From 4e89b0b186ec90a6a06dd761d61ab45d82db599a Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 23 Jul 2012 18:18:58 -0400 Subject: Add "pa_type" configuration to ccaches * When producing preauth data, keep track of the type of padata in the KDC's list of acceptable types which prompted the module to produce padata. * After obtaining credentials, store that value as a "pa_type" configuration item in the out_ccache. * Read that allowed preauth type from an in_ccache, if possible. * If we have an allowed preauth type, only call "real" modules that handle that value when filling in responder items and producing a client request. ticket: 7414 (new) --- src/include/k5-int.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/include') diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 169d6d395..d5299c597 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -282,6 +282,7 @@ typedef INT64_TYPE krb5_int64; #define KRB5_CONF_FAST_AVAIL "fast_avail" #define KRB5_CONF_PROXY_IMPERSONATOR "proxy_impersonator" #define KRB5_CONF_REFRESH_TIME "refresh_time" +#define KRB5_CONF_PA_TYPE "pa_type" /* Error codes used in KRB_ERROR protocol messages. Return values of library routines are based on a different error table @@ -839,6 +840,17 @@ struct krb5_clpreauth_rock_st { krb5_int32 pa_offset_usec; enum { NO_OFFSET = 0, UNAUTH_OFFSET, AUTH_OFFSET } pa_offset_state; struct krb5_responder_context_st rctx; + + /* + * Configuration information read from an in_ccache, actually stored in the + * containing context structure, but needed by callbacks which currently + * only get a pointer to the rock + */ + + /* The allowed preauth type (number) that we might use, equal to + * KRB5_PADATA_NONE if none was set. */ + krb5_preauthtype *allowed_preauth_type; + krb5_preauthtype *selected_preauth_type; }; typedef struct _krb5_pa_enc_ts { -- cgit