summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/librpc/rpc/dcerpc_gssapi.c42
-rw-r--r--source3/librpc/rpc/dcerpc_gssapi.h2
2 files changed, 44 insertions, 0 deletions
diff --git a/source3/librpc/rpc/dcerpc_gssapi.c b/source3/librpc/rpc/dcerpc_gssapi.c
index 03c6ae963f..af94b66780 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.c
+++ b/source3/librpc/rpc/dcerpc_gssapi.c
@@ -629,6 +629,43 @@ DATA_BLOB gse_get_session_key(TALLOC_CTX *mem_ctx,
return ret;
}
+NTSTATUS gse_get_client_name(struct gse_context *gse_ctx,
+ TALLOC_CTX *mem_ctx, char **cli_name)
+{
+ OM_uint32 gss_min, gss_maj;
+ gss_buffer_desc name_buffer;
+
+ if (!gse_ctx->authenticated) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ if (!gse_ctx->client_name) {
+ return NT_STATUS_NOT_FOUND;
+ }
+
+ /* TODO: check OID matches KRB5 Principal Name OID ? */
+
+ gss_maj = gss_display_name(&gss_min,
+ gse_ctx->client_name,
+ &name_buffer, NULL);
+ if (gss_maj) {
+ DEBUG(0, ("gss_display_name failed [%s]\n",
+ gse_errstr(talloc_tos(), gss_maj, gss_min)));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ *cli_name = talloc_strndup(talloc_tos(),
+ (char *)name_buffer.value,
+ name_buffer.length);
+
+ gss_maj = gss_release_buffer(&gss_min, &name_buffer);
+
+ if (!*cli_name) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ return NT_STATUS_OK;
+}
NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx,
TALLOC_CTX *mem_ctx, DATA_BLOB *pac)
@@ -947,6 +984,11 @@ DATA_BLOB gse_get_session_key(TALLOC_CTX *mem_ctx,
return data_blob_null;
}
+NTSTATUS gse_get_client_name(struct gse_context *gse_ctx,
+ TALLOC_CTX *mem_ctx, char **client_name)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx,
TALLOC_CTX *mem_ctx, DATA_BLOB *pac)
diff --git a/source3/librpc/rpc/dcerpc_gssapi.h b/source3/librpc/rpc/dcerpc_gssapi.h
index 4da4af7f62..0ffed2c457 100644
--- a/source3/librpc/rpc/dcerpc_gssapi.h
+++ b/source3/librpc/rpc/dcerpc_gssapi.h
@@ -57,6 +57,8 @@ NTSTATUS gse_verify_server_auth_flags(struct gse_context *gse_ctx);
bool gse_require_more_processing(struct gse_context *gse_ctx);
DATA_BLOB gse_get_session_key(TALLOC_CTX *mem_ctx,
struct gse_context *gse_ctx);
+NTSTATUS gse_get_client_name(struct gse_context *gse_ctx,
+ TALLOC_CTX *mem_ctx, char **client_name);
NTSTATUS gse_get_authz_data(struct gse_context *gse_ctx,
TALLOC_CTX *mem_ctx, DATA_BLOB *pac);
NTSTATUS gse_get_authtime(struct gse_context *gse_ctx, time_t *authtime);