nt_status = samba_kdc_get_user_info_dc(tmp_ctx,
skdc_entry,
- asserted_identity,
+ SAMBA_ASSERTED_IDENTITY_IGNORE,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return EINVAL;
}
+ nt_status = samba_kdc_add_asserted_identity(asserted_identity,
+ user_info_dc);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DBG_ERR("Failed to add asserted identity: %s\n",
+ nt_errstr(nt_status));
+ talloc_free(tmp_ctx);
+ return EINVAL;
+ }
+
nt_status = samba_kdc_add_claims_valid(SAMBA_CLAIMS_VALID_INCLUDE,
user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
*/
nt_status = samba_kdc_get_user_info_dc(mem_ctx,
skdc_entry,
- SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ SAMBA_ASSERTED_IDENTITY_IGNORE,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
DBG_ERR("samba_kdc_get_user_info_dc failed: %s\n",
ret = KRB5KDC_ERR_TGT_REVOKED;
goto out;
}
+
+ nt_status = samba_kdc_add_asserted_identity(SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ user_info_dc);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DBG_ERR("Failed to add asserted identity: %s\n",
+ nt_errstr(nt_status));
+ ret = KRB5KDC_ERR_TGT_REVOKED;
+ goto out;
+ }
}
*user_info_dc_out = user_info_dc;
nt_status = samba_kdc_get_user_info_dc(frame,
device,
- SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ SAMBA_ASSERTED_IDENTITY_IGNORE,
&device_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
DBG_ERR("samba_kdc_get_user_info_dc failed: %s\n",
return KRB5KDC_ERR_TGT_REVOKED;
}
+ nt_status = samba_kdc_add_asserted_identity(SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ device_info_dc);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DBG_ERR("Failed to add asserted identity: %s\n",
+ nt_errstr(nt_status));
+ talloc_free(frame);
+ return KRB5KDC_ERR_TGT_REVOKED;
+ }
+
nt_status = samba_kdc_add_claims_valid(SAMBA_CLAIMS_VALID_INCLUDE,
device_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
} else {
nt_status = samba_kdc_get_user_info_dc(frame,
device,
- SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ SAMBA_ASSERTED_IDENTITY_IGNORE,
&device_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DBG_ERR("samba_kdc_get_user_info_dc failed: %s\n",
goto out;
}
+ nt_status = samba_kdc_add_asserted_identity(SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ device_info);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DBG_ERR("Failed to add asserted identity: %s\n",
+ nt_errstr(nt_status));
+
+ code = KRB5KDC_ERR_TGT_REVOKED;
+ goto out;
+ }
+
nt_status = samba_kdc_add_claims_valid(SAMBA_CLAIMS_VALID_INCLUDE,
device_info);
if (!NT_STATUS_IS_OK(nt_status)) {
nt_status = samba_kdc_get_user_info_dc(mem_ctx,
skdc_entry,
- asserted_identity,
+ SAMBA_ASSERTED_IDENTITY_IGNORE,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);
return map_errno_from_nt_status(nt_status);
}
+ nt_status = samba_kdc_add_asserted_identity(asserted_identity,
+ user_info_dc);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DBG_ERR("Failed to add asserted identity: %s\n",
+ nt_errstr(nt_status));
+ talloc_free(mem_ctx);
+ return map_errno_from_nt_status(nt_status);
+ }
+
nt_status = samba_kdc_add_claims_valid(SAMBA_CLAIMS_VALID_INCLUDE,
user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
projects / thirdparty / samba.git / commitdiff
