Add a new have_client_keys callback to the kdcpreauth interface,
allowing modules to efficiently check whether the client DB entry has
any keys matching the request enctypes.
ticket: 7630
krb5_kdcpreauth_rock rock);
/* End of version 1 kdcpreauth callbacks. */
+
+ /* Return true if the client DB entry contains any keys matching the
+ * request enctypes. */
+ krb5_boolean (*have_client_keys)(krb5_context context,
+ krb5_kdcpreauth_rock rock);
+
+ /* End of version 2 kdcpreauth callbacks. */
+
} *krb5_kdcpreauth_callbacks;
/* Optional: preauth plugin initialization function. */
return rock->vctx;
}
+static krb5_boolean
+have_client_keys(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+ krb5_kdc_req *request = rock->request;
+ krb5_key_data *kd;
+ int i;
+
+ for (i = 0; i < request->nktypes; i++) {
+ if (krb5_dbe_find_enctype(context, rock->client, request->ktype[i],
+ -1, 0, &kd) == 0)
+ return TRUE;
+ }
+ return FALSE;
+}
+
static struct krb5_kdcpreauth_callbacks_st callbacks = {
- 1,
+ 2,
max_time_skew,
client_keys,
free_keys,
get_string,
free_string,
client_entry,
- event_context
+ event_context,
+ have_client_keys
};
static krb5_error_code
projects / thirdparty / krb5.git / commitdiff
