gss: Add way to set authenticator authz-data

Now we can set Authenticator authorization-data with gss_set_name_attribute().
2022-01-07 15:55:15 -06:00
parent fe11481cc5
commit c2e3c5b66e
8 changed files with 159 additions and 3 deletions
--- a/lib/asn1/krb5.asn1
+++ b/lib/asn1/krb5.asn1
@@ -476,10 +476,11 @@ PrincipalNameAttrs ::= SEQUENCE {
        -- True if the PAC was verified
        pac-verified        [5]     BOOLEAN,
        -- True if any AD-KDC-ISSUEDs in the Ticket were validated
-        kdc-issued-verified [6]     BOOLEAN
+        kdc-issued-verified [6]     BOOLEAN,
        -- TODO: Add requested attributes, for gss_set_name_attribute(), which
        --       should cause corresponding authz-data elements to be added to
        --       any TGS-REQ or to the AP-REQ's Authenticator as appropriate.
+        want-ad             [7]     AuthorizationData OPTIONAL
 }
 -- This is our type for exported composite name tokens for GSS [RFC6680].
 -- It's the same as Principal (below) as decorated with (see krb5.opt file and