s4:mitkdc: Implement mit_samba_check_allowed_to_delegate_from() for RBCD

author Andreas Schneider <asn@samba.org>

Tue, 14 Dec 2021 10:17:15 +0000 (11:17 +0100)

committer Andreas Schneider <asn@cryptomilk.org>

Fri, 4 Mar 2022 14:05:31 +0000 (14:05 +0000)
author Andreas Schneider <asn@samba.org>
Tue, 14 Dec 2021 10:17:15 +0000 (11:17 +0100)
committer Andreas Schneider <asn@cryptomilk.org>
Fri, 4 Mar 2022 14:05:31 +0000 (14:05 +0000)
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c

index 900c2ce47e4034f95688bc9641a1eacf06669662..056e18092381ed4680b7b70190251f29c84ca81c 100644 (file)
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -1492,6 +1492,31 @@ int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
  #endif
  }
  
+krb5_error_code mit_samba_check_allowed_to_delegate_from(
+               struct mit_samba_context *ctx,
+               krb5_const_principal client_principal,
+               krb5_const_principal server_principal,
+               krb5_pac header_pac,
+               const krb5_db_entry *proxy)
+{
+#if KRB5_KDB_DAL_MAJOR_VERSION < 8
+       return KRB5KDC_ERR_POLICY;
+#else
+       struct samba_kdc_entry *proxy_skdc_entry =
+               talloc_get_type_abort(proxy->e_data, struct samba_kdc_entry);
+       krb5_error_code code;
+
+       code = samba_kdc_check_s4u2proxy_rbcd(ctx->context,
+                                             ctx->db_ctx,
+                                             client_principal,
+                                             server_principal,
+                                             header_pac,
+                                             proxy_skdc_entry);
+
+       return code;
+#endif
+}
+
  static krb5_error_code mit_samba_change_pwd_error(krb5_context context,
                                                   NTSTATUS result,
                                                   enum samPwdChangeReason reject_reason,
diff --git a/source4/kdc/mit_samba.h b/source4/kdc/mit_samba.h

index 662bf98201d60ac3ce22eeb48d938287b998198e..f34c26a37ac0f56a11b501fc6092f208a4b18c1e 100644 (file)
--- a/source4/kdc/mit_samba.h
+++ b/source4/kdc/mit_samba.h
@@ -85,6 +85,12 @@ int mit_samba_check_client_access(struct mit_samba_context *ctx,
  int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
                               const krb5_db_entry *server,
                               krb5_const_principal target_principal);
+krb5_error_code mit_samba_check_allowed_to_delegate_from(
+               struct mit_samba_context *ctx,
+               krb5_const_principal client,
+               krb5_const_principal server,
+               krb5_pac header_pac,
+               const krb5_db_entry *proxy);
  
  int mit_samba_kpasswd_change_password(struct mit_samba_context *ctx,
                                       char *pwd,
author	Andreas Schneider <asn@samba.org>
	Tue, 14 Dec 2021 10:17:15 +0000 (11:17 +0100)
committer	Andreas Schneider <asn@cryptomilk.org>
	Fri, 4 Mar 2022 14:05:31 +0000 (14:05 +0000)
source4/kdc/mit_samba.c		patch \| blob \| blame \| history
source4/kdc/mit_samba.h		patch \| blob \| blame \| history