mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
d68a530c66
Looking up the DB twice is subject to a race and is a poor use of resources, so instead just pass in the record we already got when trying to confirm that the server in S4U2Self is the same as the requesting client. The client record has already been bound to the the original client by the SID check in the PAC. Likewise by looking up server only once we ensure that the keys looked up originally are in the record we confirm the SID for here. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14686 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
60 lines
2.0 KiB
C
60 lines
2.0 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
Database Glue between Samba and the KDC
|
|
|
|
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005-2009
|
|
Copyright (C) Simo Sorce <idra@samba.org> 2010
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
struct sdb_entry_ex;
|
|
|
|
krb5_error_code samba_kdc_fetch(krb5_context context,
|
|
struct samba_kdc_db_context *kdc_db_ctx,
|
|
krb5_const_principal principal,
|
|
unsigned flags,
|
|
krb5_kvno kvno,
|
|
struct sdb_entry_ex *entry_ex);
|
|
|
|
krb5_error_code samba_kdc_firstkey(krb5_context context,
|
|
struct samba_kdc_db_context *kdc_db_ctx,
|
|
struct sdb_entry_ex *entry);
|
|
|
|
krb5_error_code samba_kdc_nextkey(krb5_context context,
|
|
struct samba_kdc_db_context *kdc_db_ctx,
|
|
struct sdb_entry_ex *entry);
|
|
|
|
krb5_error_code
|
|
samba_kdc_check_s4u2self(krb5_context context,
|
|
struct samba_kdc_entry *skdc_entry_client,
|
|
struct samba_kdc_entry *skdc_entry_server_target);
|
|
|
|
krb5_error_code
|
|
samba_kdc_check_pkinit_ms_upn_match(krb5_context context,
|
|
struct samba_kdc_db_context *kdc_db_ctx,
|
|
struct samba_kdc_entry *skdc_entry,
|
|
krb5_const_principal certificate_principal);
|
|
|
|
krb5_error_code
|
|
samba_kdc_check_s4u2proxy(krb5_context context,
|
|
struct samba_kdc_db_context *kdc_db_ctx,
|
|
struct samba_kdc_entry *skdc_entry,
|
|
krb5_const_principal target_principal);
|
|
|
|
NTSTATUS samba_kdc_setup_db_ctx(TALLOC_CTX *mem_ctx, struct samba_kdc_base_context *base_ctx,
|
|
struct samba_kdc_db_context **kdc_db_ctx_out);
|