s4:kdc: Add function to determine whether a KDC entry represents a trust

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index febc38f940313b0688c5851b9410305fd202d004..c122a9b46c59d3fa018184805de20c09b6a35ae3 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -854,6 +854,11 @@ NTSTATUS samba_kdc_add_compounded_auth(enum samba_compounded_auth compounded_aut
        return NT_STATUS_INVALID_PARAMETER;
 }
 
+bool samba_kdc_entry_is_trust(const struct samba_kdc_entry *entry)
+{
+       return entry != NULL && entry->is_trust;
+}
+
 /*
  * Return true if this entry has an associated PAC issued or signed by a KDC
  * that our KDC trusts. We trust the main krbtgt account, but we don’t trust any

diff --git a/source4/kdc/pac-glue.h b/source4/kdc/pac-glue.h
index e52a6711a9a8130c4825501bb0455bdabe84065c..01d6290e428fb29ac3b628ca6b9b76c5ebb05f6c 100644 (file)
--- a/source4/kdc/pac-glue.h
+++ b/source4/kdc/pac-glue.h
@@ -57,6 +57,8 @@ enum {
        SAMBA_KDC_FLAG_DELEGATED_PROXY_IS_TRUSTED = 0x00000040,
 };
 
+bool samba_kdc_entry_is_trust(const struct samba_kdc_entry *entry);
+
 struct samba_kdc_entry_pac {
        struct samba_kdc_entry *entry;
        krb5_const_pac pac; /* NULL indicates that no PAC is present. */