diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2023-05-16 16:48:09 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-05-18 01:03:37 +0000 |
commit | 9eaff7e852bc6cd6d6146d5cf3d6007c3119d5d6 (patch) | |
tree | 862cba0d48939415fbb5074518cb6ca6eefbf07e | |
parent | eeebd488f2a31482f2c47a1618513c937041c3ac (diff) | |
download | samba-9eaff7e852bc6cd6d6146d5cf3d6007c3119d5d6.tar.gz |
s4:kdc: Add SDB_F_ARMOR_PRINCIPAL flag
This corresponds with the HDB_F_ARMOR_PRINCIPAL flag in Heimdal, and
indicates a lookup of an armor ticket client principal, rather than the
principal of the main TGT. This helps us to determine whether an
authentication policy will apply to a principal acting as a client, and
hence whether we have to look up the policy in the database.
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | source4/kdc/sdb.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/source4/kdc/sdb.h b/source4/kdc/sdb.h index dccfd37bb06..f211c25187b 100644 --- a/source4/kdc/sdb.h +++ b/source4/kdc/sdb.h @@ -119,6 +119,7 @@ struct sdb_entry { #define SDB_F_KVNO_SPECIFIED 128 /* we want a particular KVNO */ #define SDB_F_FOR_AS_REQ 4096 /* fetch is for a AS REQ */ #define SDB_F_FOR_TGS_REQ 8192 /* fetch is for a TGS REQ */ +#define SDB_F_ARMOR_PRINCIPAL 262144 /* fetch is for the client of an armor ticket */ #define SDB_F_HDB_MASK (SDB_F_DECRYPT | \ SDB_F_GET_CLIENT| \ @@ -128,7 +129,8 @@ struct sdb_entry { SDB_F_ADMIN_DATA | \ SDB_F_KVNO_SPECIFIED | \ SDB_F_FOR_AS_REQ | \ - SDB_F_FOR_TGS_REQ) + SDB_F_FOR_TGS_REQ | \ + SDB_F_ARMOR_PRINCIPAL) /* This is not supported by HDB */ #define SDB_F_FORCE_CANON 16384 /* force canonicalization */ |