}
krb5_error_code samba_kdc_get_user_info_from_db(TALLOC_CTX *mem_ctx,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct samba_kdc_entry *entry,
const struct ldb_message *msg,
const struct auth_user_info_dc **info_out)
{
NTSTATUS nt_status;
- if (samdb == NULL) {
+ if (kdc_db_ctx == NULL) {
return EINVAL;
}
if (entry->info_from_db == NULL) {
struct auth_user_info_dc *info_from_db = NULL;
- struct loadparm_context *lp_ctx = entry->kdc_db_ctx->lp_ctx;
+ struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
nt_status = authsam_make_user_info_dc(entry,
- samdb,
+ kdc_db_ctx->samdb,
lpcfg_netbios_name(lp_ctx),
lpcfg_sam_name(lp_ctx),
lpcfg_sam_dnsname(lp_ctx),
static krb5_error_code samba_kdc_get_user_info_from_pac(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry_pac entry,
const struct auth_user_info_dc **info_out,
const struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_out)
{
TALLOC_CTX *frame = NULL;
+ struct ldb_context *samdb = kdc_db_ctx->samdb;
struct auth_user_info_dc *info = NULL;
struct PAC_DOMAIN_GROUP_MEMBERSHIP *resource_groups = NULL;
krb5_error_code ret = 0;
krb5_error_code samba_kdc_get_user_info_dc(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry_pac entry,
const struct auth_user_info_dc **info_out,
const struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_out)
if (samba_krb5_pac_is_trusted(entry)) {
return samba_kdc_get_user_info_from_pac(mem_ctx,
context,
- samdb,
+ kdc_db_ctx,
entry,
info_out,
resource_groups_out);
* here.
*/
ret = samba_kdc_get_user_info_from_db(mem_ctx,
- samdb,
+ kdc_db_ctx,
entry.entry,
entry.entry->msg,
&info);
* reference to it.
*/
krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
- struct ldb_context *samdb,
- struct loadparm_context *lp_ctx,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry *client,
const struct auth_user_info_dc *client_info,
const struct auth_user_info_dc *device_info,
struct authn_audit_info **server_audit_info_out,
NTSTATUS *status_out)
{
+ struct ldb_context *samdb = kdc_db_ctx->samdb;
+ struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
krb5_error_code ret = 0;
NTSTATUS status;
_UNUSED_ NTSTATUS _status;
static krb5_error_code samba_kdc_get_device_info_blob(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry_pac device,
DATA_BLOB **device_info_blob)
{
code = samba_kdc_get_user_info_dc(frame,
context,
- samdb,
+ kdc_db_ctx,
device,
&device_info,
NULL /* resource_groups_out */);
*/
krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
uint32_t flags,
const struct samba_kdc_entry_pac client,
const struct samba_kdc_entry *krbtgt)
}
code = samba_kdc_get_user_info_from_db(tmp_ctx,
- samdb,
+ kdc_db_ctx,
client.entry,
client.entry->msg,
&user_info_dc);
*/
krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
- struct loadparm_context *lp_ctx,
+ struct samba_kdc_db_context *kdc_db_ctx,
uint32_t flags,
const struct samba_kdc_entry_pac client,
const krb5_const_principal server_principal,
*/
code = samba_kdc_get_claims_data(tmp_ctx,
context,
- samdb,
+ kdc_db_ctx,
device,
&auth_claims.device_claims);
if (code) {
code = samba_kdc_get_device_info_blob(tmp_ctx,
context,
- samdb,
+ kdc_db_ctx,
device,
&device_info_blob);
if (code != 0) {
*/
code = samba_kdc_get_user_info_dc(tmp_ctx,
context,
- samdb,
+ kdc_db_ctx,
client,
&user_info_dc_const,
is_tgs ? &_resource_groups : NULL);
code = samba_kdc_get_user_info_dc(tmp_ctx,
context,
- samdb,
+ kdc_db_ctx,
delegated_proxy,
&auth_user_info_dc,
NULL /* resource_groups_out */);
/* Fetch the user’s claims. */
code = samba_kdc_get_claims_data(tmp_ctx,
context,
- samdb,
+ kdc_db_ctx,
auth_entry,
&auth_claims.user_claims);
if (code) {
if (device.entry != NULL) {
code = samba_kdc_get_user_info_dc(tmp_ctx,
context,
- samdb,
+ kdc_db_ctx,
device,
&device_info,
NULL /* resource_groups_out */);
* mem_ctx, not the temporary context.
