struct verify_uc {
astgs_request_t r;
krb5_const_principal client_principal;
- krb5_principal delegated_proxy_principal;
+ hdb_entry *delegated_proxy;
hdb_entry *client;
hdb_entry *server;
hdb_entry *krbtgt;
ret = ft->pac_verify((void *)plug,
uc->r,
uc->client_principal,
- uc->delegated_proxy_principal,
+ uc->delegated_proxy,
uc->client, uc->server, uc->krbtgt,
uc->ticket, uc->pac,
uc->is_trusted);
krb5_error_code
_kdc_pac_verify(astgs_request_t r,
krb5_const_principal client_principal,
- const krb5_principal delegated_proxy_principal,
+ hdb_entry *delegated_proxy,
hdb_entry *client,
hdb_entry *server,
hdb_entry *krbtgt,
uc.r = r;
uc.client_principal = client_principal;
- uc.delegated_proxy_principal = delegated_proxy_principal;
+ uc.delegated_proxy = delegated_proxy;
uc.client = client;
uc.server = server;
uc.krbtgt = krbtgt;
struct update_uc {
astgs_request_t r;
krb5_const_principal client_principal;
- krb5_principal delegated_proxy_principal;
+ hdb_entry *delegated_proxy;
+ krb5_const_pac delegated_proxy_pac;
hdb_entry *client;
hdb_entry *server;
hdb_entry *krbtgt;
ret = ft->pac_update((void *)plug,
uc->r,
uc->client_principal,
- uc->delegated_proxy_principal,
+ uc->delegated_proxy,
+ uc->delegated_proxy_pac,
uc->client, uc->server, uc->krbtgt, uc->pac);
return ret;
}
krb5_error_code
_kdc_pac_update(astgs_request_t r,
krb5_const_principal client_principal,
- const krb5_principal delegated_proxy_principal,
+ hdb_entry *delegated_proxy,
+ krb5_const_pac delegated_proxy_pac,
hdb_entry *client,
hdb_entry *server,
hdb_entry *krbtgt,
uc.r = r;
uc.client_principal = client_principal;
- uc.delegated_proxy_principal = delegated_proxy_principal;
+ uc.delegated_proxy = delegated_proxy;
+ uc.delegated_proxy_pac = delegated_proxy_pac;
uc.client = client;
uc.server = server;
uc.krbtgt = krbtgt;
(KRB5_CALLCONV *krb5plugin_kdc_pac_verify)(void *,
astgs_request_t,
krb5_const_principal, /* new ticket client */
- const krb5_principal, /* delegation proxy */
+ hdb_entry *, /* delegation proxy */
hdb_entry *,/* client */
hdb_entry *,/* server */
hdb_entry *,/* krbtgt */
(KRB5_CALLCONV *krb5plugin_kdc_pac_update)(void *,
astgs_request_t,
krb5_const_principal, /* new ticket client */
- const krb5_principal, /* delegation proxy */
+ hdb_entry *, /* delegation proxy */
+ krb5_const_pac, /* delegation proxy pac */
hdb_entry *,/* client */
hdb_entry *,/* server */
hdb_entry *,/* krbtgt */
krb5_error_code
_kdc_check_pac(astgs_request_t r,
const krb5_principal client_principal,
- const krb5_principal delegated_proxy_principal,
+ hdb_entry *delegated_proxy,
hdb_entry *client,
hdb_entry *server,
hdb_entry *krbtgt,
/* Verify the KDC signatures. */
ret = _kdc_pac_verify(r,
- client_principal, delegated_proxy_principal,
+ client_principal, delegated_proxy,
client, server, krbtgt, tkt, pac, &is_trusted);
if (ret == 0) {
if (is_trusted) {
if (ret)
goto out;
} else if (priv->pac != NULL) {
- ret = _kdc_pac_update(priv, priv->client_princ, NULL,
+ ret = _kdc_pac_update(priv, priv->client_princ, NULL, NULL,
priv->client, priv->server, priv->krbtgt,
&priv->pac);
if (ret == KRB5_PLUGIN_NO_HANDLE) {
* TODO: pass in t->sname and t->realm and build
* a S4U_DELEGATION_INFO blob to the PAC.
*/
- ret = _kdc_check_pac(r, s4u_client_name, s4u_server_name,
+ ret = _kdc_check_pac(r, s4u_client_name, s4u_server,
s4u_client, r->server, r->krbtgt, r->client,
&clientkey->key, &r->ticket_key->key, &evidence_tkt,
&ad_kdc_issued, &s4u_pac,
heim_assert(s4u_pac != NULL, "ad_kdc_issued implies the PAC is non-NULL");
- ret = _kdc_pac_update(r, s4u_client_name, s4u_server_name,
+ ret = _kdc_pac_update(r, s4u_client_name, s4u_server, r->pac,
s4u_client, r->server, r->krbtgt,
&s4u_pac);
if (ret == KRB5_PLUGIN_NO_HANDLE) {