sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().

Browse Source 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Günther Deschner 2014-05-09 23:26:42 +02:00
parent ba1838300c
commit 78c0cf292b
4 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source4/kdc/mit_samba.c
View File

@ -230,9 +230,15 @@ static int mit_samba_update_pac_data(struct mit_samba_context *ctx,
NTSTATUS nt_status;
krb5_pac pac = NULL;
int ret;
struct samba_kdc_entry *skdc_entry = NULL;
if (client) {
skdc_entry = talloc_get_type_abort(client->ctx,
struct samba_kdc_entry);
}
/* The user account may be set not to want the PAC */
if (client && !samba_princ_needs_pac(client)) {
if (client && !samba_princ_needs_pac(skdc_entry)) {
return EINVAL;
}

8
source4/kdc/pac-glue.c
View File

@ -135,15 +135,13 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
return ret;
}
bool samba_princ_needs_pac(struct hdb_entry_ex *princ)
bool samba_princ_needs_pac(struct samba_kdc_entry *skdc_entry)
{
struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct samba_kdc_entry);
uint32_t userAccountControl;
/* The service account may be set not to want the PAC */
userAccountControl = ldb_msg_find_attr_as_uint(p->msg, "userAccountControl", 0);
userAccountControl = ldb_msg_find_attr_as_uint(skdc_entry->msg, "userAccountControl", 0);
if (userAccountControl & UF_NO_AUTH_DATA_REQUIRED) {
return false;
}
@ -231,7 +229,7 @@ NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
NTSTATUS nt_status;
/* The user account may be set not to want the PAC */
if ( ! samba_princ_needs_pac(client)) {
if ( ! samba_princ_needs_pac(p)) {
*_pac_blob = NULL;
return NT_STATUS_OK;
}

2
source4/kdc/pac-glue.h
View File

@ -26,7 +26,7 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
DATA_BLOB *deleg_blob,
krb5_pac *pac);
bool samba_princ_needs_pac(struct hdb_entry_ex *princ);
bool samba_princ_needs_pac(struct samba_kdc_entry *skdc_entry);
int samba_krbtgt_is_in_db(struct hdb_entry_ex *princ, bool *is_in_db, bool *is_untrusted);

2
source4/kdc/wdc-samba4.c
View File

@ -77,7 +77,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context,
}
/* The user account may be set not to want the PAC */
if (!samba_princ_needs_pac(server)) {
if (!samba_princ_needs_pac(p)) {
talloc_free(mem_ctx);
return EINVAL;
}