| commit | 6bd3b4528d4b33c8f7ae6341d166bea3a06cd971 | |
| author | Joseph Sutton <josephsutton@catalyst.net.nz> | |
| Mon, 20 Mar 2023 01:51:53 +0000 (20 14:51 +1300) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Fri, 31 Mar 2023 01:48:30 +0000 (31 01:48 +0000) | ||
| tree | a3e2252a145a61843fe09f5643535fb625afdc36 | treesnapshot (tar.gz zip) |
| parent | c0a2e8db6775c218f2d5bedd2fd248969f19c552 | commitdiff |
s4:kdc: Split verifying a PAC out of updating it
This is to adapt to the changed Heimdal KDC plugin API.
When we add support for device claims, we want to be able to verify the
PAC of the armor ticket without modifying or updating it. Previously, we
couldn't do this as the two operations were tightly intertwined. Now the
parts that only perform verification are split out into a new function,
samba_kdc_verify_pac().
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is to adapt to the changed Heimdal KDC plugin API.
When we add support for device claims, we want to be able to verify the
PAC of the armor ticket without modifying or updating it. Previously, we
couldn't do this as the two operations were tightly intertwined. Now the
parts that only perform verification are split out into a new function,
samba_kdc_verify_pac().
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| source4/kdc/mit_samba.c | diffblobblamehistory | |
| source4/kdc/pac-glue.c | diffblobblamehistory | |
| source4/kdc/pac-glue.h | diffblobblamehistory | |
| source4/kdc/wdc-samba4.c | diffblobblamehistory |