s4:kdc: Add PAC_ATTRIBUTES integration for Heimdal

NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN! Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org>
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2021-12-22 17:08:43 +1300
committer: Joseph Sutton <jsutton@samba.org> 2022-01-19 20:50:35 +0000
commit: 6c2a97d3b29ba14ff43840f3c7b146960f0f1665 (patch)
tree: 7bee244ab06f99bd369ed6d9124a7e471e80fb7a /source4
parent: ba154d62f70d1749aea44ddb4dc62439766f1a0b (diff)
download: samba-6c2a97d3b29ba14ff43840f3c7b146960f0f1665.tar.gz
4 files changed, 12 insertions, 17 deletions
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 2beccfa3678..27b15828468 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -476,7 +476,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
 					    cred_ndr_ptr,
 					    &upn_dns_info_blob,
 					    is_krbtgt ? &pac_attrs_blob : NULL,
-					    NULL,
+					    PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
 					    is_krbtgt ? &requester_sid_blob : NULL,
 					    NULL);
 	if (!NT_STATUS_IS_OK(nt_status)) {
@@ -611,7 +611,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 						    &pac_blob,
 						    NULL,
 						    &upn_blob,
-						    NULL, NULL,
+						    NULL,
+						    0,
 						    NULL,
 						    NULL);
 		if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 10831671fac..eac1612ca2b 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -153,7 +153,7 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx,
 
 static
 NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx,
-				  const krb5_boolean *pac_request,
+				  uint64_t pac_attributes,
 				  DATA_BLOB *pac_attrs_data)
 {
 	union PAC_INFO pac_attrs;
@@ -166,14 +166,7 @@ NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx,
 
 	/* Set the length of the flags in bits. */
 	pac_attrs.attributes_info.flags_length = 2;
-
-	if (pac_request == NULL) {
-		pac_attrs.attributes_info.flags
-			|= PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY;
-	} else if (*pac_request) {
-		pac_attrs.attributes_info.flags
-			|= PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED;
-	}
+	pac_attrs.attributes_info.flags = pac_attributes;
 
 	ndr_err = ndr_push_union_blob(pac_attrs_data, mem_ctx, &pac_attrs,
 				      PAC_TYPE_ATTRIBUTES_INFO,
@@ -839,7 +832,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
 				 DATA_BLOB **_cred_ndr_blob,
 				 DATA_BLOB **_upn_info_blob,
 				 DATA_BLOB **_pac_attrs_blob,
-				 const krb5_boolean *pac_request,
+				 uint64_t pac_attributes,
 				 DATA_BLOB **_requester_sid_blob,
 				 struct auth_user_info_dc **_user_info_dc)
 {
@@ -941,7 +934,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
 
 	if (pac_attrs_blob != NULL) {
 		nt_status = samba_get_pac_attrs_blob(pac_attrs_blob,
-						     pac_request,
+						     pac_attributes,
 						     pac_attrs_blob);
 
 		if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index d3395038a55..c57928473a1 100644
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -53,7 +53,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
 				 DATA_BLOB **_cred_ndr_blob,
 				 DATA_BLOB **_upn_info_blob,
 				 DATA_BLOB **_pac_attrs_blob,
-				 const krb5_boolean *pac_request,
+				 uint64_t pac_attributes,
 				 DATA_BLOB **_requester_sid_blob,
 				 struct auth_user_info_dc **_user_info_dc);
 NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c
index 6a5565d511e..1f1b9482a27 100644
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -39,7 +39,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context,
 					 struct hdb_entry_ex *client,
 					 struct hdb_entry_ex *server,
 					 const krb5_keyblock *pk_reply_key,
-					 const krb5_boolean *pac_request,
+					 uint64_t pac_attributes,
 					 krb5_pac *pac)
 {
 	TALLOC_CTX *mem_ctx;
@@ -74,7 +74,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context,
 					    cred_ndr_ptr,
 					    &upn_blob,
 					    is_krbtgt ? &pac_attrs_blob : NULL,
-					    pac_request,
+					    pac_attributes,
 					    is_krbtgt ? &requester_sid_blob : NULL,
 					    NULL);
 	if (!NT_STATUS_IS_OK(nt_status)) {
@@ -265,7 +265,8 @@ static krb5_error_code samba_wdc_reget_pac2(krb5_context context,
 
 		nt_status = samba_kdc_get_pac_blobs(mem_ctx, client_skdc_entry,
 						    &pac_blob, NULL, &upn_blob,
-						    NULL, NULL, &requester_sid_blob,
+						    NULL, PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
+						    &requester_sid_blob,
 						    &user_info_dc);
 		if (!NT_STATUS_IS_OK(nt_status)) {
 			talloc_free(mem_ctx);
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2021-12-22 17:08:43 +1300
committer	Joseph Sutton <jsutton@samba.org>	2022-01-19 20:50:35 +0000
commit	6c2a97d3b29ba14ff43840f3c7b146960f0f1665 (patch)
tree	7bee244ab06f99bd369ed6d9124a7e471e80fb7a /source4
parent	ba154d62f70d1749aea44ddb4dc62439766f1a0b (diff)
download	samba-6c2a97d3b29ba14ff43840f3c7b146960f0f1665.tar.gz