oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Provide flag to hint to KDC that this is a FAST key lookup

Browse Source 
For Samba the fast key is not stored in the replicated DB, so
this helps Samba find it in the Samba hdb module.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andrew Bartlett
2018-09-20 16:36:18 -07:00
committed by Luke Howard
parent 5ba7f270eb
commit 61f1be93e3
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kdc/fast.c
View File

@@ -53,7 +53,7 @@ get_fastuser_crypto(astgs_request_t r, krb5_enctype enctype,
goto out;
ret = _kdc_db_fetch(r->context, r->config, fast_princ,
HDB_F_GET_CLIENT, NULL, NULL, &fast_user);
HDB_F_GET_FAST_COOKIE, NULL, NULL, &fast_user);
krb5_free_principal(r->context, fast_princ);
if (ret)
goto out;

1
lib/hdb/hdb.h
View File

@@ -71,6 +71,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
#define HDB_F_PRECHECK 16384 /* check that the operation would succeed */
#define HDB_F_DELAY_NEW_KEYS 32768 /* apply [hdb] new_service_key_delay */
#define HDB_F_SYNTHETIC_OK 65536 /* synthetic principal for PKINIT OK */
#define HDB_F_GET_FAST_COOKIE 131072 /* fetch the FX-COOKIE key (not a normal principal) */
/* hdb_capability_flags */
#define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1