mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
s4:kdc: Add referral policy callback
This is now used instead of a configuration option.
This is an adaption to Heimdal:
commit 3fa47f5a1a422e178d968a8ec0d59889eaa71548
Author: Luke Howard <lukeh@padl.com>
Date: Sun Jan 2 21:51:43 2022 +1100
kdc: add referral_policy callback to windc plugin
Add a referral policy hook to the TGS as a more elegant way of resolving
referral detection for Samba). The hook can either rewrite the server_princ in
the request, or it can return an error to disable built-in referral processing.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a5799cea03
)
This commit is contained in:
parent
cef9e6f851
commit
b88d892498
@ -408,8 +408,6 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
|
||||
kdc_config->svc_use_strongest_session_key = false;
|
||||
kdc_config->use_strongest_server_key = true;
|
||||
|
||||
kdc_config->autodetect_referrals = false;
|
||||
|
||||
kdc_config->force_include_pa_etype_salt = true;
|
||||
|
||||
/*
|
||||
|
@ -28,6 +28,7 @@
|
||||
#include "sdb.h"
|
||||
#include "sdb_hdb.h"
|
||||
#include "librpc/gen_ndr/auth.h"
|
||||
#include <krb5_locl.h>
|
||||
|
||||
/*
|
||||
* Given the right private pointer from hdb_samba4,
|
||||
@ -952,6 +953,12 @@ static void samba_wdc_plugin_fini(void *ptr)
|
||||
return;
|
||||
}
|
||||
|
||||
static krb5_error_code samba_wdc_referral_policy(void *priv,
|
||||
astgs_request_t r)
|
||||
{
|
||||
return r->error_code;
|
||||
}
|
||||
|
||||
struct krb5plugin_windc_ftable windc_plugin_table = {
|
||||
.minor_version = KRB5_WINDC_PLUGIN_MINOR,
|
||||
.init = samba_wdc_plugin_init,
|
||||
@ -960,6 +967,7 @@ struct krb5plugin_windc_ftable windc_plugin_table = {
|
||||
.client_access = samba_wdc_check_client_access,
|
||||
.finalize_reply = samba_wdc_finalize_reply,
|
||||
.pac_generate = samba_wdc_get_pac,
|
||||
.referral_policy = samba_wdc_referral_policy,
|
||||
};
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user