Add loop() kdcpreauth method

[ghudson@mit.edu: avoid verto.h header dependency; minor fixes] ticket: 7426 (new) target_version: 1.11 tags: pullup
krb5 · Oct 24, 2012 · 83b4ecd · 83b4ecd
1 parent 0e6cd4d
commit 83b4ecd
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 5 deletions.
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
@@ -47,7 +47,7 @@
  *                            int min_ver, krb5_plugin_vtable vtable);
  *
  * The kdcpreauth interface has a single supported major version, which is 1.
- * Major version 1 has a current minor version of 1.  kdcpreauth modules should
+ * Major version 1 has a current minor version of 2.  kdcpreauth modules should
  * define a function named kdcpreauth_<modulename>_initvt, matching the
  * signature:
  *
@@ -578,6 +578,13 @@ typedef void
                                   krb5_kdcpreauth_moddata moddata,
                                   krb5_kdcpreauth_modreq modreq);
 
+/* Optional: invoked after init_fn to provide the module with a pointer to the
+ * verto main loop. */
+typedef krb5_error_code
+(*krb5_kdcpreauth_loop_fn)(krb5_context context,
+                           krb5_kdcpreauth_moddata moddata,
+                           struct verto_ctx *ctx);
+
 typedef struct krb5_kdcpreauth_vtable_st {
     /* Mandatory: name of module. */
     char *name;
@@ -593,6 +600,10 @@ typedef struct krb5_kdcpreauth_vtable_st {
     krb5_kdcpreauth_verify_fn verify;
     krb5_kdcpreauth_return_fn return_padata;
     krb5_kdcpreauth_free_modreq_fn free_modreq;
+    /* Minor 1 ends here. */
+
+    krb5_kdcpreauth_loop_fn loop;
+    /* Minor 2 ends here. */
 } *krb5_kdcpreauth_vtable;
 
 #endif /* KRB5_PREAUTH_PLUGIN_H_INCLUDED */
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
@@ -98,6 +98,7 @@ typedef struct preauth_system_st {
     krb5_kdcpreauth_verify_fn verify_padata;
     krb5_kdcpreauth_return_fn return_padata;
     krb5_kdcpreauth_free_modreq_fn free_modreq;
+    krb5_kdcpreauth_loop_fn loop;
 } preauth_system;
 
 static void
@@ -251,7 +252,7 @@ get_plugin_vtables(krb5_context context,
     if (vtables == NULL)
         goto cleanup;
     for (pl = plugins, n_tables = 0; *pl != NULL; pl++) {
-        if ((*pl)(context, 1, 1, (krb5_plugin_vtable)&vtables[n_tables]) == 0)
+        if ((*pl)(context, 1, 2, (krb5_plugin_vtable)&vtables[n_tables]) == 0)
             n_tables++;
     }
     for (i = 0, n_systems = 0; i < n_tables; i++) {
@@ -285,7 +286,8 @@ get_realm_names(struct server_handle *handle, const char ***list_out)
 }
 
 void
-load_preauth_plugins(struct server_handle *handle, krb5_context context)
+load_preauth_plugins(struct server_handle *handle, krb5_context context,
+                     verto_ctx *ctx)
 {
     krb5_error_code ret;
     struct krb5_kdcpreauth_vtable_st *vtables = NULL, *vt;
@@ -327,6 +329,20 @@ load_preauth_plugins(struct server_handle *handle, krb5_context context)
                 continue;
             }
         }
+
+        if (vt->loop) {
+            ret = vt->loop(context, moddata, ctx);
+            if (ret) {
+                emsg = krb5_get_error_message(context, ret);
+                krb5_klog_syslog(LOG_ERR, _("preauth %s failed to setup "
+                                            "loop: %s"), vt->name, emsg);
+                krb5_free_error_message(context, emsg);
+                if (vt->fini)
+                    vt->fini(context, moddata);
+                continue;
+            }
+        }
+
         /* Add this module to the systems list once for each pa type. */
         for (j = 0; vt->pa_type_list[j] > 0; j++) {
             sys = &preauth_systems[n_systems];
@@ -341,6 +357,7 @@ load_preauth_plugins(struct server_handle *handle, krb5_context context)
             sys->verify_padata = vt->verify;
             sys->return_padata = vt->return_padata;
             sys->free_modreq = vt->free_modreq;
+            sys->loop = vt->loop;
             n_systems++;
         }
     }

diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
@@ -160,7 +160,8 @@ get_preauth_hint_list(krb5_kdc_req *request,
                       krb5_kdcpreauth_rock rock, krb5_pa_data ***e_data_out,
                       kdc_hint_respond_fn respond, void *arg);
 void
-load_preauth_plugins(struct server_handle * handle, krb5_context context);
+load_preauth_plugins(struct server_handle * handle, krb5_context context,
+                     verto_ctx *ctx);
 void
 unload_preauth_plugins(krb5_context context);
 

diff --git a/src/kdc/main.c b/src/kdc/main.c
@@ -1011,7 +1011,7 @@ int main(int argc, char **argv)
         return 1;
     }
 
-    load_preauth_plugins(&shandle, kcontext);
+    load_preauth_plugins(&shandle, kcontext, ctx);
     load_authdata_plugins(kcontext);
 
     retval = setup_sam();