s4:kdc: Add claims parameter to authn_policy_authenticate_from_device()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/authn_policy_util.c b/source4/kdc/authn_policy_util.c
index 43c88d18556dce850f5eb10c6babafb28e98c433..1d3cdc4386f4c0d600fbad6536c6f5ab897f05bf 100644 (file)
--- a/source4/kdc/authn_policy_util.c
+++ b/source4/kdc/authn_policy_util.c
@@ -845,6 +845,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
                                               struct ldb_context *samdb,
                                               struct loadparm_context* lp_ctx,
                                               const struct auth_user_info_dc *device_info,
+                                              const struct auth_claims auth_claims,
                                               const struct authn_kerberos_client_policy *client_policy,
                                               struct authn_audit_info **client_audit_info_out)
 {
@@ -862,7 +863,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
                                           device_info,
                                           /* The device itself has no device. */
                                           NULL /* device_info */,
-                                          (struct auth_claims) {},
+                                          auth_claims,
                                           &client_policy->policy,
                                           authn_int64_some(client_policy->tgt_lifetime_raw),
                                           AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION,

diff --git a/source4/kdc/authn_policy_util.h b/source4/kdc/authn_policy_util.h
index aec08f73b3f2a174e10e4dae4253af166d9ae63c..324bc4dbb33aa92d99acad0c8f44b054471880d9 100644 (file)
--- a/source4/kdc/authn_policy_util.h
+++ b/source4/kdc/authn_policy_util.h
@@ -23,6 +23,7 @@
 
 #include "lib/replace/replace.h"
 #include "auth/authn_policy.h"
+#include "auth/session.h"
 #include <talloc.h>
 
 struct ldb_context;
@@ -68,6 +69,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
                                               struct ldb_context *samdb,
                                               struct loadparm_context* lp_ctx,
                                               const struct auth_user_info_dc *device_info,
+                                              const struct auth_claims auth_claims,
                                               const struct authn_kerberos_client_policy *client_policy,
                                               struct authn_audit_info **client_audit_info_out);
 

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 827f8bb9b8c6af6162b43def98d61f7e44402461..3a2c140f78da31b6ae48c3ff7dd97e9bdbda4d4f 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -2951,6 +2951,7 @@ krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
                                                          samdb,
                                                          lp_ctx,
                                                          device_info,
+                                                         (struct auth_claims) {},
                                                          client_policy,
                                                          &client_audit_info);
        if (client_audit_info != NULL) {