s4:kdc: Have samba_kdc_allowed_to_authenticate_to() take claims and device info

author Joseph Sutton <josephsutton@catalyst.net.nz>

Mon, 9 Oct 2023 05:19:36 +0000 (18:19 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Thu, 12 Oct 2023 23:13:32 +0000 (23:13 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Mon, 9 Oct 2023 05:19:36 +0000 (18:19 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Thu, 12 Oct 2023 23:13:32 +0000 (23:13 +0000)
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c

index aa2a556539b3523a049628351eb1505fae778a2e..5d1995f986c9538ec884136859d11c8a058d0e60 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1699,6 +1699,8 @@ krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
                                                      struct loadparm_context *lp_ctx,
                                                      const struct samba_kdc_entry *client,
                                                      const struct auth_user_info_dc *client_info,
+                                                    const struct auth_user_info_dc *device_info,
+                                                    const struct auth_claims auth_claims,
                                                      const struct samba_kdc_entry *server,
                                                      struct authn_audit_info **server_audit_info_out,
                                                      NTSTATUS *status_out)
@@ -1750,8 +1752,8 @@ krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
                                                       lp_ctx,
                                                       AUTHN_POLICY_AUTH_TYPE_KERBEROS,
                                                       client_info,
-                                                     NULL /* device_info */,
-                                                     (struct auth_claims) {},
+                                                     device_info,
+                                                     auth_claims,
                                                       server_policy,
                                                       (struct authn_policy_flags) {},
                                                       server_audit_info_out);
@@ -2589,6 +2591,8 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
                                                             lp_ctx,
                                                             auth_entry.entry,
                                                             auth_user_info_dc,
+                                                           NULL /* device_info */,
+                                                           (struct auth_claims) {},
                                                             server,
                                                             server_audit_info_out,
                                                             status_out);
diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h

index d1b30c5213efec1c4224493d928e28357280b6ca..0c7a879515a81ac956b39bf243f689053627b41e 100644 (file)
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -159,6 +159,8 @@ krb5_error_code samba_kdc_allowed_to_authenticate_to(TALLOC_CTX *mem_ctx,
                                                      struct loadparm_context *lp_ctx,
                                                      const struct samba_kdc_entry *client,
                                                      const struct auth_user_info_dc *client_info,
+                                                    const struct auth_user_info_dc *device_info,
+                                                    const struct auth_claims auth_claims,
                                                      const struct samba_kdc_entry *server,
                                                      struct authn_audit_info **server_audit_info_out,
                                                      NTSTATUS *status_out);
diff --git a/source4/kdc/wdc-samba4.c b/source4/kdc/wdc-samba4.c

index 7ef6cd4f543e8c4292ba398e893dc2e7633479f8..9d49ffc655d97f3338dc3c6359e86abf9e794969 100644 (file)
--- a/source4/kdc/wdc-samba4.c
+++ b/source4/kdc/wdc-samba4.c
@@ -173,6 +173,8 @@ static krb5_error_code samba_wdc_get_pac(void *priv,
                                                            server_entry->kdc_db_ctx->lp_ctx,
                                                            skdc_entry,
                                                            user_info_dc_shallow_copy,
+                                                          NULL /* device_info */,
+                                                          (struct auth_claims) {},
                                                            server_entry,
                                                            &server_audit_info,
                                                            &reply_status);
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Mon, 9 Oct 2023 05:19:36 +0000 (18:19 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Thu, 12 Oct 2023 23:13:32 +0000 (23:13 +0000)
source4/kdc/pac-glue.c		patch \| blob \| blame \| history
source4/kdc/pac-glue.h		patch \| blob \| blame \| history
source4/kdc/wdc-samba4.c		patch \| blob \| blame \| history