Implement the krb5_principal option

The krb5_principal option was defined and documented but not actually used. Implement it's use when a service keytab is provided. Ticket: https://fedorahosted.org/gss-proxy/ticket/155 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com>
author: Simo Sorce <simo@redhat.com> 2016-04-15 12:04:48 -0400
committer: Robbie Harwood <rharwood@redhat.com> 2016-04-22 12:17:20 -0400
commit: 41c8b2631fdd09b1e97e341838c71ffd11033133 (patch)
tree: 5d6164662fe748c02d5c2e98a87a88b04faf3801 /proxy
parent: 8f17be689aec490a2d396b1279e4e6ceecd540ab (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/proxy/src/gp_creds.c b/proxy/src/gp_creds.c
index 255200c..551b020 100644
--- a/proxy/src/gp_creds.c
+++ b/proxy/src/gp_creds.c
@@ -325,6 +325,23 @@ static int gp_get_cred_environment(struct gp_call_ctx *gpcall,
         }
     }
 
+    if (use_service_keytab &&
+        (*requested_name == GSS_C_NO_NAME) && (svc->krb5.principal)) {
+        /* configuration dictates to use a specific name */
+        gss_buffer_desc const_buf;
+        const_buf.value = svc->krb5.principal;
+        const_buf.length = strlen(svc->krb5.principal) + 1;
+
+        ret_maj = gss_import_name(&ret_min, &const_buf,
+                                  discard_const(GSS_KRB5_NT_PRINCIPAL_NAME),
+                                  requested_name);
+        if (ret_maj) {
+            GPERROR("Failed to import krb5_principal name %s\n",
+                    svc->krb5.principal);
+            goto done;
+        }
+    }
+
     if (svc->krb5.cred_store == NULL) {
         return 0;
     }
author	Simo Sorce <simo@redhat.com>	2016-04-15 12:04:48 -0400
committer	Robbie Harwood <rharwood@redhat.com>	2016-04-22 12:17:20 -0400
commit	41c8b2631fdd09b1e97e341838c71ffd11033133 (patch)
tree	5d6164662fe748c02d5c2e98a87a88b04faf3801 /proxy
parent	8f17be689aec490a2d396b1279e4e6ceecd540ab (diff)