s4:kdc: Make functions to add special SIDs non‐static

author Joseph Sutton <josephsutton@catalyst.net.nz>

Mon, 21 Aug 2023 01:55:27 +0000 (13:55 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Thu, 14 Sep 2023 21:35:29 +0000 (21:35 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Mon, 21 Aug 2023 01:55:27 +0000 (13:55 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Thu, 14 Sep 2023 21:35:29 +0000 (21:35 +0000)
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c

index 7d8c2ff97b510a5aa9c6483b906b7e582946c883..bb445efe3e009aae4c7520deeb60311c638649ba 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -823,8 +823,8 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p,
   *
   * https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
   */
-static NTSTATUS samba_add_asserted_identity(enum samba_asserted_identity ai,
-                                           struct auth_user_info_dc *user_info_dc)
+NTSTATUS samba_kdc_add_asserted_identity(enum samba_asserted_identity ai,
+                                        struct auth_user_info_dc *user_info_dc)
  {
         struct dom_sid ai_sid;
         const char *sid_str = NULL;
@@ -854,8 +854,8 @@ static NTSTATUS samba_add_asserted_identity(enum samba_asserted_identity ai,
                 &user_info_dc->num_sids);
  }
  
-static NTSTATUS samba_add_claims_valid(enum samba_claims_valid claims_valid,
-                                      struct auth_user_info_dc *user_info_dc)
+NTSTATUS samba_kdc_add_claims_valid(enum samba_claims_valid claims_valid,
+                                   struct auth_user_info_dc *user_info_dc)
  {
         switch (claims_valid) {
         case SAMBA_CLAIMS_VALID_EXCLUDE:
@@ -880,8 +880,8 @@ static NTSTATUS samba_add_claims_valid(enum samba_claims_valid claims_valid,
         return NT_STATUS_INVALID_PARAMETER;
  }
  
-static NTSTATUS samba_add_compounded_auth(enum samba_compounded_auth compounded_auth,
-                                         struct auth_user_info_dc *user_info_dc)
+NTSTATUS samba_kdc_add_compounded_auth(enum samba_compounded_auth compounded_auth,
+                                      struct auth_user_info_dc *user_info_dc)
  {
         switch (compounded_auth) {
         case SAMBA_COMPOUNDED_AUTH_EXCLUDE:
@@ -1148,24 +1148,24 @@ NTSTATUS samba_kdc_get_user_info_dc(TALLOC_CTX *mem_ctx,
         }
  
         /* Here we modify the SIDs to add the Asserted Identity SID. */
-       nt_status = samba_add_asserted_identity(asserted_identity,
-                                               user_info_dc);
+       nt_status = samba_kdc_add_asserted_identity(asserted_identity,
+                                                   user_info_dc);
         if (!NT_STATUS_IS_OK(nt_status)) {
                 DBG_ERR("Failed to add asserted identity: %s\n",
                         nt_errstr(nt_status));
                 return nt_status;
         }
  
-       nt_status = samba_add_claims_valid(claims_valid,
-                                          user_info_dc);
+       nt_status = samba_kdc_add_claims_valid(claims_valid,
+                                              user_info_dc);
         if (!NT_STATUS_IS_OK(nt_status)) {
                 DBG_ERR("Failed to add Claims Valid: %s\n",
                         nt_errstr(nt_status));
                 return nt_status;
         }
  
-       nt_status = samba_add_compounded_auth(compounded_auth,
-                                             user_info_dc);
+       nt_status = samba_kdc_add_compounded_auth(compounded_auth,
+                                                 user_info_dc);
         if (!NT_STATUS_IS_OK(nt_status)) {
                 DBG_ERR("Failed to add Compounded Authentication: %s\n",
                         nt_errstr(nt_status));
@@ -2533,8 +2533,8 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                 }
         }
  
-       nt_status = samba_add_compounded_auth(compounded_auth,
-                                             user_info_dc);
+       nt_status = samba_kdc_add_compounded_auth(compounded_auth,
+                                                 user_info_dc);
         if (!NT_STATUS_IS_OK(nt_status)) {
                 DBG_ERR("Failed to add Compounded Authentication: %s\n",
                         nt_errstr(nt_status));
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h

index 9ff4574778cc7edb5d6c8a18fd3849d50f2928b5..eb19c8b720d0d8da7a169206d21ffbf170032f87 100644 (file)
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -167,3 +167,12 @@ krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
                                        const struct authn_kerberos_client_policy *client_policy,
                                        struct authn_audit_info **client_audit_info_out,
                                        NTSTATUS *status_out);
+
+NTSTATUS samba_kdc_add_asserted_identity(enum samba_asserted_identity ai,
+                                        struct auth_user_info_dc *user_info_dc);
+
+NTSTATUS samba_kdc_add_claims_valid(enum samba_claims_valid claims_valid,
+                                   struct auth_user_info_dc *user_info_dc);
+
+NTSTATUS samba_kdc_add_compounded_auth(enum samba_compounded_auth compounded_auth,
+                                      struct auth_user_info_dc *user_info_dc);
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Mon, 21 Aug 2023 01:55:27 +0000 (13:55 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Thu, 14 Sep 2023 21:35:29 +0000 (21:35 +0000)
source4/kdc/pac-glue.c		patch \| blob \| blame \| history
source4/kdc/pac-glue.h		patch \| blob \| blame \| history