From 38f2d151cf92c34799c4d88eddd4b823c361e33b Mon Sep 17 00:00:00 2001
From: fooofei <aihujianfei@qq.com>
Date: Fri, 23 Feb 2024 06:39:38 +0800
Subject: [PATCH] feat: add BuildSpnFunc to GSSAPIConfig for allow custom spn
 (#2807)

Signed-off-by: fooofei <aihujianfei@qq.com>
---
 gssapi_kerberos.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/gssapi_kerberos.go b/gssapi_kerberos.go
index 8abbcdc38..ccc01c19b 100644
--- a/gssapi_kerberos.go
+++ b/gssapi_kerberos.go
@@ -39,6 +39,7 @@ type GSSAPIConfig struct {
 	Password           string
 	Realm              string
 	DisablePAFXFAST    bool
+	BuildSpn           BuildSpnFunc
 }
 
 type GSSAPIKerberosAuth struct {
@@ -57,6 +58,8 @@ type KerberosClient interface {
 	Destroy()
 }
 
+type BuildSpnFunc func(serviceName, host string) string
+
 // writePackage appends length in big endian before the payload, and sends it to kafka
 func (krbAuth *GSSAPIKerberosAuth) writePackage(broker *Broker, payload []byte) (int, error) {
 	length := uint64(len(payload))
@@ -211,10 +214,15 @@ func (krbAuth *GSSAPIKerberosAuth) Authorize(broker *Broker) error {
 		return err
 	}
 	// Construct SPN using serviceName and host
-	// SPN format: <SERVICE>/<FQDN>
+	// default SPN format: <SERVICE>/<FQDN>
 
 	host := strings.SplitN(broker.addr, ":", 2)[0] // Strip port part
-	spn := fmt.Sprintf("%s/%s", broker.conf.Net.SASL.GSSAPI.ServiceName, host)
+	var spn string
+	if krbAuth.Config.BuildSpn != nil {
+		spn = krbAuth.Config.BuildSpn(broker.conf.Net.SASL.GSSAPI.ServiceName, host)
+	} else {
+		spn = fmt.Sprintf("%s/%s", broker.conf.Net.SASL.GSSAPI.ServiceName, host)
+	}
 
 	ticket, encKey, err := kerberosClient.GetServiceTicket(spn)
 	if err != nil {