s4:kdc: Add claims parameter to authn_policy_authenticate_from_device()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

source4/kdc/authn_policy_util.c

@@ -845,6 +845,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
 					       struct ldb_context *samdb,
 					       struct loadparm_context* lp_ctx,
 					       const struct auth_user_info_dc *device_info,
+					       const struct auth_claims auth_claims,
 					       const struct authn_kerberos_client_policy *client_policy,
 					       struct authn_audit_info **client_audit_info_out)
 {
@@ -862,7 +863,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
 					   device_info,
 					   /* The device itself has no device. */
 					   NULL /* device_info */,
-					   (struct auth_claims) {},
+					   auth_claims,
 					   &client_policy->policy,
 					   authn_int64_some(client_policy->tgt_lifetime_raw),
 					   AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION,

source4/kdc/authn_policy_util.h

@@ -23,6 +23,7 @@
 
 #include "lib/replace/replace.h"
 #include "auth/authn_policy.h"
+#include "auth/session.h"
 #include <talloc.h>
 
 struct ldb_context;
@@ -68,6 +69,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
 					       struct ldb_context *samdb,
 					       struct loadparm_context* lp_ctx,
 					       const struct auth_user_info_dc *device_info,
+					       const struct auth_claims auth_claims,
 					       const struct authn_kerberos_client_policy *client_policy,
 					       struct authn_audit_info **client_audit_info_out);
 

source4/kdc/pac-glue.c

@@ -2951,6 +2951,7 @@ krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
 							  samdb,
 							  lp_ctx,
 							  device_info,
+							  (struct auth_claims) {},
 							  client_policy,
 							  &client_audit_info);
 	if (client_audit_info != NULL) {