oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

s4:heimdal Add hooks to check with the DB before we allow s4u2self

Browse Source 
This allows us to resolve multiple forms of a name, allowing for
example machine$@REALM to get an S4U2Self ticket for
host/machine@REALM.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This commit is contained in:
Andrew Bartlett
2010-03-27 23:09:31 +11:00
committed by Love Hornquist Astrand
parent 77a6204452
commit 0e128912af
2 changed files with 40 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/hdb/hdb.h
View File

@@ -235,9 +235,14 @@ typedef struct HDB{
* Check if this name is an alias for the supplied client for PKINIT userPrinicpalName logins
*/
krb5_error_code (*hdb_check_pkinit_ms_upn_match)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal);
/**
* Check if s4u2self is allowed from this client to this server
*/
krb5_error_code (*hdb_check_s4u2self)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal);
}HDB;
#define HDB_INTERFACE_VERSION 6
#define HDB_INTERFACE_VERSION 7
struct hdb_so_method {
int version;