*/
code = samba_kdc_allowed_to_authenticate_to(mem_ctx,
- samdb,
- lp_ctx,
+ kdc_db_ctx,
auth_entry.entry,
auth_user_info_dc,
device_info,
krb5_error_code samba_kdc_get_claims_data(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct samba_kdc_entry_pac entry,
struct claims_data **claims_data_out)
{
claims_data_out);
}
- return samba_kdc_get_claims_data_from_db(samdb,
+ return samba_kdc_get_claims_data_from_db(kdc_db_ctx->samdb,
entry.entry,
claims_data_out);
}
krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
- struct loadparm_context *lp_ctx,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry_pac device,
const struct authn_kerberos_client_policy *client_policy,
struct authn_audit_info **client_audit_info_out,
NTSTATUS *status_out)
{
TALLOC_CTX *frame = NULL;
+ struct ldb_context *samdb = kdc_db_ctx->samdb;
+ struct loadparm_context *lp_ctx = kdc_db_ctx->lp_ctx;
krb5_error_code code = 0;
NTSTATUS nt_status;
const struct auth_user_info_dc *device_info = NULL;
code = samba_kdc_get_user_info_dc(frame,
context,
- samdb,
+ kdc_db_ctx,
device,
&device_info,
NULL);
*/
code = samba_kdc_get_claims_data(frame,
context,
- samdb,
+ kdc_db_ctx,
device,
&auth_claims.user_claims);
if (code) {
krb5_error_code samba_kdc_get_user_info_dc(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry_pac entry,
const struct auth_user_info_dc **info_out,
const struct PAC_DOMAIN_GROUP_MEMBERSHIP **resource_groups_out);
krb5_error_code samba_kdc_get_user_info_from_db(TALLOC_CTX *mem_ctx,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct samba_kdc_entry *entry,
const struct ldb_message *msg,
const struct auth_user_info_dc **info_out);
krb5_error_code samba_kdc_verify_pac(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
uint32_t flags,
const struct samba_kdc_entry_pac client,
const struct samba_kdc_entry *krbtgt);
struct authn_audit_info;
krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
- struct loadparm_context *lp_ctx,
+ struct samba_kdc_db_context *kdc_db_ctx,
uint32_t flags,
const struct samba_kdc_entry_pac client,
const krb5_const_principal server_principal,
const DATA_BLOB **_claims_blob);
krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
- struct ldb_context *samdb,
- struct loadparm_context *lp_ctx,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry *client,
const struct auth_user_info_dc *client_info,
const struct auth_user_info_dc *device_info,
krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
- struct loadparm_context *lp_ctx,
+ struct samba_kdc_db_context *kdc_db_ctx,
const struct samba_kdc_entry_pac device,
const struct authn_kerberos_client_policy *client_policy,
struct authn_audit_info **client_audit_info_out,
krb5_error_code samba_kdc_get_claims_data(TALLOC_CTX *mem_ctx,
krb5_context context,
- struct ldb_context *samdb,
+ struct samba_kdc_db_context *kdc_db_ctx,
struct samba_kdc_entry_pac entry,
struct claims_data **claims_data_out);
}
ret = samba_kdc_get_user_info_from_db(mem_ctx,
- server_entry->kdc_db_ctx->samdb,
+ server_entry->kdc_db_ctx,
skdc_entry,
skdc_entry->msg,
&user_info_dc_const);
ret = samba_kdc_get_user_info_dc(mem_ctx,
context,
- server_entry->kdc_db_ctx->samdb,
+ server_entry->kdc_db_ctx,
device_pac_entry,
&device_info,
NULL /* resource_groups_out */);
ret = samba_kdc_get_claims_data(mem_ctx,
context,
- server_entry->kdc_db_ctx->samdb,
+ server_entry->kdc_db_ctx,
device_pac_entry,
&auth_claims.device_claims);
if (ret) {
}
ret = samba_kdc_allowed_to_authenticate_to(mem_ctx,
- server_entry->kdc_db_ctx->samdb,
- server_entry->kdc_db_ctx->lp_ctx,
+ server_entry->kdc_db_ctx,
skdc_entry,
user_info_dc_shallow_copy,
device_info,
ret = samba_kdc_verify_pac(mem_ctx,
context,
- krbtgt_skdc_entry->kdc_db_ctx->samdb,
+ krbtgt_skdc_entry->kdc_db_ctx,
flags,
client_pac_entry,
krbtgt_skdc_entry);
ret = samba_kdc_update_pac(mem_ctx,
context,
- krbtgt_skdc_entry->kdc_db_ctx->samdb,
- krbtgt_skdc_entry->kdc_db_ctx->lp_ctx,
+ krbtgt_skdc_entry->kdc_db_ctx,
flags,
client_pac_entry,
server->principal,
ret = samba_kdc_check_device(tmp_ctx,
context,
- kdc_entry->kdc_db_ctx->samdb,
- kdc_entry->kdc_db_ctx->lp_ctx,
+ kdc_entry->kdc_db_ctx,
device,
kdc_entry->client_policy,
&client_audit_info,
projects / thirdparty / samba.git / commitdiff
