diff options
| author | Greg Hudson <ghudson@mit.edu> | 2021-01-15 13:51:34 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2021-01-28 10:57:46 -0500 |
| commit | c374ab40dd059a5938ffc0440d87457ac5da3a46 (patch) | |
| tree | f6afbc4cc0390d860c08e4cc490b1667b2945c48 /src/lib/gssapi/krb5/gssapiP_krb5.h | |
| parent | 225fffe4e912772acea3a01d45bafb60bfb80948 (diff) | |
| download | krb5-c374ab40dd059a5938ffc0440d87457ac5da3a46.zip krb5-c374ab40dd059a5938ffc0440d87457ac5da3a46.tar.gz krb5-c374ab40dd059a5938ffc0440d87457ac5da3a46.tar.bz2 | |
Support host-based GSS initiator names
When checking if we can get initial credentials in the GSS krb5 mech,
use krb5_kt_have_match() to support fallback iteration. When scanning
the ccache or getting initial credentials, rewrite cred->name->princ
to the canonical client name. When a name check is necessary (such as
when the caller specifies both a name and ccache), use a new internal
API k5_sname_compare() to support fallback iteration. Add fallback
iteration to krb5_cc_cache_match() to allow host-based names to be
canonicalized against the cache collection.
Create and store the matching principal for acceptor names in
acquire_accept_cred() so that it isn't affected by changes in
cred->name->princ during acquire_init_cred().
ticket: 8978 (new)
Diffstat (limited to 'src/lib/gssapi/krb5/gssapiP_krb5.h')
| -rw-r--r-- | src/lib/gssapi/krb5/gssapiP_krb5.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index a7e0e63..d8553e7 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -175,6 +175,7 @@ typedef struct _krb5_gss_cred_id_rec { /* name/type of credential */ gss_cred_usage_t usage; krb5_gss_name_t name; + krb5_principal acceptor_mprinc; krb5_principal impersonator; unsigned int default_identity : 1; unsigned int iakerb_mech : 1; |