[krbdev.mit.edu #7680] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Jul 18 00:58:56 EDT 2013
Pass PKINIT identity prompts to the responder cb
Use the list of deferred identity prompts and warnings, which we have
after calling pkinit_identity_initialize(), to build a list of questions
to supply to responder callbacks.
Before calling pkinit_identity_prompt() to actually load identities that
are protected, save any passwords and PINs which a responder callback
may have supplied.
Because pkinit_client_prep_questions() can be called multiple times, and
we don't want to try to load all of our identities each of those times,
take some steps to ensure that we only call pkinit_identity_initialize()
and pkinit_identity_prompt() once per request.
https://github.com/krb5/krb5/commit/e8b63198029c632d097822104d6e17c9a67ef1a5
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: e8b63198029c632d097822104d6e17c9a67ef1a5
Branch: master
src/include/krb5/krb5.hin | 44 ++++++
src/plugins/preauth/pkinit/pkinit.h | 3 +
src/plugins/preauth/pkinit/pkinit_clnt.c | 234 +++++++++++++++++++++++++++---
3 files changed, 262 insertions(+), 19 deletions(-)
More information about the krb5-bugs
mailing list