diff options
author | Isaac Boukris <iboukris@gmail.com> | 2019-08-07 19:39:10 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2019-09-09 09:56:50 -0400 |
commit | d975dd1eae7b22b14ce7aa6eefb523e9b3c022ba (patch) | |
tree | b1942e332d668f56f48984f65318d385c75c0f4d /src/include | |
parent | d47f7dba3779c9e36e1dedaac830dac1dd248fb3 (diff) | |
download | krb5-d975dd1eae7b22b14ce7aa6eefb523e9b3c022ba.zip krb5-d975dd1eae7b22b14ce7aa6eefb523e9b3c022ba.tar.gz krb5-d975dd1eae7b22b14ce7aa6eefb523e9b3c022ba.tar.bz2 |
Add API to get client account name from PAC
Add a krb5_pac_get_client_info() API to interpret the PAC_CLIENT_INFO
buffer of a PAC. This API is needed by KDB plugin modules to set the
reply client for cross-realm RBCD requests.
[ghudson@mit.edu: added doxygen comment; clarified commit message]
ticket: 8828 (new)
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/krb5/krb5.hin | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index eed38fd..d486853 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -8338,6 +8338,28 @@ krb5_pac_sign_ext(krb5_context context, krb5_pac pac, krb5_timestamp authtime, const krb5_keyblock *privsvr_key, krb5_boolean with_realm, krb5_data *data); + +/* + * Read client information from a PAC. + * + * @param [in] context Library context + * @param [in] pac PAC handle + * @param [out] authtime_out Authentication timestamp (NULL if not needed) + * @param [out] princname_out Client account name + * + * Read the PAC_CLIENT_INFO buffer in @a pac. Place the client account name as + * a string in @a princname_out. If @a authtime_out is not NULL, place the + * initial authentication timestamp in @a authtime_out. + * + * @retval 0 on success, ENOENT if no PAC_CLIENT_INFO buffer is present in @a + * pac, ERANGE if the buffer contains invalid lengths. + * + * @version New in 1.18 + */ +krb5_error_code KRB5_CALLCONV +krb5_pac_get_client_info(krb5_context context, const krb5_pac pac, + krb5_timestamp *authtime_out, char **princname_out); + /** * Allow the appplication to override the profile's allow_weak_crypto setting. * |