Add the client_name() kdcpreauth callback

Add a kdcpreauth callback to returns the canonicalized client principal.

ticket: 8570 (new)

diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h
index fac9d808c7a946855c2236bf1d01fd94793cef90..f388200999ef62cffdf1589ebc862e4a0d8044b0 100644 (file)
--- a/src/include/krb5/kdcpreauth_plugin.h
+++ b/src/include/krb5/kdcpreauth_plugin.h
@@ -232,6 +232,12 @@ typedef struct krb5_kdcpreauth_callbacks_st {
                                  krb5_kdcpreauth_rock rock,
                                  krb5_principal princ);
 
+    /*
+     * Get an alias to the client DB entry principal (possibly canonicalized).
+     */
+    krb5_principal (*client_name)(krb5_context context,
+                                  krb5_kdcpreauth_rock rock);
+
     /* End of version 4 kdcpreauth callbacks. */
 
 } *krb5_kdcpreauth_callbacks;

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 0ce79c667148bc5c4cdfc1a4aea59bbf3981e86c..81d0b8cffd390b35791e3cc9805dbb6fd6cf8976 100644 (file)
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -591,6 +591,12 @@ match_client(krb5_context context, krb5_kdcpreauth_rock rock,
     return match;
 }
 
+static krb5_principal
+client_name(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->client->princ;
+}
+
 static struct krb5_kdcpreauth_callbacks_st callbacks = {
     4,
     max_time_skew,
@@ -607,7 +613,8 @@ static struct krb5_kdcpreauth_callbacks_st callbacks = {
     add_auth_indicator,
     get_cookie,
     set_cookie,
-    match_client
+    match_client,
+    client_name
 };
 
 static krb5_error_code