diff options
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/k5-int.h | 21 | ||||
| -rw-r--r-- | src/include/krb5/preauth_plugin.h | 22 |
2 files changed, 41 insertions, 2 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 884bd23c8..13109e291 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -843,6 +843,17 @@ error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE) #include <krb5/preauth_plugin.h> +#define CLIENT_ROCK_MAGIC 0x4352434b +/* This structure is passed into the client preauth functions and passed + * back to the "get_data_proc" function so that it can locate the + * requested information. It is opaque to the plugin code and can be + * expanded in the future as new types of requests are defined which + * may require other things to be passed through. */ +typedef struct _krb5_preauth_client_rock { + krb5_magic magic; + krb5_kdc_rep *as_reply; +} krb5_preauth_client_rock; + /* This structure lets us keep track of all of the modules which are loaded, * turning the list of modules and their lists of implemented preauth types * into a single list which we can walk easily. */ @@ -867,6 +878,8 @@ typedef struct _krb5_preauth_context { krb5_error_code (*client_process)(krb5_context context, void *plugin_context, void *request_context, + preauth_get_client_data_proc get_data_proc, + krb5_preauth_client_rock *rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, @@ -882,6 +895,8 @@ typedef struct _krb5_preauth_context { krb5_error_code (*client_tryagain)(krb5_context context, void *plugin_context, void *request_context, + preauth_get_client_data_proc get_data_proc, + krb5_preauth_client_rock *rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, @@ -1041,7 +1056,8 @@ krb5_error_code KRB5_CALLCONV krb5_do_preauth krb5_data *salt, krb5_data *s2kparams, krb5_enctype *etype, krb5_keyblock *as_key, krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, void *gak_data); + krb5_gic_get_as_key_fct gak_fct, void *gak_data, + krb5_preauth_client_rock *get_data_rock); krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain (krb5_context context, krb5_kdc_req *request, @@ -1052,7 +1068,8 @@ krb5_error_code KRB5_CALLCONV krb5_do_preauth_tryagain krb5_data *salt, krb5_data *s2kparams, krb5_enctype *etype, krb5_keyblock *as_key, krb5_prompter_fct prompter, void *prompter_data, - krb5_gic_get_as_key_fct gak_fct, void *gak_data); + krb5_gic_get_as_key_fct gak_fct, void *gak_data, + krb5_preauth_client_rock *get_data_rock); void KRB5_CALLCONV krb5_init_preauth_context (krb5_context); void KRB5_CALLCONV krb5_free_preauth_context diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index d164192af..f1b7dd334 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -44,6 +44,7 @@ */ struct _krb5_db_entry_new; struct _krb5_key_data; +struct _krb5_preauth_client_rock; /* * Preauth mechanism property flags, unified from previous definitions in the @@ -122,6 +123,23 @@ typedef krb5_error_code krb5_data **); /* + * A client module's callback functions are allowed to request various + * information to enable it to process a request. + */ +enum krb5plugin_preauth_client_request_type { + /* The returned krb5_data item holds the enctype used to encrypt the + * encrypted portion of the AS_REP packet. */ + krb5plugin_preauth_client_get_etype = 1, + /* Free the data returned from krb5plugin_preauth_client_req_get_etype */ + krb5plugin_preauth_client_free_etype = 2, +}; +typedef krb5_error_code +(*preauth_get_client_data_proc)(krb5_context, + struct _krb5_preauth_client_rock *, + krb5_int32 request_type, + krb5_data **); + +/* * A callback which will obtain the user's long-term AS key by prompting the * user for the password, then salting it properly, and so on. For the moment, * it's identical to the get_as_key callback used inside of libkrb5, but we @@ -189,6 +207,8 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_error_code (*process)(krb5_context context, void *plugin_context, void *request_context, + preauth_get_client_data_proc get_data_proc, + struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, @@ -207,6 +227,8 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { krb5_error_code (*tryagain)(krb5_context context, void *plugin_context, void *request_context, + preauth_get_client_data_proc get_data_proc, + struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request, krb5_data *encoded_request_body, krb5_data *encoded_previous_request, |