void unload_preauth_plugins(krb5_context context); diff --git a/src/kdc/main.c b/src/kdc/main.c index 0e9e87e..f06263e 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -1011,7 +1011,7 @@ int main(int argc, char **argv) return 1; } - load_preauth_plugins(&shandle, kcontext); + load_preauth_plugins(&shandle, kcontext, ctx); load_authdata_plugins(kcontext); retval = setup_sam(); |