kdc: Have caller pass HDB_F_FOR_TGS_REQ into _kdc_fast_check_armor_pac()
We shall soon want to use this function for AS-REQs as well as TGS-REQs. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
committed by
Nico Williams
Nico Williams
parent
df848bfd97
commit
cf6b216868
@@ -835,10 +835,9 @@ _kdc_free_fast_state(KDCFastState *state)
|
|||||||
}
|
}
|
||||||
|
|
||||||
krb5_error_code
|
krb5_error_code
|
||||||
_kdc_fast_check_armor_pac(astgs_request_t r)
|
_kdc_fast_check_armor_pac(astgs_request_t r, int flags)
|
||||||
{
|
{
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
int flags;
|
|
||||||
krb5_boolean ad_kdc_issued = FALSE;
|
krb5_boolean ad_kdc_issued = FALSE;
|
||||||
krb5_pac mspac = NULL;
|
krb5_pac mspac = NULL;
|
||||||
krb5_principal armor_client_principal = NULL;
|
krb5_principal armor_client_principal = NULL;
|
||||||
@@ -846,7 +845,6 @@ _kdc_fast_check_armor_pac(astgs_request_t r)
|
|||||||
hdb_entry *armor_client = NULL;
|
hdb_entry *armor_client = NULL;
|
||||||
char *armor_client_principal_name = NULL;
|
char *armor_client_principal_name = NULL;
|
||||||
|
|
||||||
flags = HDB_F_FOR_TGS_REQ;
|
|
||||||
if (_kdc_synthetic_princ_used_p(r->context, r->armor_ticket))
|
if (_kdc_synthetic_princ_used_p(r->context, r->armor_ticket))
|
||||||
flags |= HDB_F_SYNTHETIC_OK;
|
flags |= HDB_F_SYNTHETIC_OK;
|
||||||
if (r->req.req_body.kdc_options.canonicalize)
|
if (r->req.req_body.kdc_options.canonicalize)
|
||||||
|
|||||||
@@ -2017,7 +2017,7 @@ server_lookup:
|
|||||||
|
|
||||||
/* Validate armor TGT before potentially including device claims */
|
/* Validate armor TGT before potentially including device claims */
|
||||||
if (priv->armor_ticket) {
|
if (priv->armor_ticket) {
|
||||||
ret = _kdc_fast_check_armor_pac(priv);
|
ret = _kdc_fast_check_armor_pac(priv, HDB_F_FOR_TGS_REQ);
|
||||||
if (ret)
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user