diff options
author | Stefan Metzmacher <metze@samba.org> | 2018-02-01 18:40:58 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2018-03-19 20:30:52 +0100 |
commit | a5f803e9e9f7655f3a6867401d5d3eb667593a9f (patch) | |
tree | 8932c1da932874e3441325a91c9c7f0352f1948f /source4/kdc | |
parent | 396fd8f4ff3fd3b5d89109d35b06668bc266143a (diff) | |
download | samba-a5f803e9e9f7655f3a6867401d5d3eb667593a9f.tar.gz |
s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()
This will be used for SID expanding and filtering.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source4/kdc')
-rw-r--r-- | source4/kdc/mit_samba.c | 12 | ||||
-rw-r--r-- | source4/kdc/pac-glue.c | 2 | ||||
-rw-r--r-- | source4/kdc/pac-glue.h | 2 | ||||
-rw-r--r-- | source4/kdc/wdc-samba4.c | 1 |
4 files changed, 16 insertions, 1 deletions
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index 1cd6750f5ab..414e67c6a98 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -481,7 +481,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, DATA_BLOB *upn_blob = NULL; DATA_BLOB *deleg_blob = NULL; struct samba_kdc_entry *client_skdc_entry = NULL; - struct samba_kdc_entry *krbtgt_skdc_entry; + struct samba_kdc_entry *krbtgt_skdc_entry = NULL; + struct samba_kdc_entry *server_skdc_entry = NULL; bool is_in_db = false; bool is_untrusted = false; size_t num_types = 0; @@ -509,6 +510,13 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, } } + if (server == NULL) { + return EINVAL; + } + server_skdc_entry = + talloc_get_type_abort(server->e_data, + struct samba_kdc_entry); + if (krbtgt == NULL) { return EINVAL; } @@ -567,6 +575,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, nt_status = samba_kdc_update_pac_blob(tmp_ctx, context, + krbtgt_skdc_entry, + server_skdc_entry, *pac, pac_blob, pac_srv_sig, diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 1a862e2a8a3..9b5f30917a6 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -747,6 +747,8 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx, krb5_context context, + struct samba_kdc_entry *krbtgt, + struct samba_kdc_entry *server, const krb5_pac pac, DATA_BLOB *pac_blob, struct PAC_SIGNATURE_DATA *pac_srv_sig, struct PAC_SIGNATURE_DATA *pac_kdc_sig) diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h index 92a6bc78023..2eb7fd3b755 100644 --- a/source4/kdc/pac-glue.h +++ b/source4/kdc/pac-glue.h @@ -51,6 +51,8 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx, NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx, krb5_context context, + struct samba_kdc_entry *krbtgt, + struct samba_kdc_entry *server, const krb5_pac pac, DATA_BLOB *pac_blob, struct PAC_SIGNATURE_DATA *pac_srv_sig, struct PAC_SIGNATURE_DATA *pac_kdc_sig); diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c index b90578c8508..a7d8de1f417 100644 --- a/source4/kdc/wdc-samba4.c +++ b/source4/kdc/wdc-samba4.c @@ -186,6 +186,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, } nt_status = samba_kdc_update_pac_blob(mem_ctx, context, + krbtgt_skdc_entry, p, *pac, pac_blob, pac_srv_sig, pac_kdc_sig); if (!NT_STATUS_IS_OK(nt_status)) { |