^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_unkeyed_service_checksum
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_client_checksum
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_zeroed_service_checksum
-^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_client_not_delegated
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_forwardable
-^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_no_auth_data_required
-^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_forwardable
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_trusted_empty_allowed
-^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_not_trusted_nonempty_allowed
-^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_trusted_empty_allowed
-^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_trusted_nonempty_allowed
-^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_s4u2self_without_forwardable
#
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_constrained_delegation_no_auth_data_required
^samba.tests.krb5.s4u_tests.samba.tests.krb5.s4u_tests.S4UKerberosTests.test_rbcd_no_auth_data_required
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_service_ticket
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_existing
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_fast_sid_mismatch_nonexisting
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_false
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_none
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_pac_request_true
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_req(?!_invalid)
-^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_s4u2self_rodc_revealed
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_from_rodc_no_requester_sid
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_req_no_requester_sid
^samba.tests.krb5.kdc_tgs_tests.samba.tests.krb5.kdc_tgs_tests.KdcTgsTests.test_tgs_requester_sid_missing_renew
sent_pac_request = send_pac_p(context, req, &pac_request);
- ret = _kdc_pac_generate(context, client, pk_reply_key,
+ ret = _kdc_pac_generate(context, client, server, pk_reply_key,
sent_pac_request ? &pac_request : NULL,
&p);
if (ret) {
mspac = NULL;
}
- ret = _kdc_pac_generate(context, s4u2self_impersonated_client, NULL, NULL, &mspac);
+ ret = _kdc_pac_generate(context, s4u2self_impersonated_client, server,
+ NULL, NULL, &mspac);
if (ret) {
kdc_log(context, config, 0, "PAC generation failed for -- %s",
tpn);
krb5_error_code
_kdc_pac_generate(krb5_context context,
hdb_entry_ex *client,
+ hdb_entry_ex *server,
const krb5_keyblock *pk_reply_key,
const krb5_boolean *pac_request,
krb5_pac *pac)
if (windcft->pac_pk_generate != NULL && pk_reply_key != NULL)
return (windcft->pac_pk_generate)(windcctx, context,
- client, pk_reply_key,
+ client, server, pk_reply_key,
pac_request, pac);
- return (windcft->pac_generate)(windcctx, context, client,
+ return (windcft->pac_generate)(windcctx, context, client, server,
pac_request, pac);
}
typedef krb5_error_code
(*krb5plugin_windc_pac_generate)(void *, krb5_context,
struct hdb_entry_ex *, /* client */
+ struct hdb_entry_ex *, /* server */
const krb5_boolean *, /* pac_request */
krb5_pac *);
typedef krb5_error_code
(*krb5plugin_windc_pac_pk_generate)(void *, krb5_context,
struct hdb_entry_ex *, /* client */
+ struct hdb_entry_ex *, /* server */
const krb5_keyblock *, /* pk_replykey */
const krb5_boolean *, /* pac_request */
krb5_pac *);
*/
static krb5_error_code samba_wdc_get_pac(void *priv, krb5_context context,
struct hdb_entry_ex *client,
+ struct hdb_entry_ex *server,
const krb5_keyblock *pk_reply_key,
const krb5_boolean *pac_request,
krb5_pac *pac)
struct samba_kdc_entry *skdc_entry =
talloc_get_type_abort(client->ctx,
struct samba_kdc_entry);
+ bool is_krbtgt;
mem_ctx = talloc_named(client->ctx, 0, "samba_get_pac context");
if (!mem_ctx) {
cred_ndr_ptr = &cred_ndr;
}
+ is_krbtgt = krb5_principal_is_krbtgt(context, server->entry.principal);
+
nt_status = samba_kdc_get_pac_blobs(mem_ctx, skdc_entry,
&logon_blob,
cred_ndr_ptr,
&upn_blob,
- &pac_attrs_blob,
+ is_krbtgt ? &pac_attrs_blob : NULL,
pac_request,
- &requester_sid_blob,
+ is_krbtgt ? &requester_sid_blob : NULL,
NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
static krb5_error_code samba_wdc_get_pac_compat(void *priv, krb5_context context,
struct hdb_entry_ex *client,
+ struct hdb_entry_ex *server,
const krb5_boolean *pac_request,
krb5_pac *pac)
{
- return samba_wdc_get_pac(priv, context, client, NULL, pac_request, pac);
+ return samba_wdc_get_pac(priv, context, client, server, NULL, pac_request, pac);
}
static krb5_error_code samba_wdc_reget_pac2(krb5_context context,
projects / thirdparty / samba.git / commitdiff
