diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-02-07 18:40:00 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2011-02-07 18:40:00 +0000 |
| commit | 66587fcd6380eac2c53674df4f64a827d337aee5 (patch) | |
| tree | e3e98004479a87b3f1e1171056464f3a6be65d95 /src/lib/gssapi/krb5/gssapiP_krb5.h | |
| parent | 1b46b254240d95534b7a3ee1f45ac85f6c38db1b (diff) | |
| download | krb5-66587fcd6380eac2c53674df4f64a827d337aee5.zip krb5-66587fcd6380eac2c53674df4f64a827d337aee5.tar.gz krb5-66587fcd6380eac2c53674df4f64a827d337aee5.tar.bz2 | |
Improve acceptor name flexibility
Be more flexible about the principal names we will accept for a given
GSS acceptor name. Also add support for a new libdefaults profile
variable ignore_acceptor_hostname, which causes the hostnames of
host-based service principals to be ignored when passed by server
applications as acceptor names.
Note that we still always invoke krb5_sname_to_principal() when
importing a gss-krb5 mechanism name, even though we won't always use
the result. This is an unfortunate waste of getaddrinfo/getnameinfo
queries in some situations, but the code surgery necessary to defer
it appears too risky at this time.
The project proposal for this change is at:
http://k5wiki.kerberos.org/wiki/Projects/Acceptor_Names
ticket: 6855
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24616 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/gssapi/krb5/gssapiP_krb5.h')
| -rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index a0e60be..6649331 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -158,8 +158,10 @@ enum qop { /** internal types **/ typedef struct _krb5_gss_name_rec { - krb5_principal princ; /* immutable */ - k5_mutex_t lock; /* protects ad_context only for now */ + krb5_principal princ; /* immutable */ + char *service; /* immutable */ + char *host; /* immutable */ + k5_mutex_t lock; /* protects ad_context only for now */ krb5_authdata_context ad_context; } krb5_gss_name_rec, *krb5_gss_name_t; @@ -893,11 +895,9 @@ int gss_krb5int_rotate_left (void *ptr, size_t bufsiz, size_t rc); #define KG_INIT_NAME_NO_COPY 0x2 krb5_error_code -kg_init_name(krb5_context context, - krb5_principal principal, - krb5_authdata_context ad_context, - krb5_flags flags, - krb5_gss_name_t *name); +kg_init_name(krb5_context context, krb5_principal principal, + char *service, char *host, krb5_authdata_context ad_context, + krb5_flags flags, krb5_gss_name_t *name); krb5_error_code kg_release_name(krb5_context context, @@ -915,6 +915,10 @@ kg_compare_name(krb5_context context, krb5_gss_name_t name1, krb5_gss_name_t name2); +krb5_boolean +kg_acceptor_princ(krb5_context context, krb5_gss_name_t name, + krb5_principal *princ_out); + OM_uint32 krb5_gss_display_name_ext(OM_uint32 *minor_status, gss_name_t name, |