From a7b8593f9c8f43f7861d2a0bc0e249f17d8ce7f5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 7 Apr 2011 11:16:55 +0200 Subject: s4:kdc: split s4u2self and s4u2proxy checks metze --- source4/kdc/hdb-samba4.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'source4/kdc/hdb-samba4.c') diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 8511b2f27ba..f82712e2b29 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -121,7 +121,7 @@ static krb5_error_code hdb_samba4_destroy(krb5_context context, HDB *db) } static krb5_error_code -hdb_samba4_check_identical_client_and_server(krb5_context context, HDB *db, +hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, hdb_entry_ex *entry, krb5_const_principal target_principal) { @@ -130,9 +130,9 @@ hdb_samba4_check_identical_client_and_server(krb5_context context, HDB *db, kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); - return samba_kdc_check_identical_client_and_server(context, kdc_db_ctx, - entry, - target_principal); + return samba_kdc_check_s4u2proxy(context, kdc_db_ctx, + entry, + target_principal); } static krb5_error_code @@ -150,6 +150,21 @@ hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db, certificate_principal); } +static krb5_error_code +hdb_samba4_check_s4u2self(krb5_context context, HDB *db, + hdb_entry_ex *entry, + krb5_const_principal target_principal) +{ + struct samba_kdc_db_context *kdc_db_ctx; + + kdc_db_ctx = talloc_get_type_abort(db->hdb_db, + struct samba_kdc_db_context); + + return samba_kdc_check_s4u2self(context, kdc_db_ctx, + entry, + target_principal); +} + /* This interface is to be called by the KDC and libnet_keytab_dump, * which is expecting Samba calling conventions. * It is also called by a wrapper (hdb_samba4_create) from the @@ -197,9 +212,9 @@ NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx, (*db)->hdb_destroy = hdb_samba4_destroy; (*db)->hdb_auth_status = NULL; - (*db)->hdb_check_constrained_delegation = hdb_samba4_check_identical_client_and_server; + (*db)->hdb_check_constrained_delegation = hdb_samba4_check_constrained_delegation; (*db)->hdb_check_pkinit_ms_upn_match = hdb_samba4_check_pkinit_ms_upn_match; - (*db)->hdb_check_s4u2self = hdb_samba4_check_identical_client_and_server; + (*db)->hdb_check_s4u2self = hdb_samba4_check_s4u2self; return NT_STATUS_OK; } -- cgit