1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4-kdc: Prepare for gMSA support by recording it on the entry

This will allow the "samba-tool domain exportkeytab" code to do special gMSA
processing and in the future will allow the KDC to know it needs to check
if the keys in the DB need refreshing.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2023-12-22 12:09:45 +13:00
parent 48affb137f
commit 66a9c1daa8
2 changed files with 6 additions and 0 deletions

View File

@ -1131,6 +1131,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
bool force_rc4 = lpcfg_kdc_force_enable_rc4_weak_session_keys(lp_ctx);
struct ldb_message_element *objectclasses;
struct ldb_val computer_val = data_blob_string_const("computer");
struct ldb_val gmsa_oc_val = data_blob_string_const("msDS-GroupManagedServiceAccount");
uint32_t config_default_supported_enctypes = lpcfg_kdc_default_domain_supported_enctypes(lp_ctx);
uint32_t default_supported_enctypes =
config_default_supported_enctypes != 0 ?
@ -1197,6 +1198,10 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
goto out;
}
if (objectclasses && ldb_msg_find_val(objectclasses, &gmsa_oc_val)) {
p->group_managed_service_account = true;
}
p->is_rodc = is_rodc;
p->kdc_db_ctx = kdc_db_ctx;
p->realm_dn = talloc_reference(p, realm_dn);

View File

@ -75,6 +75,7 @@ struct samba_kdc_entry {
bool is_trust : 1;
bool claims_from_pac_are_initialized : 1;
bool claims_from_db_are_initialized : 1;
bool group_managed_service_account : 1;
};
extern struct hdb_method hdb_samba4_interface;