(flags & KRB5_KDB_FLAG_PROTOCOL_TRANSITION) ?
SAMBA_ASSERTED_IDENTITY_SERVICE :
SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY;
- const enum samba_claims_valid claims_valid = SAMBA_CLAIMS_VALID_INCLUDE;
- const enum samba_compounded_auth compounded_auth = SAMBA_COMPOUNDED_AUTH_EXCLUDE;
if (client == NULL) {
return EINVAL;
nt_status = samba_kdc_get_user_info_dc(tmp_ctx,
skdc_entry,
asserted_identity,
- claims_valid,
- compounded_auth,
+ SAMBA_CLAIMS_VALID_INCLUDE,
+ SAMBA_COMPOUNDED_AUTH_EXCLUDE,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
goto out;
}
} else {
+ if (skdc_entry == NULL) {
+ ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
+ goto out;
+ }
+
/*
* In this case the RWDC discards the PAC an RODC generated.
* Windows adds the asserted_identity in this case too.
* SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY
* here.
*/
- enum samba_asserted_identity asserted_identity =
- SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY;
- const enum samba_claims_valid claims_valid = SAMBA_CLAIMS_VALID_EXCLUDE;
- const enum samba_compounded_auth compounded_auth =
- SAMBA_COMPOUNDED_AUTH_EXCLUDE;
-
- if (skdc_entry == NULL) {
- ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
- goto out;
- }
-
nt_status = samba_kdc_get_user_info_dc(mem_ctx,
skdc_entry,
- asserted_identity,
- claims_valid,
- compounded_auth,
+ SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ SAMBA_CLAIMS_VALID_EXCLUDE,
+ SAMBA_COMPOUNDED_AUTH_EXCLUDE,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
DBG_ERR("samba_kdc_get_user_info_dc failed: %s\n",
union PAC_INFO info;
- enum samba_asserted_identity asserted_identity =
- SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY;
- const enum samba_claims_valid claims_valid = SAMBA_CLAIMS_VALID_INCLUDE;
- const enum samba_compounded_auth compounded_auth = SAMBA_COMPOUNDED_AUTH_EXCLUDE;
-
frame = talloc_stackframe();
nt_status = samba_kdc_get_user_info_dc(frame,
device,
- asserted_identity,
- claims_valid,
- compounded_auth,
+ SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY,
+ SAMBA_CLAIMS_VALID_INCLUDE,
+ SAMBA_COMPOUNDED_AUTH_EXCLUDE,
&device_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
DBG_ERR("samba_kdc_get_user_info_dc failed: %s\n",
(is_s4u2self) ?
SAMBA_ASSERTED_IDENTITY_SERVICE :
SAMBA_ASSERTED_IDENTITY_AUTHENTICATION_AUTHORITY;
- const enum samba_claims_valid claims_valid = SAMBA_CLAIMS_VALID_INCLUDE;
- const enum samba_compounded_auth compounded_auth = SAMBA_COMPOUNDED_AUTH_EXCLUDE;
struct authn_audit_info *server_audit_info = NULL;
NTSTATUS status = NT_STATUS_OK;
nt_status = samba_kdc_get_user_info_dc(mem_ctx,
skdc_entry,
asserted_identity,
- claims_valid,
- compounded_auth,
+ SAMBA_CLAIMS_VALID_INCLUDE,
+ SAMBA_COMPOUNDED_AUTH_EXCLUDE,
&user_info_dc);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(mem_ctx);