From 810e831592eeed8422197d9c8de237552645412f Mon Sep 17 00:00:00 2001 From: Matt Rogers Date: Tue, 4 Apr 2017 16:54:56 -0400 Subject: [PATCH] Add the client_name() kdcpreauth callback Add a kdcpreauth callback to returns the canonicalized client principal. ticket: 8570 (new) (cherry picked from commit a84f39ec30f3deeda7836da6e8b3d8dcf7a045b1) --- src/include/krb5/kdcpreauth_plugin.h | 6 ++++++ src/kdc/kdc_preauth.c | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h index 92aa5a5a5..fa4436b83 100644 --- a/src/include/krb5/kdcpreauth_plugin.h +++ b/src/include/krb5/kdcpreauth_plugin.h @@ -232,6 +232,12 @@ typedef struct krb5_kdcpreauth_callbacks_st { krb5_kdcpreauth_rock rock, krb5_principal princ); + /* + * Get an alias to the client DB entry principal (possibly canonicalized). + */ + krb5_principal (*client_name)(krb5_context context, + krb5_kdcpreauth_rock rock); + /* End of version 4 kdcpreauth callbacks. */ } *krb5_kdcpreauth_callbacks; diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c index 0ce79c667..81d0b8cff 100644 --- a/src/kdc/kdc_preauth.c +++ b/src/kdc/kdc_preauth.c @@ -591,6 +591,12 @@ match_client(krb5_context context, krb5_kdcpreauth_rock rock, return match; } +static krb5_principal +client_name(krb5_context context, krb5_kdcpreauth_rock rock) +{ + return rock->client->princ; +} + static struct krb5_kdcpreauth_callbacks_st callbacks = { 4, max_time_skew, @@ -607,7 +613,8 @@ static struct krb5_kdcpreauth_callbacks_st callbacks = { add_auth_indicator, get_cookie, set_cookie, - match_client + match_client, + client_name }; static krb5_error_code