static int mit_samba_check_client_access(struct mit_samba_context *ctx, hdb_entry_ex *client, const char *client_name, hdb_entry_ex *server, const char *server_name, const char *netbios_name, bool password_change, DATA_BLOB *e_data) { struct samba_kdc_entry *kdc_entry; NTSTATUS nt_status; kdc_entry = talloc_get_type(client->ctx, struct samba_kdc_entry); nt_status = samba_kdc_check_client_access(kdc_entry, client_name, netbios_name, password_change); if (!NT_STATUS_IS_OK(nt_status)) { if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { return ENOMEM; } samba_kdc_build_edata_reply(nt_status, e_data); return samba_kdc_map_policy_err(nt_status); } return 0; }
static krb5_error_code samba_wdc_check_client_access(void *priv, krb5_context context, krb5_kdc_configuration *config, hdb_entry_ex *client_ex, const char *client_name, hdb_entry_ex *server_ex, const char *server_name, KDC_REQ *req, krb5_data *e_data) { struct samba_kdc_entry *kdc_entry; bool password_change; char *workstation; NTSTATUS nt_status; kdc_entry = talloc_get_type(client_ex->ctx, struct samba_kdc_entry); password_change = (server_ex && server_ex->entry.flags.change_pw); workstation = get_netbios_name((TALLOC_CTX *)client_ex->ctx, req->req_body.addresses); nt_status = samba_kdc_check_client_access(kdc_entry, client_name, workstation, password_change); if (!NT_STATUS_IS_OK(nt_status)) { if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { return ENOMEM; } if (e_data) { DATA_BLOB data; samba_kdc_build_edata_reply(nt_status, &data); *e_data = fill_krb5_data(data.data, data.length); } return samba_kdc_map_policy_err(nt_status); } /* Now do the standard Heimdal check */ return kdc_check_flags(context, config, client_ex, client_name, server_ex, server_name, req->msg_type == krb_as_req); }