diff options
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 302a692fd..b670697f9 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -820,6 +820,26 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, return 0; } +static krb5_error_code ipadb_fill_upn_dns_info(struct ipadb_context *ipactx, + TALLOC_CTX *memctx, + const char *account_name, + struct PAC_UPN_DNS_INFO *info) +{ + /* for now always declare that the user has no UPN */ + info->flags = UDI_ACCT_HAS_NO_UPN; + info->upn_name = talloc_asprintf(memctx, "%s@%s", + account_name, ipactx->realm); + if (!info->upn_name) { + return ENOMEM; + } + info->domain_name = talloc_strdup(memctx, ipactx->realm); + if (!info->domain_name) { + return ENOMEM; + } + + return 0; +} + static krb5_error_code ipadb_get_pac(krb5_context kcontext, krb5_db_entry *client, krb5_pac *pac) @@ -910,7 +930,27 @@ static krb5_error_code ipadb_get_pac(krb5_context kcontext, kerr = krb5_pac_add_buffer(kcontext, *pac, KRB5_PAC_LOGON_INFO, &data); + /* == Fill UPN_DNS_INFO == */ + kerr = ipadb_fill_upn_dns_info(ipactx, tmpctx, account_name, + &pac_info.upn_dns_info); + if (kerr) { + goto done; + } + + /* == Add PAC Buffer == */ + ndr_err = ndr_push_union_blob(&pac_data, tmpctx, &pac_info, + PAC_TYPE_UPN_DNS_INFO, + (ndr_push_flags_fn_t)ndr_push_PAC_INFO); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + kerr = KRB5_KDB_INTERNAL_ERROR; + goto done; + } + + data.magic = KV5M_DATA; + data.data = (char *)pac_data.data; + data.length = pac_data.length; + kerr = krb5_pac_add_buffer(kcontext, *pac, KRB5_PAC_UPN_DNS_INFO, &data); done: if (kerr) { |