mit_samba: Directly pass the principal and kflags

Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Andreas Schneider <asn@samba.org> 2015-07-30 14:36:55 +0200
committer: Andrew Bartlett <abartlet@samba.org> 2016-03-17 04:32:28 +0100
commit: 597772dbd24571b9bda62e5a279dd8a7616b372f (patch)
tree: 74737aae77dbbf715e4e4f16a4f8b18ebf373c5d /source4/kdc
parent: 33fcc76aa782a24d1d70c12a501a61ee657dcb2a (diff)
download: samba-597772dbd24571b9bda62e5a279dd8a7616b372f.tar.gz
2 files changed, 18 insertions, 9 deletions
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index fa3186e09e4..b77145e3947 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -104,11 +104,10 @@ done:
 
 
 int mit_samba_get_principal(struct mit_samba_context *ctx,
-			    char *principal_string,
-			    unsigned int flags,
+			    krb5_const_principal principal,
+			    unsigned int kflags,
 			    krb5_db_entry **_kentry)
 {
-	krb5_principal principal;
 	struct sdb_entry_ex sentry;
 	krb5_db_entry *kentry;
 	int ret;
@@ -119,10 +118,21 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
 		return ENOMEM;
 	}
 
-	ret = krb5_parse_name(ctx->context, principal_string, &principal);
-	if (ret) {
-		goto done;
+	if (kflags & KRB5_KDB_FLAG_CANONICALIZE) {
+		sflags |= SDB_F_CANON;
 	}
+	if (kflags & (KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY |
+		      KRB5_KDB_FLAG_INCLUDE_PAC)) {
+		sflags |= SDB_F_GET_CLIENT;
+	} else if (ks_is_tgs_principal(ctx, principal)) {
+		sflags |= SDB_F_GET_KRBTGT;
+	} else {
+		sflags |= SDB_F_GET_ANY;
+	}
+
+	/* always set this or the created_by data will not be populated by samba's
+	 * backend and we will fail to parse the entry later */
+	sflags |= SDB_F_ADMIN_DATA;
 
 	ret = samba_kdc_fetch(ctx->context, ctx->db_ctx,
 			      principal, sflags, 0, &sentry);
@@ -143,7 +153,6 @@ int mit_samba_get_principal(struct mit_samba_context *ctx,
 
 	ret = sdb_entry_ex_to_kdb_entry_ex(ctx->context, &sentry, kentry);
 
-	krb5_free_principal(NULL, principal);
 	sdb_free_entry(&sentry);
 
 done:
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h
index 6bc06053e31..022d8c7364d 100644
--- a/source4/kdc/mit_samba.h
+++ b/source4/kdc/mit_samba.h
@@ -33,8 +33,8 @@ int mit_samba_context_init(struct mit_samba_context **_ctx);
 void mit_samba_context_free(struct mit_samba_context *ctx);
 
 int mit_samba_get_principal(struct mit_samba_context *ctx,
-				   char *principal_string,
-				   unsigned int flags,
+				   krb5_const_principal principal,
+				   unsigned int kflags,
 				   krb5_db_entry **_kentry);
 
 int mit_samba_get_firstkey(struct mit_samba_context *ctx,
author	Andreas Schneider <asn@samba.org>	2015-07-30 14:36:55 +0200
committer	Andrew Bartlett <abartlet@samba.org>	2016-03-17 04:32:28 +0100
commit	597772dbd24571b9bda62e5a279dd8a7616b372f (patch)
tree	74737aae77dbbf715e4e4f16a4f8b18ebf373c5d /source4/kdc
parent	33fcc76aa782a24d1d70c12a501a61ee657dcb2a (diff)
download	samba-597772dbd24571b9bda62e5a279dd8a7616b372f.tar.gz