s4:kdc: store pac_princ in struct samba_kdc_entry_pac

author Stefan Metzmacher <metze@samba.org>

Thu, 13 Mar 2025 00:41:40 +0000 (01:41 +0100)

committer Ralph Boehme <slow@samba.org>

Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)
author Stefan Metzmacher <metze@samba.org>
Thu, 13 Mar 2025 00:41:40 +0000 (01:41 +0100)
committer Ralph Boehme <slow@samba.org>
Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c

index 8a7c0b41c46636d39655482c5a257f0a945df7cf..6adbbc9887f402405a7e0135148a3a7c48cae518 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -881,13 +881,19 @@ struct samba_kdc_entry_pac samba_kdc_entry_pac(krb5_const_pac pac,
                                                const struct samba_kdc_entry *krbtgt)
  {
         if (pac != NULL) {
+               SMB_ASSERT(pac_princ != NULL);
                 SMB_ASSERT(krbtgt != NULL);
+       } else {
+               pac_princ = NULL;
+               krbtgt = NULL;
+               entry = NULL;
         }
  
         return (struct samba_kdc_entry_pac) {
-               .entry = entry,
-               .krbtgt = krbtgt,
                 .pac = pac,
+               .pac_princ = pac_princ,
+               .krbtgt = krbtgt,
+               .entry = entry,
         };
  }
  #else /* MIT */
@@ -898,13 +904,26 @@ struct samba_kdc_entry_pac samba_kdc_entry_pac_from_trusted(krb5_const_pac pac,
                                                             bool is_trusted)
  {
         if (pac != NULL) {
+               /*
+                * TODO: we can't assert this yet,
+                * as mit_samba_update_pac() does not
+                * get this for cross realm clients.
+                *
+                * SMB_ASSERT(pac_princ != NULL);
+                */
                 SMB_ASSERT(krbtgt != NULL);
+       } else {
+               pac_princ = NULL;
+               krbtgt = NULL;
+               entry = NULL;
+               is_trusted = false;
         }
  
         return (struct samba_kdc_entry_pac) {
-               .entry = entry,
-               .krbtgt = krbtgt,
                 .pac = pac,
+               .pac_princ = pac_princ,
+               .krbtgt = krbtgt,
+               .entry = entry,
                 .pac_is_trusted = is_trusted,
         };
  }
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h

index 114dff3756e4f87dda64c556c12db06c67e98cd5..4d5643dff95002024d25d5b50c905fd865b095fd 100644 (file)
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -47,9 +47,22 @@ enum {
  };
  
  struct samba_kdc_entry_pac {
-       struct samba_kdc_entry *entry;
+       /*
+        * NULL indicates that no PAC is present.
+        *
+        * All other fields below are also NULL.
+        */
+       krb5_const_pac pac;
+
+       /* valid if pac is valid */
+       krb5_const_principal pac_princ;
+
+       /* valid if pac is valid */
         const struct samba_kdc_entry *krbtgt;
-       krb5_const_pac pac; /* NULL indicates that no PAC is present. */
+
+       /* valid if pac is valid and principal is local */
+       struct samba_kdc_entry *entry;
+
  #ifndef HAVE_KRB5_PAC_IS_TRUSTED /* MIT */
         bool pac_is_trusted : 1;
  #endif /* HAVE_KRB5_PAC_IS_TRUSTED */
author	Stefan Metzmacher <metze@samba.org>
	Thu, 13 Mar 2025 00:41:40 +0000 (01:41 +0100)
committer	Ralph Boehme <slow@samba.org>
	Thu, 3 Apr 2025 09:36:31 +0000 (09:36 +0000)
source4/kdc/pac-glue.c		patch \| blob \| blame \| history
source4/kdc/pac-glue.h		patch \| blob \| blame \| history