krb5: Add functions to determine whether PAC is trusted

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/lib/krb5/libkrb5-exports.def.in b/lib/krb5/libkrb5-exports.def.in
index 191a0c48c8614482e283945919746be5a0aaf750..3845cd73601a425397612d230337fd09849f80fd 100644 (file)
--- a/lib/krb5/libkrb5-exports.def.in
+++ b/lib/krb5/libkrb5-exports.def.in
@@ -506,7 +506,9 @@ EXPORTS
        krb5_pac_get_kdc_checksum_info
        krb5_pac_get_types
        krb5_pac_init
+       krb5_pac_is_trusted
        krb5_pac_parse
+       krb5_pac_set_trusted
        krb5_pac_verify
        krb5_padata_add
        _krb5_parse_address_no_lookup

diff --git a/lib/krb5/pac.c b/lib/krb5/pac.c
index 26403e665a0f29edecc7ea5e59de7fce0365e979..a944b9391c1eb58a2f7354cf1c940cf4ac19c118 100644 (file)
--- a/lib/krb5/pac.c
+++ b/lib/krb5/pac.c
@@ -85,6 +85,8 @@ struct krb5_pac_data {
 
     /* PAC_ATTRIBUTES_INFO */
     uint64_t pac_attributes;
+
+    krb5_boolean is_trusted;
 };
 
 #define PAC_ALIGNMENT                  8
@@ -658,6 +660,30 @@ krb5_pac_get_types(krb5_context context,
     return 0;
 }
 
+/*
+ *
+ */
+
+KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
+krb5_pac_is_trusted(krb5_const_pac p)
+{
+    return p->is_trusted;
+}
+
+/*
+ *
+ */
+
+KRB5_LIB_FUNCTION void KRB5_LIB_CALL
+krb5_pac_set_trusted(krb5_pac p, krb5_boolean is_trusted)
+{
+    p->is_trusted = is_trusted;
+}
+
+/*
+ *
+ */
+
 /*
  *
  */

diff --git a/lib/krb5/version-script.map b/lib/krb5/version-script.map
index f6278e9ecbf64016b47d581af751c44242b28bd7..a81b08fa14786dc7bfe917006a02d013d9fcd844 100644 (file)
--- a/lib/krb5/version-script.map
+++ b/lib/krb5/version-script.map
@@ -499,7 +499,9 @@ HEIMDAL_KRB5_2.0 {
                krb5_pac_get_kdc_checksum_info;
                krb5_pac_get_types;
                krb5_pac_init;
+               krb5_pac_is_trusted;
                krb5_pac_parse;
+               krb5_pac_set_trusted;
                krb5_pac_verify;
                krb5_padata_add;
                _krb5_parse_address_no_lookup;