NULL /* device */,
NULL /* device_pac */,
*pac,
- new_pac);
+ new_pac,
+ NULL /* server_audit_info_out */,
+ NULL /* status_out */);
if (code != 0) {
krb5_pac_free(context, new_pac);
if (code == ENOATTR) {
NULL /* device */,
NULL /* device_pac */,
old_pac,
- new_pac);
+ new_pac,
+ NULL /* server_audit_info_out */,
+ NULL /* status_out */);
if (code != 0) {
if (code == ENOATTR) {
/*
struct samba_kdc_entry *device,
const krb5_const_pac device_pac,
const krb5_const_pac old_pac,
- krb5_pac new_pac)
+ krb5_pac new_pac,
+ struct authn_audit_info **server_audit_info_out,
+ NTSTATUS *status_out)
{
krb5_error_code code = EINVAL;
NTSTATUS nt_status;
struct pac_blobs pac_blobs;
pac_blobs_init(&pac_blobs);
+ if (server_audit_info_out != NULL) {
+ *server_audit_info_out = NULL;
+ }
+
+ if (status_out != NULL) {
+ *status_out = NT_STATUS_OK;
+ }
+
is_tgs = smb_krb5_principal_is_tgs(context, server_principal);
if (is_tgs == -1) {
code = ENOMEM;
struct samba_kdc_entry *device,
krb5_const_pac device_pac,
krb5_const_pac old_pac,
- krb5_pac new_pac);
+ krb5_pac new_pac,
+ struct authn_audit_info **server_audit_info_out,
+ NTSTATUS *status_out);
NTSTATUS samba_kdc_get_logon_info_blob(TALLOC_CTX *mem_ctx,
const struct auth_user_info_dc *user_info_dc,
*/
#include "includes.h"
+#include "kdc/authn_policy_util.h"
#include "kdc/kdc-glue.h"
#include "kdc/db-glue.h"
#include "kdc/pac-glue.h"
talloc_get_type_abort(krbtgt->context, struct samba_kdc_entry);
TALLOC_CTX *mem_ctx = NULL;
krb5_pac new_pac = NULL;
+ struct authn_audit_info *server_audit_info = NULL;
krb5_error_code ret;
+ NTSTATUS status = NT_STATUS_OK;
uint32_t flags = 0;
mem_ctx = talloc_named(NULL, 0, "samba_wdc_reget_pac context");
device_skdc_entry,
device_pac,
*pac,
- new_pac);
+ new_pac,
+ &server_audit_info,
+ &status);
+ if (server_audit_info != NULL) {
+ krb5_error_code ret2;
+
+ ret2 = hdb_samba4_set_steal_server_audit_info(r, server_audit_info);
+ if (ret2) {
+ ret = ret2;
+ }
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ krb5_error_code ret2;
+
+ ret2 = hdb_samba4_set_ntstatus(r, status, ret);
+ if (ret2) {
+ ret = ret2;
+ }
+ }
if (ret != 0) {
krb5_pac_free(context, new_pac);
if (ret == ENOATTR) {
bld.SAMBA_SUBSYSTEM('WDC_SAMBA4',
source='wdc-samba4.c',
includes=kdc_include,
- deps='ldb auth4_sam common_auth samba-credentials hdb PAC_GLUE samba-hostconfig com_err KDC-GLUE',
+ deps='ldb auth4_sam common_auth samba-credentials hdb PAC_GLUE samba-hostconfig com_err KDC-GLUE authn_policy_util',
enabled=bld.CONFIG_SET('SAMBA4_USES_HEIMDAL')
)
projects / thirdparty / samba.git / commitdiff
