static krb5_error_code
hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
hdb_entry_ex *entry,
krb5_const_principal target_principal)
{
struct samba_kdc_db_context *kdc_db_ctx;
struct samba_kdc_entry *skdc_entry;
krb5_error_code ret;
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
skdc_entry = talloc_get_type_abort(entry->ctx,
struct samba_kdc_entry);
ret = samba_kdc_check_s4u2proxy(context, kdc_db_ctx,
skdc_entry,
target_principal);
switch (ret) {
case 0:
break;
case SDB_ERR_WRONG_REALM:
ret = HDB_ERR_WRONG_REALM;
break;
case SDB_ERR_NOENTRY:
ret = HDB_ERR_NOENTRY;
break;
default:
ret = HDB_ERR_NOT_FOUND_HERE;
break;
}
return ret;
}
static int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx,
hdb_entry_ex *entry,
const char *target_name,
bool is_nt_enterprise_name)
{
#if 1
/*
* This is disabled because mit_samba_update_pac_data() does not handle
* S4U_DELEGATION_INFO
*/
return KRB5KDC_ERR_BADOPTION;
#else
krb5_principal target_principal;
int flags = 0;
int ret;
if (is_nt_enterprise_name) {
flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE;
}
ret = krb5_parse_name_flags(ctx->context, target_name,
flags, &target_principal);
if (ret) {
return ret;
}
ret = samba_kdc_check_s4u2proxy(ctx->context,
ctx->db_ctx,
skdc_entry,
target_principal);
krb5_free_principal(ctx->context, target_principal);
return ret;
#endif
}
