base/SOURCES/Add-the-client_name-kdcpreauth-callback.patch

From aa153bb60c4fdc05adbc88cca578612fce6c8ce0 Mon Sep 17 00:00:00 2001
From: Matt Rogers <mrogers@redhat.com>
Date: Tue, 4 Apr 2017 16:54:56 -0400
Subject: [PATCH] Add the client_name() kdcpreauth callback

Add a kdcpreauth callback to returns the canonicalized client principal.

ticket: 8570 (new)
(cherry picked from commit a84f39ec30f3deeda7836da6e8b3d8dcf7a045b1)
---
 src/include/krb5/kdcpreauth_plugin.h | 6 ++++++
 src/kdc/kdc_preauth.c                | 9 ++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/include/krb5/kdcpreauth_plugin.h b/src/include/krb5/kdcpreauth_plugin.h
index 92aa5a5a5..fa4436b83 100644
--- a/src/include/krb5/kdcpreauth_plugin.h
+++ b/src/include/krb5/kdcpreauth_plugin.h
@@ -232,6 +232,12 @@ typedef struct krb5_kdcpreauth_callbacks_st {
                                  krb5_kdcpreauth_rock rock,
                                  krb5_principal princ);

+    /*
+     * Get an alias to the client DB entry principal (possibly canonicalized).
+     */
+    krb5_principal (*client_name)(krb5_context context,
+                                  krb5_kdcpreauth_rock rock);
+
     /* End of version 4 kdcpreauth callbacks. */

 } *krb5_kdcpreauth_callbacks;
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 0ce79c667..81d0b8cff 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -591,6 +591,12 @@ match_client(krb5_context context, krb5_kdcpreauth_rock rock,
     return match;
 }

+static krb5_principal
+client_name(krb5_context context, krb5_kdcpreauth_rock rock)
+{
+    return rock->client->princ;
+}
+
 static struct krb5_kdcpreauth_callbacks_st callbacks = {
     4,
     max_time_skew,
@@ -607,7 +613,8 @@ static struct krb5_kdcpreauth_callbacks_st callbacks = {
     add_auth_indicator,
     get_cookie,
     set_cookie,
-    match_client
+    match_client,
+    client_name
 };

 static krb5_error_code