Use kadm5_hook_modinfo for the internal structure

This is the MIT Kerberos name, and by adopting it we get a little
bit more type checking and don't have to invent our own data
structure name.

diff --git a/plugin/ad.c b/plugin/ad.c
index 9a02d53cf041d3b9cd8acc36cab7572475842e6e..61cb7fa5dd20c9b8dd1b92b3cb71beee195ee497 100644 (file)
--- a/plugin/ad.c
+++ b/plugin/ad.c
@@ -53,7 +53,7 @@
  * initial credentials.  Returns a Kerberos status code.
  */
 static krb5_error_code
-get_creds(struct plugin_config *config, krb5_context ctx, krb5_ccache *cc)
+get_creds(kadm5_hook_modinfo *config, krb5_context ctx, krb5_ccache *cc)
 {
     krb5_error_code code;
     krb5_keytab kt = NULL;
@@ -133,7 +133,7 @@ fail:
  * and always involves changing the realm.  Returns a Kerberos error code.
  */
 static krb5_error_code
-get_ad_principal(struct plugin_config *config, krb5_context ctx,
+get_ad_principal(kadm5_hook_modinfo *config, krb5_context ctx,
                  krb5_const_principal principal, krb5_principal *ad_principal)
 {
     krb5_error_code code;
@@ -182,7 +182,7 @@ get_ad_principal(struct plugin_config *config, krb5_context ctx,
  * length.  Returns a Kerberos error code.
  */
 krb5_error_code
-pwupdate_ad_change(struct plugin_config *config, krb5_context ctx,
+pwupdate_ad_change(kadm5_hook_modinfo *config, krb5_context ctx,
                    krb5_principal principal, const char *password,
                    int pwlen UNUSED)
 {
@@ -261,7 +261,7 @@ ad_interact_sasl(LDAP *ld UNUSED, unsigned flags UNUSED,
  * length.
  */
 krb5_error_code
-pwupdate_ad_status(struct plugin_config *config, krb5_context ctx,
+pwupdate_ad_status(kadm5_hook_modinfo *config, krb5_context ctx,
                    krb5_principal principal, int enabled)
 {
     krb5_ccache ccache;

diff --git a/plugin/api.c b/plugin/api.c
index c1d0ad2f3227c77f764cb9e1855db28fa904b4d6..426dbad8d347fa798174114156a77b9032595faf 100644 (file)
--- a/plugin/api.c
+++ b/plugin/api.c
@@ -37,12 +37,12 @@
  * This function returns failure only if it could not allocate memory.
  */
 krb5_error_code
-pwupdate_init(struct plugin_config **result, krb5_context ctx)
+pwupdate_init(kadm5_hook_modinfo **result, krb5_context ctx)
 {
-    struct plugin_config *config;
+    kadm5_hook_modinfo *config;
 
     /* Allocate our internal data. */
-    config = calloc(1, sizeof(struct plugin_config));
+    config = calloc(1, sizeof(*config));
     if (config == NULL)
         return sync_error_system(ctx, "cannot allocate memory");
 
@@ -76,7 +76,7 @@ pwupdate_init(struct plugin_config **result, krb5_context ctx)
  * since we don't store any other local state.
  */
 void
-pwupdate_close(struct plugin_config *config)
+pwupdate_close(kadm5_hook_modinfo *config)
 {
     if (config->ad_keytab != NULL)
         free(config->ad_keytab);
@@ -151,7 +151,7 @@ instance_allowed(const char *allowed, const char *instance)
  * proceed, logs a debug-level message to syslog.
  */
 static int
-principal_allowed(struct plugin_config *config, krb5_context ctx,
+principal_allowed(kadm5_hook_modinfo *config, krb5_context ctx,
                   krb5_principal principal, int pwchange)
 {
     char *display;
@@ -216,7 +216,7 @@ principal_allowed(struct plugin_config *config, krb5_context ctx,
  * Currently, we can't do anything in that case, so just skip it.
  */
 krb5_error_code
-pwupdate_precommit_password(struct plugin_config *config, krb5_context ctx,
+pwupdate_precommit_password(kadm5_hook_modinfo *config, krb5_context ctx,
                             krb5_principal principal,
                             const char *password, int pwlen)
 {
@@ -254,7 +254,7 @@ queue:
  * Currently, there are none.
  */
 krb5_error_code
-pwupdate_postcommit_password(struct plugin_config *config UNUSED,
+pwupdate_postcommit_password(kadm5_hook_modinfo *config UNUSED,
                              krb5_context ctx UNUSED,
                              krb5_principal principal UNUSED,
                              const char *password UNUSED, int pwlen UNUSED)
@@ -273,7 +273,7 @@ pwupdate_postcommit_password(struct plugin_config *config UNUSED,
  * queue it for later processing.
  */
 krb5_error_code
-pwupdate_postcommit_status(struct plugin_config *config, krb5_context ctx,
+pwupdate_postcommit_status(kadm5_hook_modinfo *config, krb5_context ctx,
                            krb5_principal principal, int enabled)
 {
     krb5_error_code code;

