diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-03-31 17:00:41 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-03-31 17:00:41 +0000 |
commit | d1384be39be11423bd05b88ec444733361fc1467 (patch) | |
tree | f577c2d27f9f96c1c3633c740bbf02b606534650 /src/include/krb5/preauth_plugin.h | |
parent | 22810910e3c834ee0bc66d0c96369c43e780a2bb (diff) | |
download | krb5-d1384be39be11423bd05b88ec444733361fc1467.tar.gz krb5-d1384be39be11423bd05b88ec444733361fc1467.tar.xz krb5-d1384be39be11423bd05b88ec444733361fc1467.zip |
Implement FAST from draft-ietf-krb-wg-preauth-framework
Merge fast branch at 22146 onto trunk
Implement the kerberos pre-authentication framework FAST feature per
Projects/FAST on the wiki.
ticket: 6436
Target_Version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22149 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/krb5/preauth_plugin.h')
-rw-r--r-- | src/include/krb5/preauth_plugin.h | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index 2429560762..e11913e3f0 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -123,11 +123,22 @@ typedef krb5_error_code * information to enable it to process a request. */ enum krb5plugin_preauth_client_request_type { - /* The returned krb5_data item holds the enctype used to encrypt the - * encrypted portion of the AS_REP packet. */ + /* The returned krb5_data item holds the enctype expected to be used to encrypt the + * encrypted portion of the AS_REP packet. When handling a + * PREAUTH_REQUIRED error, this typically comes from etype-info2. + * When handling an AS reply, it is initialized from the AS reply itself.*/ krb5plugin_preauth_client_get_etype = 1, /* Free the data returned from krb5plugin_preauth_client_req_get_etype */ - krb5plugin_preauth_client_free_etype = 2 + krb5plugin_preauth_client_free_etype = 2, + /* The returned krb5_data contains the FAST armor key in a + * krb5_keyblock. Returns success with a NULL data item in the + * krb5_data if the client library supports FAST but is not using it.*/ + krb5plugin_preauth_client_fast_armor = 3, + /* Frees return from KRB5PLUGIN_PREAUTH_CLIENT_FAST_ARMOR. It is + * acceptable to set data to NULL and free the keyblock using + * krb5_free_keyblock; in that case, this frees the krb5_data + * only.*/ +krb5plugin_preauth_client_free_fast_armor = 4, }; typedef krb5_error_code (*preauth_get_client_data_proc)(krb5_context, @@ -326,8 +337,16 @@ enum krb5plugin_preauth_entry_request_type { * implementation, there's a good chance that the result will not match * what the client sent, so don't go creating any fatal errors if it * doesn't match up. */ - krb5plugin_preauth_request_body = 4 -}; + krb5plugin_preauth_request_body = 4, + /* The returned krb5_data contains a krb5_keyblock with the FAST + armor key. The data member is NULL if this method is not part + of a FAST tunnel */ + krb5plugin_preauth_fast_armor = 5, + /* Frees a fast armor key; it is acceptable to set data to NULL + and free the keyblock using krb5_free_keyblock; in that case, + this function simply frees the data*/ + krb5plugin_preauth_free_fast_armor = 6, + }; typedef krb5_error_code (*preauth_get_entry_data_proc)(krb5_context, |