Add "pa_config_data" configuration to ccaches

* Read a "pa_config_data" item from an in_ccache, if provided, and add a
  callback which client preauth plugins can use to retrieve a string
  value from it that's keyed by a string.
* Add a callback which client preauth plugins can use to provide string
  key/value pairs to be stored in the ccache.
* Moves the definition of (struct krb5_clpreauth_rock_st) from k5-int.h
  to init_creds_ctx.h to try to reduce the number of files that will
  need to include k5-json.h to understand k5_json_value.

1 files changed, 16 insertions, 0 deletions

diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
index 2ae077c941..f2fca372a2 100644
--- a/src/include/krb5/preauth_plugin.h
+++ b/src/include/krb5/preauth_plugin.h
@@ -209,6 +209,22 @@ typedef struct krb5_clpreauth_callbacks_st {
     /* Indicate interest in the AS key through the responder interface. */
     void (*need_as_key)(krb5_context context, krb5_clpreauth_rock rock);
 
+    /*
+     * Get a configuration/state item from an input ccache, which may allow it
+     * to retrace the steps it took last time.  The returned data string is an
+     * alias and should not be freed.
+     */
+    const char *(*get_cc_config)(krb5_context context,
+                                 krb5_clpreauth_rock rock, const char *key);
+
+    /*
+     * Set a configuration/state item which will be recorded to an output
+     * ccache, if the calling application supplied one.  Both key and data
+     * should be valid UTF-8 text.
+     */
+    krb5_error_code (*set_cc_config)(krb5_context context,
+                                     krb5_clpreauth_rock rock,
+                                     const char *key, const char *data);
     /* End of version 2 clpreauth callbacks (added in 1.11). */
 } *krb5_clpreauth_callbacks;