kdc: Make check_PAC() and verify_flags() accessible to KDC code

This allows them to be used for checking FAST armor TGTs. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2021-11-18 13:17:00 +13:00
parent c0fa930590
commit caf7e173a4
1 changed files with 25 additions and 25 deletions
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -51,8 +51,8 @@ get_krbtgt_realm(const PrincipalName *p)
 *
 */

-static krb5_error_code
-check_PAC(krb5_context context,
+krb5_error_code
+_kdc_check_pac(krb5_context context,
 	       krb5_kdc_configuration *config,
 	       const krb5_principal client_principal,
 	       const krb5_principal delegated_proxy_principal,
@@ -374,8 +374,8 @@ check_s4u2self(krb5_context context,
 *
 */

-static krb5_error_code
-verify_flags (krb5_context context,
+krb5_error_code
+_kdc_verify_flags(krb5_context context,
 		  krb5_kdc_configuration *config,
 		  const EncTicketPart *et,
 		  const char *pstr)
@@ -1475,7 +1475,7 @@ tgs_build_reply(astgs_request_t priv,
 	    goto out;
        }

-	ret = verify_flags(context, config, &adtkt, tpn);
+	ret = _kdc_verify_flags(context, config, &adtkt, tpn);
 	if (ret) {
            _kdc_audit_addreason((kdc_request_t)priv,
                                 "User-to-user TGT expired or invalid");
@@ -1814,7 +1814,7 @@ server_lookup:
    flags &= ~HDB_F_SYNTHETIC_OK;
    priv->client = client;

-    ret = check_PAC(context, config, cp, NULL, client, server, krbtgt, krbtgt,
+    ret = _kdc_check_pac(context, config, cp, NULL, client, server, krbtgt, krbtgt,
 			 &priv->ticket_key->key, &priv->ticket_key->key, tgt, &kdc_issued, &mspac);
    if (ret) {
 	const char *msg = krb5_get_error_message(context, ret);
@@ -2112,7 +2112,7 @@ server_lookup:
 	    goto out;
 	}

-	ret = verify_flags(context, config, &adtkt, tpn);
+	ret = _kdc_verify_flags(context, config, &adtkt, tpn);
 	if (ret) {
            _kdc_audit_addreason((kdc_request_t)priv,
                                 "Constrained delegation ticket expired or invalid");
@@ -2137,7 +2137,7 @@ server_lookup:
 	 * TODO: pass in t->sname and t->realm and build
 	 * a S4U_DELEGATION_INFO blob to the PAC.
 	 */
-	ret = check_PAC(context, config, tp, dp, adclient, server, krbtgt, client,
+	ret = _kdc_check_pac(context, config, tp, dp, adclient, server, krbtgt, client,
 			     &clientkey->key, &priv->ticket_key->key, &adtkt, &ad_kdc_issued, &mspac);
 	if (adclient)
 	    _kdc_free_ent(context, adclient);