sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-23 09:57:40 +03:00
Code

s4-kdc Add function to determine if a hdb entry is a RODC

Browse Source 
This is important, as we must ignore the PAC from an RODC.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2010-09-28 12:53:06 +10:00
parent 85f7bce865
commit 990720b8cd
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
source4/kdc/pac-glue.c
View File

@ -119,6 +119,22 @@ bool samba_princ_needs_pac(struct hdb_entry_ex *princ)
return true;
}
/* Was the krbtgt an RODC (and we are not) */
bool samba_krbtgt_was_untrusted_rodc(struct hdb_entry_ex *princ)
{
struct samba_kdc_entry *p = talloc_get_type(princ->ctx, struct samba_kdc_entry);
int rodc_krbtgt_number;
/* The service account may be set not to want the PAC */
rodc_krbtgt_number = ldb_msg_find_attr_as_int(p->msg, "msDS-SecondaryKrbTgtNumber", -1);
if (rodc_krbtgt_number != p->kdc_db_ctx->my_krbtgt_number) {
return true;
}
return false;
}
NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
struct hdb_entry_ex *client,
DATA_BLOB **_pac_blob)

2
source4/kdc/pac-glue.h
View File

@ -27,6 +27,8 @@ krb5_error_code samba_make_krb5_pac(krb5_context context,
bool samba_princ_needs_pac(struct hdb_entry_ex *princ);
bool samba_krbtgt_was_untrusted_rodc(struct hdb_entry_ex *princ);
NTSTATUS samba_kdc_get_pac_blob(TALLOC_CTX *mem_ctx,
struct hdb_entry_ex *client,
DATA_BLOB **_pac_blob);