@@ -34,6 +34,7 @@ pub struct Acceptor {
3434 static_channels : StaticChannelSet ,
3535 saved_for_reactivation : AcceptorState ,
3636 pub ( crate ) creds : Option < Credentials > ,
37+ received_credentials : Option < Credentials > ,
3738 reactivation : bool ,
3839}
3940
@@ -45,6 +46,15 @@ pub struct AcceptorResult {
4546 pub user_channel_id : u16 ,
4647 pub io_channel_id : u16 ,
4748 pub reactivation : bool ,
49+ /// Credentials received from the client during SecureSettingsExchange.
50+ ///
51+ /// Present for TLS-mode connections where the client sends credentials
52+ /// in the ClientInfoPdu. `None` for CredSSP/Hybrid connections (where
53+ /// authentication happens during the CredSSP exchange instead).
54+ ///
55+ /// Servers that need to validate credentials (e.g., via PAM or LDAP)
56+ /// can use this field for post-handshake validation.
57+ pub credentials : Option < Credentials > ,
4858}
4959
5060impl Acceptor {
@@ -64,6 +74,7 @@ impl Acceptor {
6474 static_channels : StaticChannelSet :: new ( ) ,
6575 saved_for_reactivation : Default :: default ( ) ,
6676 creds,
77+ received_credentials : None ,
6778 reactivation : false ,
6879 }
6980 }
@@ -105,6 +116,7 @@ impl Acceptor {
105116 static_channels,
106117 saved_for_reactivation,
107118 creds : consumed. creds ,
119+ received_credentials : consumed. received_credentials ,
108120 reactivation : true ,
109121 } )
110122 }
@@ -159,6 +171,7 @@ impl Acceptor {
159171 user_channel_id : self . user_channel_id ,
160172 io_channel_id : self . io_channel_id ,
161173 reactivation : self . reactivation ,
174+ credentials : self . received_credentials . take ( ) ,
162175 } ) ,
163176 previous_state => {
164177 self . state = previous_state;
@@ -567,6 +580,9 @@ impl Sequence for Acceptor {
567580
568581 return Err ( ConnectorError :: general ( "invalid credentials" ) ) ;
569582 }
583+
584+ // Store credentials for later retrieval via AcceptorResult.
585+ self . received_credentials = Some ( creds) ;
570586 }
571587
572588 (
0 commit comments