From 41c8b2631fdd09b1e97e341838c71ffd11033133 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 15 Apr 2016 12:04:48 -0400
Subject: [PATCH] Implement the krb5_principal option
The krb5_principal option was defined and documented but not actually used.
Implement it's use when a service keytab is provided.
Ticket: https://fedorahosted.org/gss-proxy/ticket/155
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
[rharwood@redhat.com adjust macros for backport]
---
proxy/src/gp_creds.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 255200c..551b020 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -325,6 +325,23 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
}
}
+ if (use_service_keytab &&
+ (*requested_name == GSS_C_NO_NAME) && (svc->krb5.principal)) {
+ /* configuration dictates to use a specific name */
+ gss_buffer_desc const_buf;
+ const_buf.value = svc->krb5.principal;
+ const_buf.length = strlen(svc->krb5.principal) + 1;
+
+ ret_maj = gss_import_name(&ret_min, &const_buf,
+ (void *)(uintptr_t)GSS_KRB5_NT_PRINCIPAL_NAME,
+ requested_name);
+ if (ret_maj) {
+ GPERROR("Failed to import krb5_principal name %s\n",
+ svc->krb5.principal);
+ goto done;
+ }
+ }
+
if (svc->krb5.cred_store == NULL) {
return 0;
}
--
2.8.1