diff --git a/plugin/heimdal.c b/plugin/heimdal.c
index 5b6eb38d67001a519bdee272846e8095ddf7691d..d69943c21709bf0caf6be859c7326531f2465a67 100644 (file)
--- a/plugin/heimdal.c
+++ b/plugin/heimdal.c
@@ -55,7 +55,7 @@ typedef struct kadm5_hook {
 static krb5_error_code
 init(krb5_context ctx, void **data)
 {
-    return pwupdate_init((struct plugin_config **) data, ctx);
+    return pwupdate_init((kadm5_hook_modinfo **) data, ctx);
 }
 
 

diff --git a/plugin/instance.c b/plugin/instance.c
index 2bf6cbdccbbd5df44d6c0e841a8088529943d678..2c1fd7bcbf8c465256d3cca2c45294eee6155e4a 100644 (file)
--- a/plugin/instance.c
+++ b/plugin/instance.c
@@ -28,7 +28,7 @@
  * or on any other error.
  */
 int
-pwupdate_instance_exists(struct plugin_config *config UNUSED,
+pwupdate_instance_exists(kadm5_hook_modinfo *config UNUSED,
                          krb5_context ctx, krb5_principal base,
                          const char *instance)
 {

diff --git a/plugin/internal.h b/plugin/internal.h
index c562216e1523001229d219afdb33c8828f88a34f..fa2a9a42de86db9e44cf7bee06b7ad96b4518a2f 100644 (file)
--- a/plugin/internal.h
+++ b/plugin/internal.h
@@ -16,25 +16,32 @@
 #include <config.h>
 #include <portable/krb5.h>
 #include <portable/macros.h>
+#include <portable/stdbool.h>
 
-#include <sys/types.h>
+#ifdef HAVE_KRB5_KADM5_HOOK_PLUGIN
+# include <krb5/kadm5_hook_plugin.h>
+#else
+typedef struct kadm5_hook_modinfo_st kadm5_hook_modinfo;
+#endif
 
 /*
  * Local configuration information for the module.  This contains all the
  * parameters that are read from the krb5-sync sub-section of the appdefaults
- * section when the module is initialized.  This structure is passed as an
- * opaque pointer back to the caller, which is then expected to pass it in as
- * the first argument to the other calls.
+ * section when the module is initialized.
+ *
+ * MIT Kerberos uses this type as an abstract data type for any data that a
+ * kadmin hook needs to carry.  Reuse it since then we get type checking for
+ * at least the MIT plugin.
  */
-struct plugin_config {
-    char *ad_keytab;
-    char *ad_principal;
-    char *ad_realm;
+struct kadm5_hook_modinfo_st {
     char *ad_admin_server;
-    char *ad_ldap_base;
     char *ad_base_instance;
     char *ad_instances;
+    char *ad_keytab;
+    char *ad_ldap_base;
+    char *ad_principal;
     bool ad_queue_only;
+    char *ad_realm;
     char *queue_dir;
 };
 
@@ -44,38 +51,38 @@ BEGIN_DECLS
 #pragma GCC visibility push(hidden)
 
 /* General public API. */
-krb5_error_code pwupdate_init(struct plugin_config **, krb5_context);
-void pwupdate_close(struct plugin_config *);
-krb5_error_code pwupdate_precommit_password(struct plugin_config *,
+krb5_error_code pwupdate_init(kadm5_hook_modinfo **, krb5_context);
+void pwupdate_close(kadm5_hook_modinfo *);
+krb5_error_code pwupdate_precommit_password(kadm5_hook_modinfo *,
                                             krb5_context, krb5_principal,
                                             const char *password,
                                             int pwlen);
-krb5_error_code pwupdate_postcommit_password(struct plugin_config *,
+krb5_error_code pwupdate_postcommit_password(kadm5_hook_modinfo *,
                                              krb5_context, krb5_principal,
                                              const char *password,
                                              int pwlen);
-krb5_error_code pwupdate_postcommit_status(struct plugin_config *,
+krb5_error_code pwupdate_postcommit_status(kadm5_hook_modinfo *,
                                            krb5_context, krb5_principal,
                                            int enabled);
 
