From: Joseph Sutton Date: Mon, 21 Aug 2023 01:55:27 +0000 (+1200) Subject: s4:kdc: Make functions to add special SIDs non‐static X-Git-Tag: tevent-0.16.0~627 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7ac99b197f73ec5b48cfd48977df42bea725435d;p=thirdparty%2Fsamba.git s4:kdc: Make functions to add special SIDs non‐static This allows us to call them from elsewhere. Change their names accordingly to start with ‘samba_kdc_’. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett --- diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c index 7d8c2ff97b5..bb445efe3e0 100644 --- a/source4/kdc/pac-glue.c +++ b/source4/kdc/pac-glue.c @@ -823,8 +823,8 @@ int samba_krbtgt_is_in_db(struct samba_kdc_entry *p, * * https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview */ -static NTSTATUS samba_add_asserted_identity(enum samba_asserted_identity ai, - struct auth_user_info_dc *user_info_dc) +NTSTATUS samba_kdc_add_asserted_identity(enum samba_asserted_identity ai, + struct auth_user_info_dc *user_info_dc) { struct dom_sid ai_sid; const char *sid_str = NULL; @@ -854,8 +854,8 @@ static NTSTATUS samba_add_asserted_identity(enum samba_asserted_identity ai, &user_info_dc->num_sids); } -static NTSTATUS samba_add_claims_valid(enum samba_claims_valid claims_valid, - struct auth_user_info_dc *user_info_dc) +NTSTATUS samba_kdc_add_claims_valid(enum samba_claims_valid claims_valid, + struct auth_user_info_dc *user_info_dc) { switch (claims_valid) { case SAMBA_CLAIMS_VALID_EXCLUDE: @@ -880,8 +880,8 @@ static NTSTATUS samba_add_claims_valid(enum samba_claims_valid claims_valid, return NT_STATUS_INVALID_PARAMETER; } -static NTSTATUS samba_add_compounded_auth(enum samba_compounded_auth compounded_auth, - struct auth_user_info_dc *user_info_dc) +NTSTATUS samba_kdc_add_compounded_auth(enum samba_compounded_auth compounded_auth, + struct auth_user_info_dc *user_info_dc) { switch (compounded_auth) { case SAMBA_COMPOUNDED_AUTH_EXCLUDE: @@ -1148,24 +1148,24 @@ NTSTATUS samba_kdc_get_user_info_dc(TALLOC_CTX *mem_ctx, } /* Here we modify the SIDs to add the Asserted Identity SID. */ - nt_status = samba_add_asserted_identity(asserted_identity, - user_info_dc); + nt_status = samba_kdc_add_asserted_identity(asserted_identity, + user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { DBG_ERR("Failed to add asserted identity: %s\n", nt_errstr(nt_status)); return nt_status; } - nt_status = samba_add_claims_valid(claims_valid, - user_info_dc); + nt_status = samba_kdc_add_claims_valid(claims_valid, + user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { DBG_ERR("Failed to add Claims Valid: %s\n", nt_errstr(nt_status)); return nt_status; } - nt_status = samba_add_compounded_auth(compounded_auth, - user_info_dc); + nt_status = samba_kdc_add_compounded_auth(compounded_auth, + user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { DBG_ERR("Failed to add Compounded Authentication: %s\n", nt_errstr(nt_status)); @@ -2533,8 +2533,8 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx, } } - nt_status = samba_add_compounded_auth(compounded_auth, - user_info_dc); + nt_status = samba_kdc_add_compounded_auth(compounded_auth, + user_info_dc); if (!NT_STATUS_IS_OK(nt_status)) { DBG_ERR("Failed to add Compounded Authentication: %s\n", nt_errstr(nt_status)); diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h index 9ff4574778c..eb19c8b720d 100644 --- a/source4/kdc/pac-glue.h +++ b/source4/kdc/pac-glue.h @@ -167,3 +167,12 @@ krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx, const struct authn_kerberos_client_policy *client_policy, struct authn_audit_info **client_audit_info_out, NTSTATUS *status_out); + +NTSTATUS samba_kdc_add_asserted_identity(enum samba_asserted_identity ai, + struct auth_user_info_dc *user_info_dc); + +NTSTATUS samba_kdc_add_claims_valid(enum samba_claims_valid claims_valid, + struct auth_user_info_dc *user_info_dc); + +NTSTATUS samba_kdc_add_compounded_auth(enum samba_compounded_auth compounded_auth, + struct auth_user_info_dc *user_info_dc);