summaryrefslogtreecommitdiff
path: root/source4/kdc/hdb-samba4.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/kdc/hdb-samba4.c')
-rw-r--r--source4/kdc/hdb-samba4.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 8511b2f27b..f82712e2b2 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -121,7 +121,7 @@ static krb5_error_code hdb_samba4_destroy(krb5_context context, HDB *db)
}
static krb5_error_code
-hdb_samba4_check_identical_client_and_server(krb5_context context, HDB *db,
+hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
hdb_entry_ex *entry,
krb5_const_principal target_principal)
{
@@ -130,9 +130,9 @@ hdb_samba4_check_identical_client_and_server(krb5_context context, HDB *db,
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
- return samba_kdc_check_identical_client_and_server(context, kdc_db_ctx,
- entry,
- target_principal);
+ return samba_kdc_check_s4u2proxy(context, kdc_db_ctx,
+ entry,
+ target_principal);
}
static krb5_error_code
@@ -150,6 +150,21 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
certificate_principal);
}
+static krb5_error_code
+hdb_samba4_check_s4u2self(krb5_context context, HDB *db,
+ hdb_entry_ex *entry,
+ krb5_const_principal target_principal)
+{
+ struct samba_kdc_db_context *kdc_db_ctx;
+
+ kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
+ struct samba_kdc_db_context);
+
+ return samba_kdc_check_s4u2self(context, kdc_db_ctx,
+ entry,
+ target_principal);
+}
+
/* This interface is to be called by the KDC and libnet_keytab_dump,
* which is expecting Samba calling conventions.
* It is also called by a wrapper (hdb_samba4_create) from the
@@ -197,9 +212,9 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
(*db)->hdb_destroy = hdb_samba4_destroy;
(*db)->hdb_auth_status = NULL;
- (*db)->hdb_check_constrained_delegation = hdb_samba4_check_identical_client_and_server;
+ (*db)->hdb_check_constrained_delegation = hdb_samba4_check_constrained_delegation;
(*db)->hdb_check_pkinit_ms_upn_match = hdb_samba4_check_pkinit_ms_upn_match;
- (*db)->hdb_check_s4u2self = hdb_samba4_check_identical_client_and_server;
+ (*db)->hdb_check_s4u2self = hdb_samba4_check_s4u2self;
return NT_STATUS_OK;
}
generated by cgit (git 2.34.1) at 2024-06-07 16:57:31 +0000