diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2012-07-24 17:49:05 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2012-10-17 15:26:10 -0400 |
| commit | 5349a2b129cd569d903fe698d2857881d3c05a43 (patch) | |
| tree | 2ffef20811920bd33aacfc137da56723b340c9c0 /src/plugins/preauth/pkinit/pkinit_crypto.h | |
| parent | f6a42c26d14ca71eb942e2eca5e1c7b50715e250 (diff) | |
| download | krb5-5349a2b129cd569d903fe698d2857881d3c05a43.tar.gz krb5-5349a2b129cd569d903fe698d2857881d3c05a43.tar.xz krb5-5349a2b129cd569d903fe698d2857881d3c05a43.zip | |
Use config storage for client identity selection
* Keep track of the names of client identities when we load them.
* Store the client identity we just used when we create or retry a
client request.
* If we read a client identity from the configuration, treat it like the
KDC does: pick the "this is it, there is no other" logic branch.
Diffstat (limited to 'src/plugins/preauth/pkinit/pkinit_crypto.h')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h index a3cecc4847..8b4b62b6d0 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto.h +++ b/src/plugins/preauth/pkinit/pkinit_crypto.h @@ -231,6 +231,16 @@ krb5_error_code cms_envelopeddata_verify receives length of signed_data */ /* + * This function retrieves the signer's identity, in a form that could + * be passed back in to a future invocation of this module as a candidate + * client identity location. + */ +krb5_error_code crypto_retrieve_signer_identity + (krb5_context context, /* IN */ + pkinit_identity_crypto_context id_cryptoctx, /* IN */ + const char **identity); /* OUT */ + +/* * this function returns SAN information found in the * received certificate. at least one of pkinit_sans, * upn_sans, or kdc_hostnames must be non-NULL. |