static krb5_error_code hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db, hdb_entry_ex *entry, krb5_const_principal target_principal) { struct samba_kdc_db_context *kdc_db_ctx; struct samba_kdc_entry *skdc_entry; krb5_error_code ret; kdc_db_ctx = talloc_get_type_abort(db->hdb_db, struct samba_kdc_db_context); skdc_entry = talloc_get_type_abort(entry->ctx, struct samba_kdc_entry); ret = samba_kdc_check_s4u2proxy(context, kdc_db_ctx, skdc_entry, target_principal); switch (ret) { case 0: break; case SDB_ERR_WRONG_REALM: ret = HDB_ERR_WRONG_REALM; break; case SDB_ERR_NOENTRY: ret = HDB_ERR_NOENTRY; break; default: ret = HDB_ERR_NOT_FOUND_HERE; break; } return ret; }
static int mit_samba_check_s4u2proxy(struct mit_samba_context *ctx, hdb_entry_ex *entry, const char *target_name, bool is_nt_enterprise_name) { #if 1 /* * This is disabled because mit_samba_update_pac_data() does not handle * S4U_DELEGATION_INFO */ return KRB5KDC_ERR_BADOPTION; #else krb5_principal target_principal; int flags = 0; int ret; if (is_nt_enterprise_name) { flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE; } ret = krb5_parse_name_flags(ctx->context, target_name, flags, &target_principal); if (ret) { return ret; } ret = samba_kdc_check_s4u2proxy(ctx->context, ctx->db_ctx, skdc_entry, target_principal); krb5_free_principal(ctx->context, target_principal); return ret; #endif }