diff options
author | Andrew Tridgell <tridge@samba.org> | 2010-09-16 14:12:37 +1000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2010-09-16 16:08:46 +1000 |
commit | 6a82997285db9aff0085e6a54e58a34a97152ebb (patch) | |
tree | 6e1918772cd61b6b64e434ec020744dcf8e07348 /source4 | |
parent | 377ffcb0292505bfcdc6fbcfdc379614364cc868 (diff) | |
download | samba-6a82997285db9aff0085e6a54e58a34a97152ebb.tar.gz samba-6a82997285db9aff0085e6a54e58a34a97152ebb.tar.bz2 samba-6a82997285db9aff0085e6a54e58a34a97152ebb.zip |
s4-credentials: added ability to control forwardable attribute on krb5 tickets
with the latest bind9 nsupdate, we need to be able to control if the
ticket we use is forwardable
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/auth/credentials/credentials.c | 12 | ||||
-rw-r--r-- | source4/auth/credentials/credentials.h | 12 |
2 files changed, 24 insertions, 0 deletions
diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c index acdcfdee69..e1965b3f84 100644 --- a/source4/auth/credentials/credentials.c +++ b/source4/auth/credentials/credentials.c @@ -109,6 +109,7 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cli_credentials_set_kerberos_state(cred, CRED_AUTO_USE_KERBEROS); cli_credentials_set_gensec_features(cred, 0); + cli_credentials_set_krb_forwardable(cred, CRED_AUTO_KRB_FORWARDABLE); return cred; } @@ -133,11 +134,22 @@ _PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds, creds->use_kerberos = use_kerberos; } +_PUBLIC_ void cli_credentials_set_krb_forwardable(struct cli_credentials *creds, + enum credentials_krb_forwardable krb_forwardable) +{ + creds->krb_forwardable = krb_forwardable; +} + _PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds) { return creds->use_kerberos; } +_PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds) +{ + return creds->krb_forwardable; +} + _PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features) { creds->gensec_features = gensec_features; diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h index c4c7d3f246..b7a9540d86 100644 --- a/source4/auth/credentials/credentials.h +++ b/source4/auth/credentials/credentials.h @@ -44,6 +44,12 @@ enum credentials_use_kerberos { CRED_MUST_USE_KERBEROS /* Sometimes administrators are parinoid, so always do kerberos */ }; +enum credentials_krb_forwardable { + CRED_AUTO_KRB_FORWARDABLE = 0, /* Default, follow library defaults */ + CRED_NO_KRB_FORWARDABLE, /* not forwardable */ + CRED_FORCE_KRB_FORWARDABLE /* forwardable */ +}; + #define CLI_CRED_NTLM2 0x01 #define CLI_CRED_NTLMv2_AUTH 0x02 #define CLI_CRED_LANMAN_AUTH 0x04 @@ -122,6 +128,9 @@ struct cli_credentials { /* Should we be trying to use kerberos? */ enum credentials_use_kerberos use_kerberos; + /* Should we get a forwardable ticket? */ + enum credentials_krb_forwardable krb_forwardable; + /* gensec features which should be used for connections */ uint32_t gensec_features; @@ -193,6 +202,8 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, const char **error_string); void cli_credentials_set_kerberos_state(struct cli_credentials *creds, enum credentials_use_kerberos use_kerberos); +void cli_credentials_set_krb_forwardable(struct cli_credentials *creds, + enum credentials_krb_forwardable krb_forwardable); bool cli_credentials_set_domain(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained); @@ -280,6 +291,7 @@ const char *cli_credentials_get_salt_principal(struct cli_credentials *cred); const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cred); const char *cli_credentials_get_target_service(struct cli_credentials *cred); enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds); +enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds); NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, struct tevent_context *event_ctx, struct loadparm_context *lp_ctx, |