Add "pa_config_data" configuration to ccaches

* Read a "pa_config_data" item from an in_ccache, if provided, and add a callback which client preauth plugins can use to retrieve a string value from it that's keyed by a string. * Add a callback which client preauth plugins can use to provide string key/value pairs to be stored in the ccache. * Moves the definition of (struct krb5_clpreauth_rock_st) from k5-int.h to init_creds_ctx.h to try to reduce the number of files that will need to include k5-json.h to understand k5_json_value.
author: Nalin Dahyabhai <nalin@dahyabhai.net> 2012-09-17 18:16:51 -0400
committer: Greg Hudson <ghudson@mit.edu> 2012-10-17 15:24:52 -0400
commit: f6a42c26d14ca71eb942e2eca5e1c7b50715e250 (patch)
tree: 358fa77013513396bdd5f25d70b5408ac6acf1f7 /src/include
parent: 9364a03d0d099040552cb52590a67d3f455d3f25 (diff)
download: krb5-f6a42c26d14ca71eb942e2eca5e1c7b50715e250.tar.gz
krb5-f6a42c26d14ca71eb942e2eca5e1c7b50715e250.tar.xz
krb5-f6a42c26d14ca71eb942e2eca5e1c7b50715e250.zip
2 files changed, 17 insertions, 47 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 08e8dcd5ad..75e6783113 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -283,6 +283,7 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_PROXY_IMPERSONATOR          "proxy_impersonator"
 #define KRB5_CONF_REFRESH_TIME                "refresh_time"
 #define KRB5_CONF_PA_TYPE                     "pa_type"
+#define KRB5_CONF_PA_CONFIG_DATA              "pa_config_data"
 
 /* Error codes used in KRB_ERROR protocol messages.
    Return values of library routines are based on a different error table
@@ -806,53 +807,6 @@ typedef krb5_error_code
                            krb5_keyblock *as_key, void *gak_data,
                            k5_response_items *ritems);
 
-#define CLIENT_ROCK_MAGIC 0x4352434b
-/*
- * This structure is passed into the clpreauth methods and passed back to
- * clpreauth callbacks so that they can locate the requested information.  It
- * is opaque to the plugin code and can be expanded in the future as new types
- * of requests are defined which may require other things to be passed through.
- * All pointer fields are aliases and should not be freed.
- */
-struct krb5int_fast_request_state;
-struct krb5_clpreauth_rock_st {
-    krb5_magic magic;
-    krb5_enctype *etype;
-    struct krb5int_fast_request_state *fast_state;
-
-    /*
-     * These fields allow gak_fct to be called via the rock.  The
-     * gak_fct and gak_data fields have an extra level of indirection
-     * since they can change in the init_creds context.
-     */
-    krb5_keyblock *as_key;
-    krb5_gic_get_as_key_fct *gak_fct;
-    void **gak_data;
-    krb5_boolean *default_salt;
-    krb5_data *salt;
-    krb5_data *s2kparams;
-    krb5_principal client;
-    krb5_prompter_fct prompter;
-    void *prompter_data;
-
-    /* Discovered offset of server time during preauth */
-    krb5_timestamp pa_offset;
-    krb5_int32 pa_offset_usec;
-    enum { NO_OFFSET = 0, UNAUTH_OFFSET, AUTH_OFFSET } pa_offset_state;
-    struct krb5_responder_context_st rctx;
-
-    /*
-     * Configuration information read from an in_ccache, actually stored in the
-     * containing context structure, but needed by callbacks which currently
-     * only get a pointer to the rock
-     */
-
-    /* The allowed preauth type (number) that we might use, equal to
-     * KRB5_PADATA_NONE if none was set. */
-    krb5_preauthtype *allowed_preauth_type;
-    krb5_preauthtype *selected_preauth_type;
-};
-
 typedef struct _krb5_pa_enc_ts {
     krb5_timestamp      patimestamp;
     krb5_int32          pausec;
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h
index 2ae077c941..f2fca372a2 100644
--- a/src/include/krb5/preauth_plugin.h
+++ b/src/include/krb5/preauth_plugin.h
@@ -209,6 +209,22 @@ typedef struct krb5_clpreauth_callbacks_st {
     /* Indicate interest in the AS key through the responder interface. */
     void (*need_as_key)(krb5_context context, krb5_clpreauth_rock rock);
 
+    /*
+     * Get a configuration/state item from an input ccache, which may allow it
+     * to retrace the steps it took last time.  The returned data string is an
+     * alias and should not be freed.
+     */
+    const char *(*get_cc_config)(krb5_context context,
+                                 krb5_clpreauth_rock rock, const char *key);
+
+    /*
+     * Set a configuration/state item which will be recorded to an output
+     * ccache, if the calling application supplied one.  Both key and data
+     * should be valid UTF-8 text.
+     */
+    krb5_error_code (*set_cc_config)(krb5_context context,
+                                     krb5_clpreauth_rock rock,
+                                     const char *key, const char *data);
     /* End of version 2 clpreauth callbacks (added in 1.11). */
 } *krb5_clpreauth_callbacks;
author	Nalin Dahyabhai <nalin@dahyabhai.net>	2012-09-17 18:16:51 -0400
committer	Greg Hudson <ghudson@mit.edu>	2012-10-17 15:24:52 -0400
commit	f6a42c26d14ca71eb942e2eca5e1c7b50715e250 (patch)
tree	358fa77013513396bdd5f25d70b5408ac6acf1f7 /src/include
parent	9364a03d0d099040552cb52590a67d3f455d3f25 (diff)
download	krb5-f6a42c26d14ca71eb942e2eca5e1c7b50715e250.tar.gz krb5-f6a42c26d14ca71eb942e2eca5e1c7b50715e250.tar.xz krb5-f6a42c26d14ca71eb942e2eca5e1c7b50715e250.zip