From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 13 Mar 2024 16:50:56 +0000 (+0100)
Subject: auth/credentials: add cli_credentials_get_principal_obtained()
X-Git-Tag: tdb-1.4.11~859
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e5546748cd22c9e654ed066ab1d27aadec0d3d3;p=thirdparty%2Fsamba.git

auth/credentials: add cli_credentials_get_principal_obtained()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 6a590483e99..7564ede5a42 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -268,6 +268,64 @@ _PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
 }
 
 
+/**
+ * @brief Find out how the principal was obtained.
+ *
+ * @param cred A credentials context.
+ *
+ * @return The obtained information for the principal.
+ */
+_PUBLIC_ enum credentials_obtained
+cli_credentials_get_principal_obtained(struct cli_credentials *cred)
+{
+	if (cred->machine_account_pending) {
+		cli_credentials_set_machine_account(cred,
+					cred->machine_account_pending_lp_ctx);
+	}
+
+	if (cred->principal_obtained < cred->username_obtained
+	    || cred->principal_obtained < MAX(cred->domain_obtained, cred->realm_obtained)) {
+		const char *effective_username = NULL;
+		const char *effective_realm = NULL;
+		enum credentials_obtained effective_obtained;
+
+		/*
+		 * We don't want to trigger a callbacks in
+		 * cli_credentials_get_username()
+		 * cli_credentials_get_domain()
+		 * nor
+		 * cli_credentials_get_realm()
+		 */
+
+		effective_username = cred->username;
+		if (effective_username == NULL || strlen(effective_username) == 0) {
+			return cred->username_obtained;
+		}
+
+		if (cred->domain_obtained > cred->realm_obtained) {
+			effective_realm = cred->domain;
+			effective_obtained = MIN(cred->domain_obtained,
+						 cred->username_obtained);
+		} else {
+			effective_realm = cred->realm;
+			effective_obtained = MIN(cred->realm_obtained,
+						 cred->username_obtained);
+		}
+
+		if (effective_realm == NULL || strlen(effective_realm) == 0) {
+			effective_realm = cred->domain;
+			effective_obtained = MIN(cred->domain_obtained,
+						 cred->username_obtained);
+		}
+
+		if (effective_realm != NULL && strlen(effective_realm) != 0) {
+			return effective_obtained;
+		}
+	}
+
+	return cred->principal_obtained;
+}
+
 /**
  * Obtain the client principal for this credentials context.
  * @param cred credentials context
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 9a9bd513201..6b35914b431 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -280,6 +280,8 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
 bool cli_credentials_set_username_callback(struct cli_credentials *cred,
 				  const char *(*username_cb) (struct cli_credentials *));
 
+enum credentials_obtained cli_credentials_get_principal_obtained(struct cli_credentials *cred);
+
 /**
  * Obtain the client principal for this credentials context.
  * @param cred credentials context