 /* Password changing. */
-krb5_error_code pwupdate_ad_change(struct plugin_config *, krb5_context,
+krb5_error_code pwupdate_ad_change(kadm5_hook_modinfo *, krb5_context,
                                    krb5_principal, const char *password,
                                    int pwlen);
 
 /* Account status update. */
-krb5_error_code pwupdate_ad_status(struct plugin_config *, krb5_context,
+krb5_error_code pwupdate_ad_status(kadm5_hook_modinfo *, krb5_context,
                                    krb5_principal, int enabled);
 
 /* Instance lookups. */
-int pwupdate_instance_exists(struct plugin_config *, krb5_context,
+int pwupdate_instance_exists(kadm5_hook_modinfo *, krb5_context,
                              krb5_principal, const char *instance);
 
 /* Queuing. */
-int pwupdate_queue_conflict(struct plugin_config *, krb5_context,
+int pwupdate_queue_conflict(kadm5_hook_modinfo *, krb5_context,
                             krb5_principal, const char *domain,
                             const char *operation);
-krb5_error_code pwupdate_queue_write(struct plugin_config *, krb5_context,
+krb5_error_code pwupdate_queue_write(kadm5_hook_modinfo *, krb5_context,
                                      krb5_principal, const char *domain,
                                      const char *operation,
                                      const char *password);

diff --git a/plugin/mit.c b/plugin/mit.c
index 4cae5a7c8fa708cc70cc6825f610ba6183c17cd2..7618b207a0971eb98cda454a6c05a2ca163f1333 100644 (file)
--- a/plugin/mit.c
+++ b/plugin/mit.c
@@ -49,7 +49,7 @@ krb5_error_code kadm5_hook_krb5_sync_initvt(krb5_context, int, int,
 static kadm5_ret_t
 init(krb5_context ctx, kadm5_hook_modinfo **data)
 {
-    return pwupdate_init((struct plugin_config **) data, ctx);
+    return pwupdate_init(data, ctx);
 }
 
 
@@ -59,7 +59,7 @@ init(krb5_context ctx, kadm5_hook_modinfo **data)
 static void
 fini(krb5_context ctx UNUSED, kadm5_hook_modinfo *data)
 {
-    pwupdate_close((struct plugin_config *) data);
+    pwupdate_close(data);
 }
 
 
@@ -86,11 +86,10 @@ chpass(krb5_context ctx, kadm5_hook_modinfo *data, int stage,
     /* Dispatch to the appropriate function. */
     length = strlen(password);
     if (stage == KADM5_HOOK_STAGE_PRECOMMIT)
-        code = pwupdate_precommit_password((struct plugin_config *) data,
-                                           ctx, princ, password, length);
+        code = pwupdate_precommit_password(data, ctx, princ, password, length);
     else if (stage == KADM5_HOOK_STAGE_POSTCOMMIT)
-        code = pwupdate_postcommit_password((struct plugin_config *) data,
-                                            ctx, princ, password, length);
+        code = pwupdate_postcommit_password(data, ctx, princ, password,
+                                            length);
     return code;
 }
 
@@ -126,8 +125,8 @@ modify(krb5_context ctx, kadm5_hook_modinfo *data, int stage,
 
     if (mask & KADM5_ATTRIBUTES && stage == KADM5_HOOK_STAGE_POSTCOMMIT) {
         enabled = !(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX);
-        return pwupdate_postcommit_status((struct plugin_config *) data,
-                                          ctx, entry->principal, enabled);
+        return pwupdate_postcommit_status(data, ctx, entry->principal,
+                                          enabled);
     }
     return 0;
 }

