diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-06-18 11:08:46 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-18 13:49:30 +1000 |
commit | 19413c52495877d54c90c60229568d0077fda30b (patch) | |
tree | c148e96ba2ff28933f2d5f3714b8fc7e60957dec /source4/heimdal/kdc/windc_plugin.h | |
parent | 2afc6df9b49a246129acdd7c8c24448c8cf3b6ef (diff) | |
download | samba-19413c52495877d54c90c60229568d0077fda30b.tar.gz samba-19413c52495877d54c90c60229568d0077fda30b.tar.bz2 samba-19413c52495877d54c90c60229568d0077fda30b.zip |
s4:kdc Allow a password change when the password is expired
This requires a rework on Heimdal's windc plugin layer, as we want
full control over what tickets Heimdal will issue. (In particular, in
case our requirements become more complex in future).
The original problem was that Heimdal's check would permit the ticket,
but Samba would then deny it, not knowing it was for kadmin/changepw
Also (in hdb-samba4) be a bit more careful on what entries we will
make the 'change_pw' service mark that this depends on.
Andrew Bartlett
Diffstat (limited to 'source4/heimdal/kdc/windc_plugin.h')
-rw-r--r-- | source4/heimdal/kdc/windc_plugin.h | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h index 34016694b2..c7efb7b852 100644 --- a/source4/heimdal/kdc/windc_plugin.h +++ b/source4/heimdal/kdc/windc_plugin.h @@ -64,10 +64,14 @@ typedef krb5_error_code typedef krb5_error_code (*krb5plugin_windc_client_access)( - void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *, krb5_data *); + void *, krb5_context, + krb5_kdc_configuration *config, + hdb_entry_ex *, const char *, + hdb_entry_ex *, const char *, + KDC_REQ *, krb5_data *); -#define KRB5_WINDC_PLUGING_MINOR 3 +#define KRB5_WINDC_PLUGING_MINOR 4 typedef struct krb5plugin_windc_ftable { int minor_version; |