diff options
| author | Greg Hudson <ghudson@mit.edu> | 2009-11-14 04:46:30 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2009-11-14 04:46:30 +0000 |
| commit | 0524889196c42d81dcc4c74277522b46f987cabb (patch) | |
| tree | 9f906eb1a4a32346ae94837c4fe199410e2dd10f /src/include/k5-int.h | |
| parent | 26044e2a3c3104b9c3f32a6ae58145e7e6394672 (diff) | |
| download | krb5-0524889196c42d81dcc4c74277522b46f987cabb.tar.gz krb5-0524889196c42d81dcc4c74277522b46f987cabb.tar.xz krb5-0524889196c42d81dcc4c74277522b46f987cabb.zip | |
Constrained delegation without PAC support
Merge Luke's users/lhoward/s4u2proxy branch to trunk. Implements a
Heimdal-compatible mechanism for allowing constrained delegation
without back-end support for PACs. Back-end support exists in LDAP
only (via a new krbAllowedToDelegateTo attribute), not DB2.
ticket: 6580
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23160 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/k5-int.h')
| -rw-r--r-- | src/include/k5-int.h | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 6a85a398e..a9769234c 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1075,6 +1075,21 @@ typedef struct _krb5_ad_kdcissued { krb5_authdata **elements; } krb5_ad_kdcissued; +typedef struct _krb5_ad_signedpath_data { + krb5_principal client; + krb5_timestamp authtime; + krb5_principal *delegated; + krb5_pa_data **method_data; + krb5_authdata **authorization_data; +} krb5_ad_signedpath_data; + +typedef struct _krb5_ad_signedpath { + krb5_enctype enctype; + krb5_checksum checksum; + krb5_principal *delegated; + krb5_pa_data **method_data; +} krb5_ad_signedpath; + typedef krb5_error_code (*krb5_preauth_obtain_proc) (krb5_context, krb5_pa_data *, @@ -1386,6 +1401,8 @@ void KRB5_CALLCONV krb5_free_fast_response (krb5_context, krb5_fast_response *); void KRB5_CALLCONV krb5_free_ad_kdcissued (krb5_context, krb5_ad_kdcissued *); +void KRB5_CALLCONV krb5_free_ad_signedpath +(krb5_context, krb5_ad_signedpath *); /* #include "krb5/wordsize.h" -- comes in through base-defs.h. */ #include "com_err.h" @@ -1810,6 +1827,10 @@ krb5_error_code encode_krb5_fast_response krb5_error_code encode_krb5_ad_kdcissued (const krb5_ad_kdcissued *, krb5_data **); +krb5_error_code encode_krb5_ad_signedpath +(const krb5_ad_signedpath *, krb5_data **); +krb5_error_code encode_krb5_ad_signedpath_data +(const krb5_ad_signedpath_data *, krb5_data **); /************************************************************************* * End of prototypes for krb5_encode.c @@ -1989,6 +2010,9 @@ krb5_error_code decode_krb5_fast_response krb5_error_code decode_krb5_ad_kdcissued (const krb5_data *, krb5_ad_kdcissued **); +krb5_error_code decode_krb5_ad_signedpath +(const krb5_data *, krb5_ad_signedpath **); + struct _krb5_key_data; /* kdb.h */ struct ldap_seqof_key_data { @@ -3008,6 +3032,12 @@ krb5_get_credentials_for_proxy(krb5_context context, krb5_ticket *evidence_tkt, krb5_creds **out_creds); +krb5_error_code KRB5_CALLCONV +krb5int_get_authdata_containee_types(krb5_context context, + const krb5_authdata *container, + unsigned int *nad_types, + krb5_authdatatype **ad_types); + krb5_error_code krb5int_parse_enctype_list(krb5_context context, char *profstr, krb5_enctype *default_list, krb5_enctype **result); |