From 41c8b2631fdd09b1e97e341838c71ffd11033133 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Fri, 15 Apr 2016 12:04:48 -0400
Subject: [PATCH] Implement the krb5_principal option

The krb5_principal option was defined and documented but not actually used.
Implement it's use when a service keytab is provided.

Ticket: https://fedorahosted.org/gss-proxy/ticket/155

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>

[rharwood@redhat.com adjust macros for backport]
---
 proxy/src/gp_creds.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 255200c..551b020 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -325,6 +325,23 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
         }
     }
 
+    if (use_service_keytab &&
+        (*requested_name == GSS_C_NO_NAME) && (svc->krb5.principal)) {
+        /* configuration dictates to use a specific name */
+        gss_buffer_desc const_buf;
+        const_buf.value = svc->krb5.principal;
+        const_buf.length = strlen(svc->krb5.principal) + 1;
+
+        ret_maj = gss_import_name(&ret_min, &const_buf,
+                                  (void *)(uintptr_t)GSS_KRB5_NT_PRINCIPAL_NAME,
+                                  requested_name);
+        if (ret_maj) {
+            GPERROR("Failed to import krb5_principal name %s\n",
+                    svc->krb5.principal);
+            goto done;
+        }
+    }
+
     if (svc->krb5.cred_store == NULL) {
         return 0;
     }
-- 
2.8.1