third_party/heimdal: Import lorikeet-heimdal-202405090452 (commit 49c8e97b7221db53355...

[thirdparty/samba.git] / third_party / heimdal / kdc / kdc-plugin.h

diff --git a/third_party/heimdal/kdc/kdc-plugin.h b/third_party/heimdal/kdc/kdc-plugin.h
index 5361349805036981c81ae17c1c88b675cbd65551..e264bbf4d0afe7991205e052acf240373dea6fd4 100644 (file)
--- a/third_party/heimdal/kdc/kdc-plugin.h
+++ b/third_party/heimdal/kdc/kdc-plugin.h
@@ -113,6 +113,16 @@ typedef krb5_error_code
 typedef krb5_error_code
 (KRB5_CALLCONV *krb5plugin_kdc_referral_policy)(void *, astgs_request_t);
 
+/*
+ * A hardware authentication policy plugin can indicate what is to
+ * happen when a client authenticates using a method other than
+ * hardware authentication. It can return zero to allow the
+ * authentication, or an appropriate error code to deny it.
+ */
+
+typedef krb5_error_code
+(KRB5_CALLCONV *krb5plugin_kdc_hwauth_policy)(void *, astgs_request_t);
+
 /*
  * Update the AS or TGS reply immediately prior to encoding.
  */
@@ -135,7 +145,7 @@ typedef krb5_error_code
  * Plugins should carefully check API contract notes for changes
  * between plugin API versions.
  */
-#define KRB5_PLUGIN_KDC_VERSION_11     11
+#define KRB5_PLUGIN_KDC_VERSION_12     12
 
 typedef struct krb5plugin_kdc_ftable {
     HEIM_PLUGIN_FTABLE_COMMON_ELEMENTS(krb5_context);
@@ -144,6 +154,7 @@ typedef struct krb5plugin_kdc_ftable {
     krb5plugin_kdc_pac_update          pac_update;
     krb5plugin_kdc_client_access       client_access;
     krb5plugin_kdc_referral_policy     referral_policy;
+    krb5plugin_kdc_hwauth_policy       hwauth_policy;
     krb5plugin_kdc_finalize_reply      finalize_reply;
     krb5plugin_kdc_audit               audit;
 } krb5plugin_kdc_ftable;