diff options
| author | Tom Yu <tlyu@mit.edu> | 2007-01-30 21:38:47 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2007-01-30 21:38:47 +0000 |
| commit | 1f857634ae3b549e8c328727adbdaa9e9f403d4f (patch) | |
| tree | b844c1d94274f80180c4c439d1a2bdf75115be08 /src/include/krb5/preauth_plugin.h | |
| parent | ebcf51877b1a69217830ebfe4047bc8a27fe4436 (diff) | |
| download | krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.tar.gz krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.tar.xz krb5-1f857634ae3b549e8c328727adbdaa9e9f403d4f.zip | |
get_init_creds_opt extensibility
r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500
First cut at making the get_init_creds_opt structure extendable
and adding library functions to set options for preauthentication
plugins.
This does *not* include a compatibility function to work like
Heimdal's krb5_get_init_creds_opt_set_pkinit() function.
Hopefully, the test code that doesn't belong in kinit.c is
obvious.
r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500
Remove extra "user_id" parameter.
Add function which duplicates the Heimdal interface (if we can agree on
what the matching attribute names should be).
r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500
Update to use the simplified interface for krb5_get_init_creds_opt_set_pa()
Add code in kinit to process "-X" options as preauth options and pass
them along.
r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500
Move prototypes for get_init_creds_opt_get_pa() and
krb5_get_init_creds_opt_free_pa() into the
preauth_plugin.h header rather than krb5.hin.
ticket: new
status: open
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19127 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/krb5/preauth_plugin.h')
| -rw-r--r-- | src/include/krb5/preauth_plugin.h | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index f8a9db1a17..7243a00b17 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -158,6 +158,17 @@ typedef krb5_error_code void *gak_data); /* + * Client function which receives krb5_get_init_creds_opt information. + * The attr and value information supplied should be copied locally by + * the module if it wishes to reference it after returning from this call. + */ +typedef krb5_error_code +(*supply_gic_opts_proc)(krb5_context context, + void *plugin_context, + krb5_get_init_creds_opt *opt, + const char *attr, + const char *value); +/* * The function table / structure which a preauth client module must export as * "preauthentication_client_0". If the interfaces work correctly, future * versions of the table will add either more callbacks or more arguments to @@ -207,6 +218,7 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_error_code (*process)(krb5_context context, void *plugin_context, void *request_context, + krb5_get_init_creds_opt *opt, preauth_get_client_data_proc get_data_proc, struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, @@ -227,8 +239,9 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_error_code (*tryagain)(krb5_context context, void *plugin_context, void *request_context, + krb5_get_init_creds_opt *opt, preauth_get_client_data_proc get_data_proc, - struct _krb5_preauth_client_rock *rock, + struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, @@ -241,6 +254,12 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key, krb5_pa_data **out_pa_data); + /* + * Client function which receives krb5_get_init_creds_opt information. + * The attr and value information supplied should be copied locally by + * the module if it wishes to reference it after returning from this call. + */ + supply_gic_opts_proc gic_opts; } krb5plugin_preauth_client_ftable_v0; /* @@ -323,4 +342,31 @@ typedef struct krb5plugin_preauth_server_ftable_v0 { void *pa_module_context, void **request_pa_context); } krb5plugin_preauth_server_ftable_v0; + + +/* + * This function allows a preauth plugin to obtain preauth + * options. The preauth_data returned from this function + * should be freed by calling krb5_get_init_creds_opt_free_pa(). + * + * The 'opt' pointer supplied to this function must have been + * obtained using krb5_get_init_creds_opt_alloc() + */ +krb5_error_code KRB5_CALLCONV +krb5_get_init_creds_opt_get_pa + (krb5_context context, + krb5_get_init_creds_opt *opt, + int *num_preauth_data, + krb5_gic_opt_pa_data **preauth_data); + +/* + * This function frees the preauth_data that was returned by + * krb5_get_init_creds_opt_get_pa(). + */ +void KRB5_CALLCONV +krb5_get_init_creds_opt_free_pa + (krb5_context context, + int num_preauth_data, + krb5_gic_opt_pa_data *preauth_data); + #endif /* KRB5_PREAUTH_PLUGIN_H_INCLUDED */ |