mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s4-kdc: Prepare for gMSA support by recording it on the entry
This will allow the "samba-tool domain exportkeytab" code to do special gMSA processing and in the future will allow the KDC to know it needs to check if the keys in the DB need refreshing. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This commit is contained in:
parent
48affb137f
commit
66a9c1daa8
@ -1131,6 +1131,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
||||
bool force_rc4 = lpcfg_kdc_force_enable_rc4_weak_session_keys(lp_ctx);
|
||||
struct ldb_message_element *objectclasses;
|
||||
struct ldb_val computer_val = data_blob_string_const("computer");
|
||||
struct ldb_val gmsa_oc_val = data_blob_string_const("msDS-GroupManagedServiceAccount");
|
||||
uint32_t config_default_supported_enctypes = lpcfg_kdc_default_domain_supported_enctypes(lp_ctx);
|
||||
uint32_t default_supported_enctypes =
|
||||
config_default_supported_enctypes != 0 ?
|
||||
@ -1197,6 +1198,10 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (objectclasses && ldb_msg_find_val(objectclasses, &gmsa_oc_val)) {
|
||||
p->group_managed_service_account = true;
|
||||
}
|
||||
|
||||
p->is_rodc = is_rodc;
|
||||
p->kdc_db_ctx = kdc_db_ctx;
|
||||
p->realm_dn = talloc_reference(p, realm_dn);
|
||||
|
@ -75,6 +75,7 @@ struct samba_kdc_entry {
|
||||
bool is_trust : 1;
|
||||
bool claims_from_pac_are_initialized : 1;
|
||||
bool claims_from_db_are_initialized : 1;
|
||||
bool group_managed_service_account : 1;
|
||||
};
|
||||
|
||||
extern struct hdb_method hdb_samba4_interface;
|
||||
|
Loading…
Reference in New Issue
Block a user