client referral support for trusted domain principals4-2-trust-fixes

https://fedorahosted.org/freeipa/ticket/3559

1 files changed, 8 insertions, 0 deletions

diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 4abb7335d..a6f448150 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -274,6 +274,14 @@ krb5_error_code ipadb_check_transited_realms(krb5_context kcontext,
 					     const krb5_data *tr_contents,
 					     const krb5_data *client_realm,
 					     const krb5_data *server_realm);
+/* Checks whether a principal's realm is one of trusted domains' realm or NetBIOS name
+ * and returns the realm of the matched trusted domain in 'trusted_domain'
+ * Returns 0 in case of success and KRB5_KDB_NOENTRY otherwise
+ * If DAL driver is not initialized, returns KRB5_KDB_DBNOTINITED */
+krb5_error_code ipadb_is_princ_from_trusted_realm(krb5_context kcontext,
+                                                  const char *test_realm, size_t size,
+                                                  char **trusted_realm);
+
 /* DELEGATION CHECKS */
 
 krb5_error_code ipadb_check_allowed_to_delegate(krb5_context kcontext,