]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 48affb1)
s4-kdc: Prepare for gMSA support by recording it on the entry
authorAndrew Bartlett <abartlet@samba.org>
Thu, 21 Dec 2023 23:09:45 +0000 (12:09 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 14 Mar 2024 22:06:39 +0000 (22:06 +0000)
This will allow the "samba-tool domain exportkeytab" code to do special gMSA
processing and in the future will allow the KDC to know it needs to check
if the keys in the DB need refreshing.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
source4/kdc/db-glue.c patch | blob | blame | history
source4/kdc/samba_kdc.h patch | blob | blame | history

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 14eb9f7428be4f6e31bf43c8e7192cc4601c5475..fc1400a305a60f72a2037f5abb4b6a0770b1a9b4 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1131,6 +1131,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
        bool force_rc4 = lpcfg_kdc_force_enable_rc4_weak_session_keys(lp_ctx);
        struct ldb_message_element *objectclasses;
        struct ldb_val computer_val = data_blob_string_const("computer");
+       struct ldb_val gmsa_oc_val = data_blob_string_const("msDS-GroupManagedServiceAccount");
        uint32_t config_default_supported_enctypes = lpcfg_kdc_default_domain_supported_enctypes(lp_ctx);
        uint32_t default_supported_enctypes =
                config_default_supported_enctypes != 0 ?
@@ -1197,6 +1198,10 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
                goto out;
        }
 
+       if (objectclasses && ldb_msg_find_val(objectclasses, &gmsa_oc_val)) {
+               p->group_managed_service_account = true;
+       }
+
        p->is_rodc = is_rodc;
        p->kdc_db_ctx = kdc_db_ctx;
        p->realm_dn = talloc_reference(p, realm_dn);
diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h
index 095a8cc0cf7864913f57ea23271b44a7dea1d8f9..67009b963bc51c48cd40317edd5003dc3f312d5b 100644 (file)
--- a/source4/kdc/samba_kdc.h
+++ b/source4/kdc/samba_kdc.h
@@ -75,6 +75,7 @@ struct samba_kdc_entry {
        bool is_trust : 1;
        bool claims_from_pac_are_initialized : 1;
        bool claims_from_db_are_initialized : 1;
+       bool group_managed_service_account : 1;
 };
 
 extern struct hdb_method hdb_samba4_interface;
Mirror of https://github.com/samba-team/samba.git