|
|
@@ -461,12 +461,28 @@ static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
|
|
|
buflen -= len;
|
|
|
p += len;
|
|
|
gss_msg->msg.len = len;
|
|
|
+
|
|
|
+ /*
|
|
|
+ * target= is a full service principal that names the remote
|
|
|
+ * identity that we are authenticating to.
|
|
|
+ */
|
|
|
if (target_name) {
|
|
|
len = scnprintf(p, buflen, "target=%s ", target_name);
|
|
|
buflen -= len;
|
|
|
p += len;
|
|
|
gss_msg->msg.len += len;
|
|
|
}
|
|
|
+
|
|
|
+ /*
|
|
|
+ * gssd uses service= and srchost= to select a matching key from
|
|
|
+ * the system's keytab to use as the source principal.
|
|
|
+ *
|
|
|
+ * service= is the service name part of the source principal,
|
|
|
+ * or "*" (meaning choose any).
|
|
|
+ *
|
|
|
+ * srchost= is the hostname part of the source principal. When
|
|
|
+ * not provided, gssd uses the local hostname.
|
|
|
+ */
|
|
|
if (service_name) {
|
|
|
char *c = strchr(service_name, '@');
|
|
|
|
|
|
@@ -482,6 +498,7 @@ static int gss_encode_v1_msg(struct gss_upcall_msg *gss_msg,
|
|
|
p += len;
|
|
|
gss_msg->msg.len += len;
|
|
|
}
|
|
|
+
|
|
|
if (mech->gm_upcall_enctypes) {
|
|
|
len = scnprintf(p, buflen, "enctypes=%s ",
|
|
|
mech->gm_upcall_enctypes);
|
Chuck Lever