sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-26 01:49:31 +03:00
Code Activity

s4:kdc: Add PAC_ATTRIBUTES integration for Heimdal

Browse Source 
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Joseph Sutton
2021-12-22 17:08:43 +13:00
committed by Joseph Sutton
parent ba154d62f7
commit 6c2a97d3b2
4 changed files with 12 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source4/kdc/mit_samba.c
View File

@ -476,7 +476,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
cred_ndr_ptr,
&upn_dns_info_blob,
is_krbtgt ? &pac_attrs_blob : NULL,
NULL,
PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
is_krbtgt ? &requester_sid_blob : NULL,
NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
@ -611,7 +611,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
&pac_blob,
NULL,
&upn_blob,
NULL, NULL,
NULL,
0,
NULL,
NULL);
if (!NT_STATUS_IS_OK(nt_status)) {

15
source4/kdc/pac-glue.c
View File

@ -153,7 +153,7 @@ NTSTATUS samba_get_upn_info_pac_blob(TALLOC_CTX *mem_ctx,
static
NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx,
const krb5_boolean *pac_request,
uint64_t pac_attributes,
DATA_BLOB *pac_attrs_data)
{
union PAC_INFO pac_attrs;
@ -166,14 +166,7 @@ NTSTATUS samba_get_pac_attrs_blob(TALLOC_CTX *mem_ctx,
/* Set the length of the flags in bits. */
pac_attrs.attributes_info.flags_length = 2;
if (pac_request == NULL) {
pac_attrs.attributes_info.flags
|= PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY;
} else if (*pac_request) {
pac_attrs.attributes_info.flags
|= PAC_ATTRIBUTE_FLAG_PAC_WAS_REQUESTED;
}
pac_attrs.attributes_info.flags = pac_attributes;
ndr_err = ndr_push_union_blob(pac_attrs_data, mem_ctx, &pac_attrs,
PAC_TYPE_ATTRIBUTES_INFO,
@ -839,7 +832,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
DATA_BLOB **_cred_ndr_blob,
DATA_BLOB **_upn_info_blob,
DATA_BLOB **_pac_attrs_blob,
const krb5_boolean *pac_request,
uint64_t pac_attributes,
DATA_BLOB **_requester_sid_blob,
struct auth_user_info_dc **_user_info_dc)
{
@ -941,7 +934,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
if (pac_attrs_blob != NULL) {
nt_status = samba_get_pac_attrs_blob(pac_attrs_blob,
pac_request,
pac_attributes,
pac_attrs_blob);
if (!NT_STATUS_IS_OK(nt_status)) {

2
source4/kdc/pac-glue.h
View File

@ -53,7 +53,7 @@ NTSTATUS samba_kdc_get_pac_blobs(TALLOC_CTX *mem_ctx,
DATA_BLOB **_cred_ndr_blob,
DATA_BLOB **_upn_info_blob,
DATA_BLOB **_pac_attrs_blob,
const krb5_boolean *pac_request,
uint64_t pac_attributes,
DATA_BLOB **_requester_sid_blob,
struct auth_user_info_dc **_user_info_dc);
NTSTATUS samba_kdc_update_pac_blob(TALLOC_CTX *mem_ctx,

7
source4/kdc/wdc-samba4.c
View File

@ -39,7 +39,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context,
struct hdb_entry_ex *client,
struct hdb_entry_ex *server,
const krb5_keyblock *pk_reply_key,
const krb5_boolean *pac_request,
uint64_t pac_attributes,
krb5_pac *pac)
{
TALLOC_CTX *mem_ctx;
@ -74,7 +74,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context,
cred_ndr_ptr,
&upn_blob,
is_krbtgt ? &pac_attrs_blob : NULL,
pac_request,
pac_attributes,
is_krbtgt ? &requester_sid_blob : NULL,
NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
@ -265,7 +265,8 @@ static krb5_error_code samba_wdc_reget_pac2(krb5_context context,
nt_status = samba_kdc_get_pac_blobs(mem_ctx, client_skdc_entry,
&pac_blob, NULL, &upn_blob,
NULL, NULL, &requester_sid_blob,
NULL, PAC_ATTRIBUTE_FLAG_PAC_WAS_GIVEN_IMPLICITLY,
&requester_sid_blob,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);