From 5fa526b9db4940a221606f36e25e36ca525a47ab Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 27 Oct 2012 11:55:36 -0400
Subject: Make clpreauth flags function optional

With one exception (KRB5_PADATA_PKINIT_KX), every padata type
processed by a clpreauth module is now a real preauthentication type.
Reduce the amount of boilerplate required for a clpreauth module by
making the flags method optional if all of the preauth types
advertised by the module are real.
---
 src/include/krb5/clpreauth_plugin.h | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'src/include')

diff --git a/src/include/krb5/clpreauth_plugin.h b/src/include/krb5/clpreauth_plugin.h
index efe006b9a..0106734ad 100644
--- a/src/include/krb5/clpreauth_plugin.h
+++ b/src/include/krb5/clpreauth_plugin.h
@@ -178,9 +178,11 @@ typedef void
                           krb5_clpreauth_moddata moddata);
 
 /*
- * Mandatory: Return flags indicating if the module is a "real" or an "info"
- * mechanism, and so on.  This function is called for each entry in the
- * client_pa_type_list.
+ * Optional (mandatory before MIT krb5 1.12): pa_type will be a member of the
+ * vtable's pa_type_list.  Return PA_REAL if pa_type is a real
+ * preauthentication type or PA_INFO if it is an informational type.  If this
+ * function is not defined in 1.12 or later, all pa_type values advertised by
+ * the module will be assumed to be real.
  */
 typedef int
 (*krb5_clpreauth_get_flags_fn)(krb5_context context, krb5_preauthtype pa_type);
-- 
cgit