From: Matt Rogers <mrogers@redhat.com>
Date: Tue, 4 Apr 2017 20:54:56 +0000 (-0400)
Subject: Add the client_name() kdcpreauth callback
X-Git-Tag: krb5-1.16-beta1~115
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a84f39ec30f3deeda7836da6e8b3d8dcf7a045b1;p=thirdparty%2Fkrb5.git

Add the client_name() kdcpreauth callback

Add a kdcpreauth callback to returns the canonicalized client principal.

ticket: 8570 (new)
---

diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h
index fac9d808c7..f388200999 100644
--- a/src/include/krb5/kdcpreauth_plugin.h
+++ b/src/include/krb5/kdcpreauth_plugin.h
@@ -232,6 +232,12 @@ typedef struct krb5_kdcpreauth_callbacks_st {
                                  krb5_kdcpreauth_rock rock,
                                  krb5_principal princ);
 
+    /*
+     * Get an alias to the client DB entry principal (possibly canonicalized).
+     */
+    krb5_principal (*client_name)(krb5_context context,
+                                  krb5_kdcpreauth_rock rock);
+
     /* End of version 4 kdcpreauth callbacks. */
 
 } *krb5_kdcpreauth_callbacks;
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 0ce79c6671..81d0b8cffd 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -591,6 +591,12 @@ match_client(krb5_context context, krb5_kdcpreauth_rock rock,
     return match;
 }
 
+static krb5_principal
+client_name(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->client->princ;
+}
+
 static struct krb5_kdcpreauth_callbacks_st callbacks = {
     4,
     max_time_skew,
@@ -607,7 +613,8 @@ static struct krb5_kdcpreauth_callbacks_st callbacks = {
     add_auth_indicator,
     get_cookie,
     set_cookie,
-    match_client
+    match_client,
+    client_name
 };
 
 static krb5_error_code