From 2f9d2ff89528b96a9e27061ffe3871d0dc18c241 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 27 Sep 2023 15:49:59 +1300
Subject: [PATCH] s4:kdc: Add parameters for claims and device info to
 authn_policy_authenticate_to_service()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/auth/ntlm/auth_sam.c    | 3 +++
 source4/kdc/authn_policy_util.c | 9 ++++++---
 source4/kdc/authn_policy_util.h | 3 +++
 source4/kdc/pac-glue.c          | 3 +++
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 7b65b3084f8..0c48b9c0b6a 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -822,7 +822,10 @@ static NTSTATUS authsam_check_netlogon_trust(TALLOC_CTX *mem_ctx,
 							      lp_ctx,
 							      AUTHN_POLICY_AUTH_TYPE_NTLM,
 							      user_info_dc,
+							      NULL /* device_info */,
+							      (struct auth_claims) {},
 							      authn_server_policy,
+							      (struct authn_policy_flags) {},
 							      &server_audit_info);
 		if (server_audit_info != NULL) {
 			*server_audit_info_out = talloc_move(mem_ctx, &server_audit_info);
diff --git a/source4/kdc/authn_policy_util.c b/source4/kdc/authn_policy_util.c
index 1d3cdc4386f..a9f793889ef 100644
--- a/source4/kdc/authn_policy_util.c
+++ b/source4/kdc/authn_policy_util.c
@@ -1177,7 +1177,10 @@ NTSTATUS authn_policy_authenticate_to_service(TALLOC_CTX *mem_ctx,
 					      struct loadparm_context* lp_ctx,
 					      const enum authn_policy_auth_type auth_type,
 					      const struct auth_user_info_dc *user_info,
+					      const struct auth_user_info_dc *device_info,
+					      const struct auth_claims auth_claims,
 					      const struct authn_server_policy *server_policy,
+					      const struct authn_policy_flags authn_policy_flags,
 					      struct authn_audit_info **server_audit_info_out)
 {
 	NTSTATUS status = NT_STATUS_OK;
@@ -1210,12 +1213,12 @@ NTSTATUS authn_policy_authenticate_to_service(TALLOC_CTX *mem_ctx,
 					   samdb,
 					   lp_ctx,
 					   user_info,
-					   NULL /* device_info */,
-					   (struct auth_claims) {},
+					   device_info,
+					   auth_claims,
 					   &server_policy->policy,
 					   authn_int64_none() /* tgt_lifetime_raw */,
 					   event,
-					   (struct authn_policy_flags) {},
+					   authn_policy_flags,
 					   restrictions,
 					   server_audit_info_out);
 	return status;
diff --git a/source4/kdc/authn_policy_util.h b/source4/kdc/authn_policy_util.h
index 324bc4dbb33..48958037455 100644
--- a/source4/kdc/authn_policy_util.h
+++ b/source4/kdc/authn_policy_util.h
@@ -129,7 +129,10 @@ NTSTATUS authn_policy_authenticate_to_service(TALLOC_CTX *mem_ctx,
 					      struct loadparm_context* lp_ctx,
 					      enum authn_policy_auth_type auth_type,
 					      const struct auth_user_info_dc *user_info,
+					      const struct auth_user_info_dc *device_info,
+					      const struct auth_claims auth_claims,
 					      const struct authn_server_policy *server_policy,
+					      const struct authn_policy_flags authn_policy_flags,
 					      struct authn_audit_info **server_audit_info_out);
 
 /* Create a structure containing auditing information. */
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 3a2c140f78d..4c78647841e 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1671,7 +1671,10 @@ krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
 						      lp_ctx,
 						      AUTHN_POLICY_AUTH_TYPE_KERBEROS,
 						      client_info,
+						      NULL /* device_info */,
+						      (struct auth_claims) {},
 						      server_policy,
+						      (struct authn_policy_flags) {},
 						      server_audit_info_out);
 	if (!NT_STATUS_IS_OK(status)) {
 		if (status_out != NULL) {