diff --git a/plugin/queue.c b/plugin/queue.c
index 50d9661484a9208d52797a539b54805a92c98ea2..a3304555c875c83f7e7e3a29a99a99a263eb286c 100644 (file)
--- a/plugin/queue.c
+++ b/plugin/queue.c
@@ -54,7 +54,7 @@
  * script.  Perl makes it very annoying to use fcntl locking on Linux.
  */
 static int
-lock_queue(struct plugin_config *config)
+lock_queue(kadm5_hook_modinfo *config)
 {
     char *lockpath = NULL;
     int fd = -1;
@@ -160,7 +160,7 @@ queue_timestamp(void)
  * On failure, return -1 (still true but distinguished).
  */
 int
-pwupdate_queue_conflict(struct plugin_config *config, krb5_context ctx,
+pwupdate_queue_conflict(kadm5_hook_modinfo *config, krb5_context ctx,
                         krb5_principal principal, const char *domain,
                         const char *operation)
 {
@@ -209,7 +209,7 @@ fail:
  * enable and disable).  Returns a Kerberos error code.
  */
 krb5_error_code
-pwupdate_queue_write(struct plugin_config *config, krb5_context ctx,
+pwupdate_queue_write(kadm5_hook_modinfo *config, krb5_context ctx,
                      krb5_principal principal, const char *domain,
                      const char *operation, const char *password)
 {

diff --git a/tests/plugin/heimdal-t.c b/tests/plugin/heimdal-t.c
index 33c4fa2b14ad058e8d789c748b695ad0fb9878c2..58010217af558654478d28b8cd965fdf2773cf20 100644 (file)
--- a/tests/plugin/heimdal-t.c
+++ b/tests/plugin/heimdal-t.c
@@ -59,7 +59,7 @@ main(void)
     krb5_context ctx;
     krb5_principal princ;
     void *handle = NULL;
-    void *data = NULL;
+    void *config = NULL;
     struct kadm5_hook *hook = NULL;
     kadm5_principal_ent_rec entity;
     const char *message;
@@ -120,9 +120,9 @@ main(void)
     if (hook == NULL)
         ok_block(8, false, "No symbol in plugin");
     else {
-        is_int(0, hook->init(ctx, &data), "init");
-        ok(data != NULL, "...and data is not NULL");
-        code = hook->chpass(ctx, data, KADM5_HOOK_STAGE_PRECOMMIT, princ,
+        is_int(0, hook->init(ctx, &config), "init");
+        ok(config != NULL, "...and config is not NULL");
+        code = hook->chpass(ctx, config, KADM5_HOOK_STAGE_PRECOMMIT, princ,
                             "test");
         is_int(ENOENT, code, "chpass");
         message = krb5_get_error_message(ctx, code);
@@ -132,7 +132,7 @@ main(void)
         krb5_free_error_message(ctx, message);
 
         /* Test chpass with a NULL password. */
-        code = hook->chpass(ctx, data, KADM5_HOOK_STAGE_PRECOMMIT, princ,
+        code = hook->chpass(ctx, config, KADM5_HOOK_STAGE_PRECOMMIT, princ,
                             NULL);
         is_int(0, code, "chpass with NULL password");
 
@@ -143,7 +143,7 @@ main(void)
         memset(&entity, 0, sizeof(entity));
         entity.principal = princ;
         entity.attributes = KRB5_KDB_DISALLOW_ALL_TIX;
-        code = hook->create(ctx, data, KADM5_HOOK_STAGE_PRECOMMIT, &entity,
+        code = hook->create(ctx, config, KADM5_HOOK_STAGE_PRECOMMIT, &entity,
                             0, "test");
         is_int(ENOENT, code, "create");
         message = krb5_get_error_message(ctx, code);
@@ -151,7 +151,7 @@ main(void)
                        strlen("cannot lock queue")),
                0, "...with correct error message");
         krb5_free_error_message(ctx, message);
-        code = hook->modify(ctx, data, KADM5_HOOK_STAGE_POSTCOMMIT, &entity,
+        code = hook->modify(ctx, config, KADM5_HOOK_STAGE_POSTCOMMIT, &entity,
                             KADM5_ATTRIBUTES);
         is_int(ENOENT, code, "modify");
         message = krb5_get_error_message(ctx, code);
@@ -161,12 +161,12 @@ main(void)
         krb5_free_error_message(ctx, message);
 
         /* Test create with a NULL password. */
-        code = hook->create(ctx, data, KADM5_HOOK_STAGE_PRECOMMIT, &entity,
+        code = hook->create(ctx, config, KADM5_HOOK_STAGE_PRECOMMIT, &entity,
                             0, NULL);
         is_int(0, code, "create with NULL password");
 
