krb5_auth: check if principal belongs to a different realm

Add a flag if the principal used for authentication does not belong to our realm. This can be used to act differently for users from other realms.
author: Sumit Bose <sbose@redhat.com> 2012-10-18 16:14:40 +0200
committer: Sumit Bose <sbose@redhat.com> 2012-10-26 10:32:05 +0200
commit: 83f24636ef8d3d2b9c5be46272781ed5e0497ca7 (patch)
tree: 720875032628182f533e990752eb94824d7ea24c /src/providers/krb5/krb5_common.h
parent: 7219ef88751bb05edd77629b8068330bb6d9b117 (diff)
download: sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.gz
sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.xz
sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
index 51bd26773..bc63bf983 100644
--- a/src/providers/krb5/krb5_common.h
+++ b/src/providers/krb5/krb5_common.h
@@ -177,6 +177,10 @@ errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm);
 errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
                             const char *username, const char **_upn);
 
+errno_t compare_principal_realm(const char *upn, const char *realm,
+                                bool *different_realm);
+
+
 int sssm_krb5_auth_init(struct be_ctx *bectx,
                         struct bet_ops **ops,
                         void **pvt_auth_data);
author	Sumit Bose <sbose@redhat.com>	2012-10-18 16:14:40 +0200
committer	Sumit Bose <sbose@redhat.com>	2012-10-26 10:32:05 +0200
commit	83f24636ef8d3d2b9c5be46272781ed5e0497ca7 (patch)
tree	720875032628182f533e990752eb94824d7ea24c /src/providers/krb5/krb5_common.h
parent	7219ef88751bb05edd77629b8068330bb6d9b117 (diff)
download	sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.gz sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.tar.xz sssd-83f24636ef8d3d2b9c5be46272781ed5e0497ca7.zip