diff options
author | Greg Hudson <ghudson@mit.edu> | 2015-06-04 14:08:06 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2015-07-08 16:14:13 -0400 |
commit | 7b12eb4757f8dd05b79c9b49d4289f0caf1f6eec (patch) | |
tree | 463495d9dc7c308a87915e39039c06c2fadd613a /src/include/krb5 | |
parent | 5cf4a7e220141f10f51995ceae9b9e74232a31b7 (diff) | |
download | krb5-7b12eb4757f8dd05b79c9b49d4289f0caf1f6eec.zip krb5-7b12eb4757f8dd05b79c9b49d4289f0caf1f6eec.tar.gz krb5-7b12eb4757f8dd05b79c9b49d4289f0caf1f6eec.tar.bz2 |
Add client_keyblock kdcpreauth callback
Add a new kdcpreauth callback which gets the selected client key.
This callback can be used by preauth mechs which need to use the
singular reply key in a challenge sent by the KDC, now that we send
only one etype-info entry in PREAUTH_REQUIRED errors.
ticket: 8200 (new)
Diffstat (limited to 'src/include/krb5')
-rw-r--r-- | src/include/krb5/kdcpreauth_plugin.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h index 9abe76f..2f41158 100644 --- a/src/include/krb5/kdcpreauth_plugin.h +++ b/src/include/krb5/kdcpreauth_plugin.h @@ -34,7 +34,7 @@ * Declarations for kdcpreauth plugin module implementors. * * The kdcpreauth interface has a single supported major version, which is 1. - * Major version 1 has a current minor version of 2. kdcpreauth modules should + * Major version 1 has a current minor version of 3. kdcpreauth modules should * define a function named kdcpreauth_<modulename>_initvt, matching the * signature: * @@ -181,6 +181,19 @@ typedef struct krb5_kdcpreauth_callbacks_st { /* End of version 2 kdcpreauth callbacks. */ + /* + * Get the decrypted client long-term key chosen according to the request + * enctype list, or NULL if no matching key was found. The returned + * pointer is an alias and should not be freed. If invoked from + * return_padata, the result will be the same as the encrypting_key + * parameter if it is not NULL, and will therefore reflect the modified + * reply key if a return_padata handler has replaced the reply key. + */ + const krb5_keyblock *(*client_keyblock)(krb5_context context, + krb5_kdcpreauth_rock rock); + + /* End of version 3 kdcpreauth callbacks. */ + } *krb5_kdcpreauth_callbacks; /* Optional: preauth plugin initialization function. */ |