diff options
author | Greg Hudson <ghudson@mit.edu> | 2011-10-15 15:06:37 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2011-10-15 15:06:37 +0000 |
commit | 1b885bfc9a05e3e030a0f49c16493f114bb661a1 (patch) | |
tree | 7c87da42594b6ae106ab8694032138ecbf674b27 /src/include/krb5/preauth_plugin.h | |
parent | 5f8d6146a69b3afe6bf8a83d40e811c8a6d8f96b (diff) | |
download | krb5-1b885bfc9a05e3e030a0f49c16493f114bb661a1.tar.gz krb5-1b885bfc9a05e3e030a0f49c16493f114bb661a1.tar.xz krb5-1b885bfc9a05e3e030a0f49c16493f114bb661a1.zip |
Make kdcpreauth edata method respond via callback
From npmccallum@redhat.com with changes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25348 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/include/krb5/preauth_plugin.h')
-rw-r--r-- | src/include/krb5/preauth_plugin.h | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index e618edd97..7d5dc99b1 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -418,21 +418,31 @@ typedef int (*krb5_kdcpreauth_flags_fn)(krb5_context context, krb5_preauthtype pa_type); /* - * Optional: fill in pa_out->length and pa_out->contents with data to send to - * the client as part of the "you need to use preauthentication" error. If - * this function returns non-zero, the padata type will not be included in the - * list; if this function is not provided or returns zero without changing - * pa_out, the padata type will be included in the list with an empty value. - * This function not allowed to create a context because we have no guarantee - * that the client will ever call again (or that it will hit this server if it - * does), in which case a context might otherwise hang around forever. + * Responder for krb5_kdcpreauth_edata_fn. If invoked with a non-zero code, pa + * will be ignored and the padata type will not be included in the hint list. + * If invoked with a zero code and a null pa value, the padata type will be + * included in the list with an empty value. If invoked with a zero code and a + * non-null pa value, pa will be included in the hint list and will later be + * freed by the KDC. */ -typedef krb5_error_code +typedef void +(*krb5_kdcpreauth_edata_respond_fn)(void *arg, krb5_error_code code, + krb5_pa_data *pa); + +/* + * Optional: provide pa_data to send to the client as part of the "you need to + * use preauthentication" error. This function is not allowed to create a + * modreq object because we have no guarantee that the client will ever make a + * follow-up request, or that it will hit this KDC if it does. + */ +typedef void (*krb5_kdcpreauth_edata_fn)(krb5_context context, krb5_kdc_req *request, krb5_kdcpreauth_callbacks cb, krb5_kdcpreauth_rock rock, krb5_kdcpreauth_moddata moddata, - krb5_pa_data *pa_out); + krb5_preauthtype pa_type, + krb5_kdcpreauth_edata_respond_fn respond, + void *arg); /* * Responder for krb5_kdcpreauth_verify_fn. Invoke with the arg parameter |