diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2012-07-23 18:18:58 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-10-16 19:22:37 -0400 |
commit | 4e89b0b186ec90a6a06dd761d61ab45d82db599a (patch) | |
tree | ca59cffc6c705d7687753ea6e29416c011475dc3 /src/include | |
parent | ebb41dbb797d7a922aaca9b3c09a3e05c45b5a72 (diff) | |
download | krb5-4e89b0b186ec90a6a06dd761d61ab45d82db599a.tar.gz krb5-4e89b0b186ec90a6a06dd761d61ab45d82db599a.tar.xz krb5-4e89b0b186ec90a6a06dd761d61ab45d82db599a.zip |
Add "pa_type" configuration to ccaches
* When producing preauth data, keep track of the type of padata in the
KDC's list of acceptable types which prompted the module to produce
padata.
* After obtaining credentials, store that value as a "pa_type"
configuration item in the out_ccache.
* Read that allowed preauth type from an in_ccache, if possible.
* If we have an allowed preauth type, only call "real" modules that
handle that value when filling in responder items and producing a
client request.
ticket: 7414 (new)
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/k5-int.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 169d6d3958..d5299c597e 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -282,6 +282,7 @@ typedef INT64_TYPE krb5_int64; #define KRB5_CONF_FAST_AVAIL "fast_avail" #define KRB5_CONF_PROXY_IMPERSONATOR "proxy_impersonator" #define KRB5_CONF_REFRESH_TIME "refresh_time" +#define KRB5_CONF_PA_TYPE "pa_type" /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table @@ -839,6 +840,17 @@ struct krb5_clpreauth_rock_st { krb5_int32 pa_offset_usec; enum { NO_OFFSET = 0, UNAUTH_OFFSET, AUTH_OFFSET } pa_offset_state; struct krb5_responder_context_st rctx; + + /* + * Configuration information read from an in_ccache, actually stored in the + * containing context structure, but needed by callbacks which currently + * only get a pointer to the rock + */ + + /* The allowed preauth type (number) that we might use, equal to + * KRB5_PADATA_NONE if none was set. */ + krb5_preauthtype *allowed_preauth_type; + krb5_preauthtype *selected_preauth_type; }; typedef struct _krb5_pa_enc_ts { |