along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#define TEVENT_DEPRECATED 1
+
#include "includes.h"
#include "param/param.h"
#include "dsdb/samdb/samdb.h"
ret = ENOMEM;
goto done;
}
+ tevent_loop_allow_nesting(base_ctx.ev_ctx);
base_ctx.lp_ctx = loadparm_init_global(false);
if (!base_ctx.lp_ctx) {
ret = ENOMEM;
goto done;
}
+ /* TODO: An implementation-specific decision will need to be
+ * made as to when to check the KDC pac signature, and how to
+ * untrust untrusted RODCs */
nt_status = samba_kdc_update_pac_blob(tmp_ctx, ctx->context,
- &pac, logon_blob);
+ pac, logon_blob, NULL, NULL);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("Building PAC failed: %s\n",
nt_errstr(nt_status)));
const char *target_name,
bool is_nt_enterprise_name)
{
+#if 1
+ /*
+ * This is disabled because mit_samba_update_pac_data() does not handle
+ * S4U_DELEGATION_INFO
+ */
+
+ return KRB5KDC_ERR_BADOPTION;
+#else
krb5_principal target_principal;
int flags = 0;
int ret;
return ret;
}
- ret = samba_kdc_check_identical_client_and_server(ctx->context,
- ctx->db_ctx,
- entry,
- target_principal);
+ ret = samba_kdc_check_s4u2proxy(ctx->context,
+ ctx->db_ctx,
+ entry,
+ target_principal);
krb5_free_principal(ctx->context, target_principal);
return ret;
+#endif
}
struct mit_samba_function_table mit_samba_function_table = {