oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add support for user principal names in certificates [HEIMDAL-602]

Browse Source 
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
This commit is contained in:
Andrew Bartlett
2009-08-04 09:34:58 +02:00
committed by Love Hornquist Astrand
parent 147184381e
commit f8c121b282
3 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/hdb/hdb.h
View File

@@ -220,9 +220,14 @@ typedef struct HDB{
* Check is delegation is allowed.
*/
krb5_error_code (*hdb_check_constrained_delegation)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal);
/**
* Check if this name is an alias for the supplied client for PKINIT userPrinicpalName logins
*/
krb5_error_code (*hdb_check_pkinit_ms_upn_match)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal);
}HDB;
#define HDB_INTERFACE_VERSION 5
#define HDB_INTERFACE_VERSION 6
struct hdb_so_method {
int version;