diff options
-rw-r--r-- | README.BRANCH | 10 | ||||
-rw-r--r-- | src/include/krb5/pwqual_plugin.h | 39 |
2 files changed, 25 insertions, 24 deletions
diff --git a/README.BRANCH b/README.BRANCH index cc6b2c6..92b2ac8 100644 --- a/README.BRANCH +++ b/README.BRANCH @@ -180,16 +180,6 @@ demonstration branch it is not perfect. Problems include: revisited, the framework's data model will need to be made a little more complicated to allow it. -* The pwqual vtable declarations put function signatures directly into - the vtable structure definition, with comments describing each - function's contract alongside the signature. This is consistent - with how the existing DAL pluggable interface is declared. An - alternative would be to create typedefs for each function signature - and place the comments describing the function contract with the - typedefs. The vtable definition would then be very concise, with - only one line per method. This would be consistent with how the - existing preauth pluggable interfaces are declared. - * Filtering should probably be applied to module mappings before dynamic modules are opened, since dlopen() is not always a cheap operation. This is an implementation detail of the diff --git a/src/include/krb5/pwqual_plugin.h b/src/include/krb5/pwqual_plugin.h index 311c703..48942bc 100644 --- a/src/include/krb5/pwqual_plugin.h +++ b/src/include/krb5/pwqual_plugin.h @@ -39,22 +39,33 @@ /* An abstract type for password quality module data. */ typedef struct krb5_pwqual_moddata_st *krb5_pwqual_moddata; +/*** Method type declarations ***/ + +/* Optional: Initialize module data. dictfile is the realm's configured + * dictionary filename. */ +typedef krb5_error_code +(*krb5_pwqual_open_fn)(krb5_context context, const char *dict_file, + krb5_pwqual_moddata *data); + +/* Mandatory: Check a password for the principal princ, possibly making use + * of the password policy given by policy. Return an error if the password + * check fails. */ +typedef krb5_error_code +(*krb5_pwqual_check_fn)(krb5_context context, krb5_pwqual_moddata data, + const char *password, kadm5_policy_ent_t policy, + krb5_principal princ); + +/* Optional: Release resources used by module data. */ +typedef void +(*krb5_pwqual_close_fn)(krb5_context context, krb5_pwqual_moddata data); + +/*** vtable declarations **/ + /* Password quality plugin vtable for major version 1. */ typedef struct krb5_pwqual_vtable_st { - /* Optional: Initialize module data. dictfile is the realm's configured - * dictionary filename. */ - krb5_error_code (*open)(krb5_context context, const char *dict_file, - krb5_pwqual_moddata *data); - - /* Mandatory: Check a password for the principal princ, possibly making use - * of the password policy given by policy. Return an error if the password - * check fails. */ - krb5_error_code (*check)(krb5_context context, krb5_pwqual_moddata data, - const char *password, kadm5_policy_ent_t policy, - krb5_principal princ); - - /* Optional: Release resources used by module data. */ - void (*close)(krb5_context context, krb5_pwqual_moddata data); + krb5_pwqual_open_fn open; + krb5_pwqual_check_fn check; + krb5_pwqual_close_fn close; } *krb5_pwqual_vtable; #endif /* KRB5_PWQUAL_PLUGIN_H */ |