mirror of
https://github.com/samba-team/samba.git
synced 2025-01-24 02:04:21 +03:00
1c456912a1
With embedded Heimdal, we can mark a PAC as being trusted (i.e. not issued by an RODC). This is convenient, as it saves us needing to carry that information in flags, hoping it isn’t inadvertently lost. System Heimdal and MIT Kerberos, however, don’t provide a way to mark a PAC trusted. So we add a new wrapper type, ‘samba_kdc_entry_pac’, that contains this extra information if ‘krb5_const_pac’ doesn’t contain it already. As it also stores a pointer to the client entry, the structure’s lifetime must therefore be carefully managed. Finally, it keeps track of whether the PAC came across a trust, to know which is useful in some circumstances. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>