1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

s4:kdc: Add referral policy callback

This is now used instead of a configuration option.

This is an adaption to Heimdal:

commit 3fa47f5a1a422e178d968a8ec0d59889eaa71548
Author: Luke Howard <lukeh@padl.com>
Date:   Sun Jan 2 21:51:43 2022 +1100

    kdc: add referral_policy callback to windc plugin

    Add a referral policy hook to the TGS as a more elegant way of resolving
    referral detection for Samba). The hook can either rewrite the server_princ in
    the request, or it can return an error to disable built-in referral processing.

NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a5799cea03)
This commit is contained in:
Joseph Sutton 2022-02-21 19:25:06 +13:00 committed by Jule Anger
parent cef9e6f851
commit b88d892498
2 changed files with 8 additions and 2 deletions

View File

@ -408,8 +408,6 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
kdc_config->svc_use_strongest_session_key = false;
kdc_config->use_strongest_server_key = true;
kdc_config->autodetect_referrals = false;
kdc_config->force_include_pa_etype_salt = true;
/*

View File

@ -28,6 +28,7 @@
#include "sdb.h"
#include "sdb_hdb.h"
#include "librpc/gen_ndr/auth.h"
#include <krb5_locl.h>
/*
* Given the right private pointer from hdb_samba4,
@ -952,6 +953,12 @@ static void samba_wdc_plugin_fini(void *ptr)
return;
}
static krb5_error_code samba_wdc_referral_policy(void *priv,
astgs_request_t r)
{
return r->error_code;
}
struct krb5plugin_windc_ftable windc_plugin_table = {
.minor_version = KRB5_WINDC_PLUGIN_MINOR,
.init = samba_wdc_plugin_init,
@ -960,6 +967,7 @@ struct krb5plugin_windc_ftable windc_plugin_table = {
.client_access = samba_wdc_check_client_access,
.finalize_reply = samba_wdc_finalize_reply,
.pac_generate = samba_wdc_get_pac,
.referral_policy = samba_wdc_referral_policy,
};