Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: git commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 1126


Pass PKINIT identity prompts to the responder cb

Use the list of deferred identity prompts and warnings, which we have
after calling pkinit_identity_initialize(), to build a list of questions
to supply to responder callbacks.

Before calling pkinit_identity_prompt() to actually load identities that
are protected, save any passwords and PINs which a responder callback
may have supplied.

Because pkinit_client_prep_questions() can be called multiple times, and
we don't want to try to load all of our identities each of those times,
take some steps to ensure that we only call pkinit_identity_initialize()
and pkinit_identity_prompt() once per request.

https://github.com/krb5/krb5/commit/e8b63198029c632d097822104d6e17c9a67ef1a5
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: e8b63198029c632d097822104d6e17c9a67ef1a5
Branch: master
 src/include/krb5/krb5.hin                |   44 ++++++
 src/plugins/preauth/pkinit/pkinit.h      |    3 +
 src/plugins/preauth/pkinit/pkinit_clnt.c |  234 +++++++++++++++++++++++++++---
 3 files changed, 262 insertions(+), 19 deletions(-)