s4-kdc Do the KDC PAC checksum validation in the Samba plugin

[metze/samba/wip.git] / source4 / kdc / mit_samba.c

diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 06ee46eac0243bc8c085038658f42e290d5f1662..f56e6796d0919caa6b193d09de89ce087a654873 100644 (file)
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -254,8 +254,11 @@ static int mit_samba_update_pac_data(struct mit_samba_context *ctx,
                goto done;
        }
 
+       /* TODO: An implementation-specific decision will need to be
+        * made as to when to check the KDC pac signature, and how to
+        * untrust untrusted RODCs */
        nt_status = samba_kdc_update_pac_blob(tmp_ctx, ctx->context,
-                                             pac, logon_blob);
+                                             pac, logon_blob, NULL, NULL);
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(0, ("Building PAC failed: %s\n",
                          nt_errstr(nt_status)));