From e50482720a805ecd8c160e4a8f4a846e6327dca2 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 26 Apr 2013 15:50:05 -0400
Subject: Add kdcpreauth callback to check for client keys

Add a new have_client_keys callback to the kdcpreauth interface,
allowing modules to efficiently check whether the client DB entry has
any keys matching the request enctypes.

ticket: 7630
---
 src/include/krb5/kdcpreauth_plugin.h | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/include')

diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h
index e673d4003..9abe76f63 100644
--- a/src/include/krb5/kdcpreauth_plugin.h
+++ b/src/include/krb5/kdcpreauth_plugin.h
@@ -173,6 +173,14 @@ typedef struct krb5_kdcpreauth_callbacks_st {
                                        krb5_kdcpreauth_rock rock);
 
     /* End of version 1 kdcpreauth callbacks. */
+
+    /* Return true if the client DB entry contains any keys matching the
+     * request enctypes. */
+    krb5_boolean (*have_client_keys)(krb5_context context,
+                                     krb5_kdcpreauth_rock rock);
+
+    /* End of version 2 kdcpreauth callbacks. */
+
 } *krb5_kdcpreauth_callbacks;
 
 /* Optional: preauth plugin initialization function. */
-- 
cgit