2025-01-24 02:04:21 +03:00 · 2023-09-29 13:50:51 +13:00 · 2023-09-29 13:50:51 +13:00 · 321e0ed675
commit 321e0ed675
parent 3358b04a58
4 changed files with 0 additions and 28 deletions
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@ -675,8 +675,6 @@ krb5_error_code mit_samba_update_pac(struct mit_samba_context *ctx,
 				    flags,
 				    client_skdc_entry,
 				    krbtgt_skdc_entry,
-				    NULL /* device */,
-				    NULL /* device_pac */,
 				    old_pac);
 	if (code != 0) {
 		goto done;
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@ -2081,12 +2081,6 @@ static krb5_error_code samba_kdc_get_device_info_blob(TALLOC_CTX *mem_ctx,

 * @param krbtgt    The krbtgt samba kdc entry.
 *
- * @param device    The computer's samba kdc entry; used for compound
- *                  authentication.
-
- * @param device_pac        The PAC from the computer's TGT; used
- *                          for compound authentication.
-
 * @param pac                       The PAC

 * @return A Kerberos error code.
@ -2096,8 +2090,6 @@ krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx,
 				     uint32_t flags,
 				     struct samba_kdc_entry *client,
 				     const struct samba_kdc_entry *krbtgt,
-				     const struct samba_kdc_entry *device,
-				     const krb5_const_pac *device_pac,
 				     const krb5_const_pac pac)
 {
 	TALLOC_CTX *tmp_ctx = NULL;
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@ -100,8 +100,6 @@ krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx,
 				     uint32_t flags,
 				     struct samba_kdc_entry *client,
 				     const struct samba_kdc_entry *krbtgt,
-				     const struct samba_kdc_entry *device,
-				     const krb5_const_pac *device_pac,
 				     krb5_const_pac pac);

 struct authn_audit_info;
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@ -271,13 +271,10 @@ static krb5_error_code samba_wdc_verify_pac2(astgs_request_t r,
 					     const hdb_entry *krbtgt,
 					     const krb5_pac pac,
 					     krb5_cksumtype ctype,
-					     const hdb_entry *device,
-					     krb5_const_pac *device_pac,
 					     krb5_boolean *is_trusted_out)
 {
 	krb5_context context = kdc_request_get_context((kdc_request_t)r);
 	struct samba_kdc_entry *client_skdc_entry = NULL;
-	struct samba_kdc_entry *device_skdc_entry = NULL;
 	struct samba_kdc_entry *krbtgt_skdc_entry =
 		talloc_get_type_abort(krbtgt->context, struct samba_kdc_entry);
 	TALLOC_CTX *mem_ctx = NULL;
@ -297,11 +294,6 @@ static krb5_error_code samba_wdc_verify_pac2(astgs_request_t r,
 							  struct samba_kdc_entry);
 	}

-	if (device != NULL) {
-		device_skdc_entry = talloc_get_type_abort(device->context,
-							  struct samba_kdc_entry);
-	}
-
 	/*
 	 * If the krbtgt was generated by an RODC, and we are not that
 	 * RODC, then we need to regenerate the PAC - we can't trust
@ -376,8 +368,6 @@ static krb5_error_code samba_wdc_verify_pac2(astgs_request_t r,
 				   flags,
 				   client_skdc_entry,
 				   krbtgt_skdc_entry,
-				   device_skdc_entry,
-				   device_pac,
 				   pac);
 	if (ret != 0) {
 		goto out;
@ -540,10 +530,6 @@ static krb5_error_code samba_wdc_verify_pac(void *priv, astgs_request_t r,
 	krb5_error_code ret;
 	krb5_cksumtype ctype = CKSUMTYPE_NONE;
 	hdb_entry signing_krbtgt_hdb;
-	const hdb_entry *explicit_armor_client =
-		kdc_request_get_explicit_armor_client(r);
-	krb5_const_pac explicit_armor_pac =
-		kdc_request_get_explicit_armor_pac(r);

 	if (delegated_proxy) {
 		uint16_t pac_kdc_signature_rodc_id;
@ -666,8 +652,6 @@ static krb5_error_code samba_wdc_verify_pac(void *priv, astgs_request_t r,
 				    krbtgt,
 				    pac,
 				    ctype,
-				    explicit_armor_client,
-				    &explicit_armor_pac,
 				    is_trusted);

 	if (krbtgt == &signing_krbtgt_hdb) {