This is now used instead of a configuration option.
This is an adaption to Heimdal:
commit
3fa47f5a1a422e178d968a8ec0d59889eaa71548
Author: Luke Howard <lukeh@padl.com>
Date: Sun Jan 2 21:51:43 2022 +1100
kdc: add referral_policy callback to windc plugin
Add a referral policy hook to the TGS as a more elegant way of resolving
referral detection for Samba). The hook can either rewrite the server_princ in
the request, or it can return an error to disable built-in referral processing.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
kdc_config->svc_use_strongest_session_key = false;
kdc_config->use_strongest_server_key = true;
- kdc_config->autodetect_referrals = false;
-
kdc_config->force_include_pa_etype_salt = true;
/*
#include "sdb.h"
#include "sdb_hdb.h"
#include "librpc/gen_ndr/auth.h"
+#include <krb5_locl.h>
/*
* Given the right private pointer from hdb_samba4,
return;
}
+static krb5_error_code samba_wdc_referral_policy(void *priv,
+ astgs_request_t r)
+{
+ return r->error_code;
+}
+
struct krb5plugin_windc_ftable windc_plugin_table = {
.minor_version = KRB5_WINDC_PLUGIN_MINOR,
.init = samba_wdc_plugin_init,
.client_access = samba_wdc_check_client_access,
.finalize_reply = samba_wdc_finalize_reply,
.pac_generate = samba_wdc_get_pac,
+ .referral_policy = samba_wdc_referral_policy,
};