diff options
author | Nathaniel McCallum <npmccallum@redhat.com> | 2012-09-10 17:38:23 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-09-11 01:05:07 -0400 |
commit | 43f507711689a71d3aaec8696721b8c981f8428e (patch) | |
tree | bf12cf79cd74c0e4459947e3d1ea334aca61b479 /src/lib/krb5/krb/int-proto.h | |
parent | 1d4cf92a9de119e634b068820e48ee509cb1f71f (diff) | |
download | krb5-43f507711689a71d3aaec8696721b8c981f8428e.tar.gz krb5-43f507711689a71d3aaec8696721b8c981f8428e.tar.xz krb5-43f507711689a71d3aaec8696721b8c981f8428e.zip |
Add responder feature for initial cred exchanges
Add new APIs:
* krb5_get_init_creds_opt_set_responder
* krb5_responder_get_challenge
* krb5_responder_list_questions
* krb5_responder_set_answer
If a caller sets a responder, it will be invoked after preauth modules
have had a chance to review their incoming padata but before they produce
outgoing padata. The responder will be presented a set of questions with
optional challenges. The responder should then answer all questions it knows
how to handle. Both the answers and the challenges are printable UTF-8 and
may contain encoded, structured data specific to the question asked.
Add two new callbacks and one optional method to the clpreauth
interface. The new method (prep_questions) allows modules to ask questions
by setting them in the responder context using one of the new callbacks
(ask_responder_question). The other new callback (get_responder_answer) is
used by the process method to read the answers to the questions asked.
ticket: 7355 (new)
Diffstat (limited to 'src/lib/krb5/krb/int-proto.h')
-rw-r--r-- | src/lib/krb5/krb/int-proto.h | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h index f794f143e..6f3de8f34 100644 --- a/src/lib/krb5/krb/int-proto.h +++ b/src/lib/krb5/krb/int-proto.h @@ -203,4 +203,35 @@ krb5_error_code k5_init_creds_get(krb5_context context, krb5_init_creds_context ctx, int *use_master); +krb5_error_code +k5_response_items_new(k5_response_items **ri_out); + +void +k5_response_items_free(k5_response_items *ri); + +void +k5_response_items_reset(k5_response_items *ri); + +krb5_boolean +k5_response_items_empty(const k5_response_items *ri); + +const char * const * +k5_response_items_list_questions(const k5_response_items *ri); + +krb5_error_code +k5_response_items_ask_question(k5_response_items *ri, const char *question, + const char *challenge); + +const char * +k5_response_items_get_challenge(const k5_response_items *ri, + const char *question); + +krb5_error_code +k5_response_items_set_answer(k5_response_items *ri, const char *question, + const char *answer); + +const char * +k5_response_items_get_answer(const k5_response_items *ri, + const char *question); + #endif /* KRB5_INT_FUNC_PROTO__ */ |