diff options
| author | Stefan Metzmacher <metze@samba.org> | 2011-06-28 14:46:49 +0200 |
|---|---|---|
| committer | Stefan Metzmacher <metze@samba.org> | 2011-06-28 19:23:43 +0200 |
| commit | 73b1e1466cb3a2f3cadc2865b0226a48b3ff6f27 (patch) | |
| tree | 1f97f89afd2fcf2081033564146437028604f75c /source4/kdc/wdc-samba4.c | |
| parent | 19090607980c48dc565377dce830310d3a0bca7a (diff) | |
| download | samba-73b1e1466cb3a2f3cadc2865b0226a48b3ff6f27.tar.gz samba-73b1e1466cb3a2f3cadc2865b0226a48b3ff6f27.tar.bz2 samba-73b1e1466cb3a2f3cadc2865b0226a48b3ff6f27.zip | |
s4:kdc: generate the S4U_DELEGATION_INFO in the regenerated pac
metze
Diffstat (limited to 'source4/kdc/wdc-samba4.c')
| -rw-r--r-- | source4/kdc/wdc-samba4.c | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c index 56d01dbfde..99ad96a6b5 100644 --- a/source4/kdc/wdc-samba4.c +++ b/source4/kdc/wdc-samba4.c @@ -46,7 +46,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context, return EINVAL; } - ret = samba_make_krb5_pac(context, pac_blob, pac); + ret = samba_make_krb5_pac(context, pac_blob, NULL, pac); talloc_free(mem_ctx); return ret; @@ -56,6 +56,7 @@ static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context, static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, const krb5_principal client_principal, + const krb5_principal delegated_proxy_principal, struct hdb_entry_ex *client, struct hdb_entry_ex *server, struct hdb_entry_ex *krbtgt, @@ -64,6 +65,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, struct samba_kdc_entry *p = talloc_get_type(server->ctx, struct samba_kdc_entry); TALLOC_CTX *mem_ctx = talloc_named(p, 0, "samba_kdc_reget_pac context"); DATA_BLOB *pac_blob; + DATA_BLOB *deleg_blob = NULL; krb5_error_code ret; NTSTATUS nt_status; @@ -97,7 +99,7 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, } nt_status = samba_kdc_update_pac_blob(mem_ctx, context, - pac, pac_blob); + *pac, pac_blob); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Building PAC failed: %s\n", nt_errstr(nt_status))); @@ -105,10 +107,31 @@ static krb5_error_code samba_wdc_reget_pac(void *priv, krb5_context context, return EINVAL; } } + + if (delegated_proxy_principal) { + deleg_blob = talloc_zero(mem_ctx, DATA_BLOB); + if (!deleg_blob) { + talloc_free(mem_ctx); + return ENOMEM; + } + + nt_status = samba_kdc_update_delegation_info_blob(mem_ctx, + context, *pac, + server->entry.principal, + delegated_proxy_principal, + deleg_blob); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0, ("Building PAC failed: %s\n", + nt_errstr(nt_status))); + talloc_free(mem_ctx); + return EINVAL; + } + } + /* We now completely regenerate this pac */ krb5_pac_free(context, *pac); - ret = samba_make_krb5_pac(context, pac_blob, pac); + ret = samba_make_krb5_pac(context, pac_blob, deleg_blob, pac); talloc_free(mem_ctx); return ret; |