Add an input ccache get_init_creds option

Add a krb5_get_init_creds_opt_set_in_ccache() function.  An input
ccache may hold configuration data which the client libraries can
use to influence their decisions.

ticket: 7413 (new)

2 files changed, 20 insertions, 0 deletions

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 57a6277a8..169d6d395 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1029,6 +1029,7 @@ typedef struct _krb5_gic_opt_private {
     int num_preauth_data;
     krb5_gic_opt_pa_data *preauth_data;
     char * fast_ccache_name;
+    krb5_ccache in_ccache;
     krb5_ccache out_ccache;
     krb5_flags fast_flags;
     krb5_expire_callback_func expire_cb;
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 3deb7a780..e515e8a01 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -6820,6 +6820,25 @@ krb5_get_init_creds_opt_set_fast_ccache(krb5_context context,
                                         krb5_ccache ccache);
 
 /**
+ * Set an input credential cache in initial credential options.
+ *
+ * @param [in] context          Library context
+ * @param [in] opt              Options
+ * @param [in] ccache           Credential cache handle
+ *
+ * If an input credential cache is set, then the krb5_get_init_creds family of
+ * APIs will read settings from it.  Setting an input ccache is desirable when
+ * the application wishes to perform authentication in the same way (using the
+ * same preauthentication mechanisms, and making the same non-security-
+ * sensitive choices) as the previous authentication attempt, which stored
+ * information in the passed-in ccache.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_in_ccache(krb5_context context,
+                                      krb5_get_init_creds_opt *opt,
+                                      krb5_ccache ccache);
+
+/**
  * Set an output credential cache in initial credential options.
  *
  * @param [in] context          Library context