From 810e831592eeed8422197d9c8de237552645412f Mon Sep 17 00:00:00 2001

From: Matt Rogers <mrogers@redhat.com>

Date: Tue, 4 Apr 2017 16:54:56 -0400

Subject: [PATCH] Add the client_name() kdcpreauth callback

Add a kdcpreauth callback to returns the canonicalized client principal.

ticket: 8570 (new)

(cherry picked from commit a84f39ec30f3deeda7836da6e8b3d8dcf7a045b1)

---

 src/include/krb5/kdcpreauth_plugin.h | 6 ++++++

 src/kdc/kdc_preauth.c                | 9 ++++++++-

 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h

index 92aa5a5a5..fa4436b83 100644

--- a/src/include/krb5/kdcpreauth_plugin.h

+++ b/src/include/krb5/kdcpreauth_plugin.h

@@ -232,6 +232,12 @@ typedef struct krb5_kdcpreauth_callbacks_st {

                                  krb5_kdcpreauth_rock rock,

                                  krb5_principal princ);

+    /*

+     * Get an alias to the client DB entry principal (possibly canonicalized).

+     */

+    krb5_principal (*client_name)(krb5_context context,

+                                  krb5_kdcpreauth_rock rock);

+

     /* End of version 4 kdcpreauth callbacks. */

 } *krb5_kdcpreauth_callbacks;

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c

index 0ce79c667..81d0b8cff 100644

--- a/src/kdc/kdc_preauth.c

+++ b/src/kdc/kdc_preauth.c

@@ -591,6 +591,12 @@ match_client(krb5_context context, krb5_kdcpreauth_rock rock,

     return match;

 }

+static krb5_principal

+client_name(krb5_context context, krb5_kdcpreauth_rock rock)

+{

+    return rock->client->princ;

+}

+

 static struct krb5_kdcpreauth_callbacks_st callbacks = {

     4,

     max_time_skew,

@@ -607,7 +613,8 @@ static struct krb5_kdcpreauth_callbacks_st callbacks = {

     add_auth_indicator,

     get_cookie,

     set_cookie,

-    match_client

+    match_client,

+    client_name

 };

 static krb5_error_code