From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 27 Sep 2023 02:47:06 +0000 (+1300)
Subject: s4:kdc: Add claims parameter to authn_policy_authenticate_from_device()
X-Git-Tag: tevent-0.16.0~276
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3ae75998307583b4b477021e455a7f2b16cda2fc;p=thirdparty%2Fsamba.git

s4:kdc: Add claims parameter to authn_policy_authenticate_from_device()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/authn_policy_util.c b/source4/kdc/authn_policy_util.c
index 43c88d18556..1d3cdc4386f 100644
--- a/source4/kdc/authn_policy_util.c
+++ b/source4/kdc/authn_policy_util.c
@@ -845,6 +845,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
 					       struct ldb_context *samdb,
 					       struct loadparm_context* lp_ctx,
 					       const struct auth_user_info_dc *device_info,
+					       const struct auth_claims auth_claims,
 					       const struct authn_kerberos_client_policy *client_policy,
 					       struct authn_audit_info **client_audit_info_out)
 {
@@ -862,7 +863,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
 					   device_info,
 					   /* The device itself has no device. */
 					   NULL /* device_info */,
-					   (struct auth_claims) {},
+					   auth_claims,
 					   &client_policy->policy,
 					   authn_int64_some(client_policy->tgt_lifetime_raw),
 					   AUTHN_AUDIT_EVENT_KERBEROS_DEVICE_RESTRICTION,
diff --git a/source4/kdc/authn_policy_util.h b/source4/kdc/authn_policy_util.h
index aec08f73b3f..324bc4dbb33 100644
--- a/source4/kdc/authn_policy_util.h
+++ b/source4/kdc/authn_policy_util.h
@@ -23,6 +23,7 @@
 
 #include "lib/replace/replace.h"
 #include "auth/authn_policy.h"
+#include "auth/session.h"
 #include <talloc.h>
 
 struct ldb_context;
@@ -68,6 +69,7 @@ NTSTATUS authn_policy_authenticate_from_device(TALLOC_CTX *mem_ctx,
 					       struct ldb_context *samdb,
 					       struct loadparm_context* lp_ctx,
 					       const struct auth_user_info_dc *device_info,
+					       const struct auth_claims auth_claims,
 					       const struct authn_kerberos_client_policy *client_policy,
 					       struct authn_audit_info **client_audit_info_out);
 
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 827f8bb9b8c..3a2c140f78d 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -2951,6 +2951,7 @@ krb5_error_code samba_kdc_check_device(TALLOC_CTX *mem_ctx,
 							  samdb,
 							  lp_ctx,
 							  device_info,
+							  (struct auth_claims) {},
 							  client_policy,
 							  &client_audit_info);
 	if (client_audit_info != NULL) {