Add PA-REDHAT-IDP-OAUTH2 padata type

Recognize the Red Hat IdP preauth mechanism in trace messages, and add
a declaration for it in krb5.h.

[ghudson@mit.edu: edited comment and commit message]

ticket: 9041 (new)

diff --git a/doc/appdev/refs/macros/index.rst b/doc/appdev/refs/macros/index.rst
index 21619b92fe0dca1c76c59108a316c88e29fd06b6..722ebbb98e07fb2ee84ba63fd6b02067de930eec 100644 (file)
--- a/doc/appdev/refs/macros/index.rst
+++ b/doc/appdev/refs/macros/index.rst
@@ -279,6 +279,7 @@ Public
    KRB5_PADATA_SAM_RESPONSE_2.rst
    KRB5_PADATA_SESAME.rst
    KRB5_PADATA_SPAKE.rst
+   KRB5_PADATA_REDHAT_IDP_OAUTH2.rst
    KRB5_PADATA_SVR_REFERRAL_INFO.rst
    KRB5_PADATA_TGS_REQ.rst
    KRB5_PADATA_USE_SPECIFIED_KVNO.rst

diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 5ebf5a7a897de97b4811df75f9c008cf84a432b2..79c66da482b1e5028cff5637cf6338a556ae0673 100644 (file)
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -1847,6 +1847,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
 #define KRB5_ENCPADATA_REQ_ENC_PA_REP   149 /**< RFC 6806 */
 #define KRB5_PADATA_AS_FRESHNESS        150 /**< RFC 8070 */
 #define KRB5_PADATA_SPAKE               151
+#define KRB5_PADATA_REDHAT_IDP_OAUTH2   152 /**< Red Hat IdP mechanism */
 #define KRB5_PADATA_PAC_OPTIONS         167 /**< MS-KILE and MS-SFU */
 
 #define KRB5_SAM_USE_SAD_AS_KEY         0x80000000

diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
index 59df4500ece12eedee641c719cadd0b2716773f3..3369fc4ba6d313ce658722ff952e0791907989d2 100644 (file)
--- a/src/lib/krb5/os/trace.c
+++ b/src/lib/krb5/os/trace.c
@@ -164,6 +164,7 @@ padata_type_string(krb5_preauthtype type)
     case KRB5_ENCPADATA_REQ_ENC_PA_REP: return "PA-REQ-ENC-PA-REP";
     case KRB5_PADATA_AS_FRESHNESS: return "PA_AS_FRESHNESS";
     case KRB5_PADATA_SPAKE: return "PA-SPAKE";
+    case KRB5_PADATA_REDHAT_IDP_OAUTH2: return "PA-REDHAT-IDP-OAUTH2";
     default: return NULL;
     }
 }