         /* Close down the module. */
-        hook->fini(ctx, data);
+        hook->fini(ctx, config);
     }
 
     /* Clean up. */

diff --git a/tests/plugin/queue-only-t.c b/tests/plugin/queue-only-t.c
index 89c3e314da665d4db699596c905b2e12a8b8b1b8..7c81ca52f16445c96e1ecaf9cf11ce12e06a9fde 100644 (file)
--- a/tests/plugin/queue-only-t.c
+++ b/tests/plugin/queue-only-t.c
@@ -32,7 +32,7 @@ main(void)
     krb5_context ctx;
     krb5_principal princ;
     krb5_error_code code;
-    struct plugin_config *config;
+    kadm5_hook_modinfo *config;
     char buffer[BUFSIZ];
     time_t now, try;
     struct tm *date;

diff --git a/tests/plugin/queuing-t.c b/tests/plugin/queuing-t.c
index e3ace201ad903f638a78dd05b764d912d25bba6d..ab02271378bb2329d1e859c19d6327b9cb193c34 100644 (file)
--- a/tests/plugin/queuing-t.c
+++ b/tests/plugin/queuing-t.c
@@ -35,7 +35,7 @@ main(void)
     krb5_context ctx;
     krb5_principal princ;
     krb5_error_code code;
-    struct plugin_config *data;
+    kadm5_hook_modinfo *data;
     int fd;
     char buffer[BUFSIZ];
     time_t now, try;

diff --git a/tools/krb5-sync.c b/tools/krb5-sync.c
index d127fd2c4b41e0f17450d47bbc8806a98fb59caf..e504c08148ea8b2de61f2ef3d6321f16a40e8c23 100644 (file)
--- a/tools/krb5-sync.c
+++ b/tools/krb5-sync.c
@@ -33,12 +33,12 @@
  * successful, and exit with an error message if we weren't.
  */
 static void
-ad_password(struct plugin_config *data, krb5_context ctx,
+ad_password(kadm5_hook_modinfo *config, krb5_context ctx,
             krb5_principal principal, char *password, const char *user)
 {
     krb5_error_code code;
 
-    code = pwupdate_ad_change(data, ctx, principal, password,
+    code = pwupdate_ad_change(config, ctx, principal, password,
                               strlen(password));
     if (code != 0)
         die_krb5(ctx, code, "AD password change for %s failed", user);
@@ -51,12 +51,12 @@ ad_password(struct plugin_config *data, krb5_context ctx,
  * we were successful, and exit with an error message if we weren't.
  */
 static void
-ad_status(struct plugin_config *data, krb5_context ctx,
+ad_status(kadm5_hook_modinfo *config, krb5_context ctx,
           krb5_principal principal, bool enable, const char *user)
 {
     krb5_error_code code;
 
-    code = pwupdate_ad_status(data, ctx, principal, enable);
+    code = pwupdate_ad_status(config, ctx, principal, enable);
     if (code != 0)
         die_krb5(ctx, code, "AD status change for %s failed", user);
     notice("AD status change for %s succeeded", user);
@@ -92,7 +92,7 @@ read_line(FILE *file, const char *filename, char *buffer, size_t bufsiz)
  * supported for AFS.
  */
 static void
-process_queue_file(struct plugin_config *data, krb5_context ctx,
+process_queue_file(kadm5_hook_modinfo *config, krb5_context ctx,
                    const char *filename)
 {
     FILE *queue;
@@ -137,9 +137,9 @@ process_queue_file(struct plugin_config *data, krb5_context ctx,
     if (password) {
         read_line(queue, filename, buffer, sizeof(buffer));
         if (ad)
-            ad_password(data, ctx, principal, buffer, user);
+            ad_password(config, ctx, principal, buffer, user);
     } else if (enable || disable) {
-        ad_status(data, ctx, principal, enable, user);
+        ad_status(config, ctx, principal, enable, user);
     }
 
     /* If we got here, we were successful.  Close the file and delete it. */
@@ -159,7 +159,7 @@ main(int argc, char *argv[])
     char *password = NULL;
     char *filename = NULL;
     char *user;
-    struct plugin_config *config;
+    kadm5_hook_modinfo *config;
     krb5_context ctx;
     krb5_error_code code;
     krb5_principal principal;