diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2021-12-22 17:08:43 +1300 |
---|---|---|
committer | Joseph Sutton <jsutton@samba.org> | 2022-01-19 20:50:35 +0000 |
commit | 6c2a97d3b29ba14ff43840f3c7b146960f0f1665 (patch) | |
tree | 7bee244ab06f99bd369ed6d9124a7e471e80fb7a /source4 | |
parent | ba154d62f70d1749aea44ddb4dc62439766f1a0b (diff) | |
download | samba-6c2a97d3b29ba14ff43840f3c7b146960f0f1665.tar.gz |
s4:kdc: Add PAC_ATTRIBUTES integration for Heimdal
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/kdc/mit_samba.c | 5 | ||||
-rw-r--r-- | source4/kdc/pac-glue.c | 15 | ||||
-rw-r--r-- | source4/kdc/pac-glue.h | 2 | ||||
-rw-r--r-- | source4/kdc/wdc-samba4.c | 7 |
4 files changed, 12 insertions, 17 deletions
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c index 2beccfa3678..27b15828468 100644 --- a/source4/kdc/mit_samba.c +++ b/source4/kdc/mit_samba.c @@ -476,7 +476,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx, cred_ndr_ptr, &upn_dns_info_blob, is_krbtgt ? &pac_attrs_blob : NULL, - NULL, + PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY, is_krbtgt ? &requester_sid_blob : NULL, NULL); if (!NT_STATUS_IS_OK(nt_status)) { @@ -611,7 +611,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx, &pac_blob, NULL, &upn_blob, - NULL, NULL, + NULL, + 0, NULL, NULL); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 10831671fac..eac1612ca2b 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -153,7 +153,7 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx, static NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx, - const krb5_boolean *pac_request, + uint64_t pac_attributes, DATA_BLOB *pac_attrs_data) { union PAC_INFO pac_attrs; @@ -166,14 +166,7 @@ NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx, /* Set the length of the flags in bits. */ pac_attrs.attributes_info.flags_length = 2; - - if (pac_request == NULL) { - pac_attrs.attributes_info.flags - |= PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY; - } else if (*pac_request) { - pac_attrs.attributes_info.flags - |= PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED; - } + pac_attrs.attributes_info.flags = pac_attributes; ndr_err = ndr_push_union_blob(pac_attrs_data, mem_ctx, &pac_attrs, PAC_TYPE_ATTRIBUTES_INFO, @@ -839,7 +832,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx, DATA_BLOB **_cred_ndr_blob, DATA_BLOB **_upn_info_blob, DATA_BLOB **_pac_attrs_blob, - const krb5_boolean *pac_request, + uint64_t pac_attributes, DATA_BLOB **_requester_sid_blob, struct auth_user_info_dc **_user_info_dc) { @@ -941,7 +934,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx, if (pac_attrs_blob != NULL) { nt_status = samba_get_pac_attrs_blob(pac_attrs_blob, - pac_request, + pac_attributes, pac_attrs_blob); if (!NT_STATUS_IS_OK(nt_status)) { diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h index d3395038a55..c57928473a1 100644 --- a/source4/kdc/pac-glue.h +++ b/source4/kdc/pac-glue.h @@ -53,7 +53,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx, DATA_BLOB **_cred_ndr_blob, DATA_BLOB **_upn_info_blob, DATA_BLOB **_pac_attrs_blob, - const krb5_boolean *pac_request, + uint64_t pac_attributes, DATA_BLOB **_requester_sid_blob, struct auth_user_info_dc **_user_info_dc); NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx, diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c index 6a5565d511e..1f1b9482a27 100644 --- a/source4/kdc/wdc-samba4.c +++ b/source4/kdc/wdc-samba4.c @@ -39,7 +39,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context, struct hdb_entry_ex *client, struct hdb_entry_ex *server, const krb5_keyblock *pk_reply_key, - const krb5_boolean *pac_request, + uint64_t pac_attributes, krb5_pac *pac) { TALLOC_CTX *mem_ctx; @@ -74,7 +74,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context, cred_ndr_ptr, &upn_blob, is_krbtgt ? &pac_attrs_blob : NULL, - pac_request, + pac_attributes, is_krbtgt ? &requester_sid_blob : NULL, NULL); if (!NT_STATUS_IS_OK(nt_status)) { @@ -265,7 +265,8 @@ static krb5_error_code samba_wdc_reget_pac2(krb5_context context, nt_status = samba_kdc_get_pac_blobs(mem_ctx, client_skdc_entry, &pac_blob, NULL, &upn_blob, - NULL, NULL, &requester_sid_blob, + NULL, PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY, + &requester_sid_blob, &user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { talloc_free(mem_ctx); |