s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()

This will be used for SID expanding and filtering. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2018-02-01 18:40:58 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2018-03-19 20:30:52 +0100
commit: a5f803e9e9f7655f3a6867401d5d3eb667593a9f (patch)
tree: 8932c1da932874e3441325a91c9c7f0352f1948f /source4/kdc
parent: 396fd8f4ff3fd3b5d89109d35b06668bc266143a (diff)
download: samba-a5f803e9e9f7655f3a6867401d5d3eb667593a9f.tar.gz
4 files changed, 16 insertions, 1 deletions
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 1cd6750f5ab..414e67c6a98 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -481,7 +481,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 	DATA_BLOB *upn_blob = NULL;
 	DATA_BLOB *deleg_blob = NULL;
 	struct samba_kdc_entry *client_skdc_entry = NULL;
-	struct samba_kdc_entry *krbtgt_skdc_entry;
+	struct samba_kdc_entry *krbtgt_skdc_entry = NULL;
+	struct samba_kdc_entry *server_skdc_entry = NULL;
 	bool is_in_db = false;
 	bool is_untrusted = false;
 	size_t num_types = 0;
@@ -509,6 +510,13 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 		}
 	}
 
+	if (server == NULL) {
+		return EINVAL;
+	}
+	server_skdc_entry =
+		talloc_get_type_abort(server->e_data,
+				      struct samba_kdc_entry);
+
 	if (krbtgt == NULL) {
 		return EINVAL;
 	}
@@ -567,6 +575,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 
 		nt_status = samba_kdc_update_pac_blob(tmp_ctx,
 						      context,
+						      krbtgt_skdc_entry,
+						      server_skdc_entry,
 						      *pac,
 						      pac_blob,
 						      pac_srv_sig,
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 1a862e2a8a3..9b5f30917a6 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -747,6 +747,8 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
 
 NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,
 				   krb5_context context,
+				   struct samba_kdc_entry *krbtgt,
+				   struct samba_kdc_entry *server,
 				   const krb5_pac pac, DATA_BLOB *pac_blob,
 				   struct PAC_SIGNATURE_DATA *pac_srv_sig,
 				   struct PAC_SIGNATURE_DATA *pac_kdc_sig)
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index 92a6bc78023..2eb7fd3b755 100644
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -51,6 +51,8 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
 
 NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,
 				   krb5_context context,
+				   struct samba_kdc_entry *krbtgt,
+				   struct samba_kdc_entry *server,
 				   const krb5_pac pac, DATA_BLOB *pac_blob,
 				   struct PAC_SIGNATURE_DATA *pac_srv_sig,
 				   struct PAC_SIGNATURE_DATA *pac_kdc_sig);
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index b90578c8508..a7d8de1f417 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -186,6 +186,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
 		}
 
 		nt_status = samba_kdc_update_pac_blob(mem_ctx, context,
+						      krbtgt_skdc_entry, p,
 						      *pac, pac_blob,
 						      pac_srv_sig, pac_kdc_sig);
 		if (!NT_STATUS_IS_OK(nt_status)) {
author	Stefan Metzmacher <metze@samba.org>	2018-02-01 18:40:58 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2018-03-19 20:30:52 +0100
commit	a5f803e9e9f7655f3a6867401d5d3eb667593a9f (patch)
tree	8932c1da932874e3441325a91c9c7f0352f1948f /source4/kdc
parent	396fd8f4ff3fd3b5d89109d35b06668bc266143a (diff)
download	samba-a5f803e9e9f7655f3a6867401d5d3eb667593a9f.tar.gz