kdc: add audit plugin API to windc API

Allow the windc plugin to also implement an audit callback. As part of this
change, both the HDB and windc audit function signatures are changed to return
void.

kdc/kerberos5.c

@@ -2738,7 +2738,7 @@ _kdc_as_rep(astgs_request_t r)
 
 out:
     r->ret = ret;
-    _kdc_hdb_audit(r);
+    _kdc_audit_request(r);
 
     /*
      * In case of a non proxy error, build an error message.

kdc/krb5tgs.c

@@ -2578,7 +2578,7 @@ _kdc_tgs_rep(astgs_request_t r)
 
 out:
     r->ret = ret;
-    _kdc_hdb_audit(r);
+    _kdc_audit_request(r);
 
     if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){
 	METHOD_DATA error_method = { 0, NULL };

kdc/misc.c

@@ -343,18 +343,20 @@ _kdc_include_pac_p(astgs_request_t r)
 }
 
 /*
- * Notify the HDB backend of the audited event.
+ * Notify the HDB backend and windc plugin of the audited event.
  */
 
 krb5_error_code
-_kdc_hdb_audit(astgs_request_t r)
+_kdc_audit_request(astgs_request_t r)
 {
+    krb5_error_code ret;
     struct HDB *hdb;
 
-    hdb = r->clientdb ? r->clientdb : r->config->db[0];
+    ret = _kdc_windc_audit(r);
+    if (ret == 0 &&
+	(hdb = r->clientdb ? r->clientdb : r->config->db[0]) &&
+	hdb->hdb_audit)
+	ret = hdb->hdb_audit(r->context, hdb, r->client, (hdb_request_t)r);
 
-    if (hdb && hdb->hdb_audit)
-	return hdb->hdb_audit(r->context, hdb, r->client, (hdb_request_t)r);
-
-    return 0;
+    return ret;
 }

kdc/windc.c

@@ -210,30 +210,6 @@ _kdc_check_access(astgs_request_t r)
     return ret;
 }
 
-static krb5_error_code KRB5_LIB_CALL
-finalize(krb5_context context, const void *plug, void *plugctx, void *userctx)
-{
-    krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug;
-
-    if (ft->finalize_reply == NULL)
-	return KRB5_PLUGIN_NO_HANDLE;
-    return ft->finalize_reply((void *)plug, userctx);
-}
-
-krb5_error_code
-_kdc_finalize_reply(astgs_request_t r)
-{
-    krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
-
-    if (have_plugin)
-        ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, 0, r, finalize);
-
-    if (ret == KRB5_PLUGIN_NO_HANDLE)
-        ret = 0;
-
-    return ret;
-}
-
 static krb5_error_code KRB5_LIB_CALL
 referral_policy(krb5_context context, const void *plug, void *plugctx, void *userctx)
 {
@@ -255,6 +231,54 @@ _kdc_referral_policy(astgs_request_t r)
     return ret;
 }
 
+static krb5_error_code KRB5_LIB_CALL
+finalize_reply(krb5_context context, const void *plug, void *plugctx, void *userctx)
+{
+    krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug;
+
+    if (ft->finalize_reply == NULL)
+	return KRB5_PLUGIN_NO_HANDLE;
+    return ft->finalize_reply((void *)plug, userctx);
+}
+
+krb5_error_code
+_kdc_finalize_reply(astgs_request_t r)
+{
+    krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
+
+    if (have_plugin)
+        ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, 0, r, finalize_reply);
+
+    if (ret == KRB5_PLUGIN_NO_HANDLE)
+        ret = 0;
+
+    return ret;
+}
+
+static krb5_error_code KRB5_LIB_CALL
+audit(krb5_context context, const void *plug, void *plugctx, void *userctx)
+{
+    krb5plugin_windc_ftable *ft = (krb5plugin_windc_ftable *)plug;
+
+    if (ft->audit == NULL)
+	return KRB5_PLUGIN_NO_HANDLE;
+    return ft->audit((void *)plug, userctx);
+}
+
+krb5_error_code
+_kdc_windc_audit(astgs_request_t r)
+{
+    krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
+
+    if (have_plugin)
+        ret = _krb5_plugin_run_f(r->context, &windc_plugin_data, 0, r, audit);
+
+    if (ret == KRB5_PLUGIN_NO_HANDLE)
+        ret = 0;
+
+    return ret;
+}
+
 uintptr_t KRB5_CALLCONV
 kdc_get_instance(const char *libname)
 {

kdc/windc_plugin.h

@@ -77,13 +77,6 @@ typedef krb5_error_code
 typedef krb5_error_code
 (KRB5_CALLCONV *krb5plugin_windc_client_access)(void *, astgs_request_t);
 
-/*
- * Update the AS or TGS reply immediately prior to encoding.
- */
-
-typedef krb5_error_code
-(KRB5_CALLCONV *krb5plugin_windc_finalize_reply)(void *, astgs_request_t r);
-
 /*
  * A referral policy plugin can either rewrite the server principal
  * by resetting priv->server_princ, or it can disable referral
@@ -98,6 +91,24 @@ typedef krb5_error_code
 typedef krb5_error_code
 (KRB5_CALLCONV *krb5plugin_windc_referral_policy)(void *, astgs_request_t r);
 
+/*
+ * Update the AS or TGS reply immediately prior to encoding.
+ */
+
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5plugin_windc_finalize_reply)(void *, astgs_request_t r);
+
+/*
+ * Audit an AS or TGS request. This function is called after encoding the
+ * reply (on success), or before encoding the error message. If a HDB audit
+ * function is also present, it is called after this one.
+ *
+ * The request should not be modified by the plugin.
+ */
+
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5plugin_windc_audit)(void *, astgs_request_t r);
+
 #define KRB5_WINDC_PLUGIN_MINOR			8
 #define KRB5_WINDC_PLUGING_MINOR KRB5_WINDC_PLUGIN_MINOR
 
@@ -110,6 +121,7 @@ typedef struct krb5plugin_windc_ftable {
     krb5plugin_windc_client_access	client_access;
     krb5plugin_windc_referral_policy	referral_policy;
     krb5plugin_windc_finalize_reply	finalize_reply;
+    krb5plugin_windc_audit		audit;
 } krb5plugin_windc_ftable;
 
 #endif /* HEIMDAL_KDC_WINDC_PLUGIN_H */

tests/plugin/windc.c

@@ -116,6 +116,13 @@ finalize_reply(void *ctx, astgs_request_t r)
     return 0;
 }
 
+static krb5_error_code KRB5_CALLCONV
+audit(void *ctx, astgs_request_t r)
+{
+    logit("audit", r);
+    return 0;
+}
+
 static krb5plugin_windc_ftable windc = {
     KRB5_WINDC_PLUGING_MINOR,
     windc_init,
@@ -124,7 +131,8 @@ static krb5plugin_windc_ftable windc = {
     pac_verify,
     client_access,
     NULL, /* referral_policy */
-    finalize_reply
+    finalize_reply,
+    audit
 };
 
 static const krb5plugin_windc_ftable *const windc_plugins[] = {