s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry

This can later be used for sid filtering and similar things.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 8ccc34cd665c96d978487bf89250522155614da5..c2dd236fdb0cf2ae5389177bb08fc136f73092ed 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -828,6 +828,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
                goto out;
        }
 
+       p->is_rodc = is_rodc;
        p->kdc_db_ctx = kdc_db_ctx;
        p->realm_dn = talloc_reference(p, realm_dn);
        if (!p->realm_dn) {
@@ -874,6 +875,8 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
         */
 
        if (ent_type == SAMBA_KDC_ENT_TYPE_KRBTGT) {
+               p->is_krbtgt = true;
+
                if (flags & (SDB_F_CANON)) {
                        /*
                         * When requested to do so, ensure that the
@@ -1272,12 +1275,13 @@ static krb5_error_code samba_kdc_trust_message2entry(krb5_context context,
                goto out;
        }
 
-       p = talloc(mem_ctx, struct samba_kdc_entry);
+       p = talloc_zero(mem_ctx, struct samba_kdc_entry);
        if (!p) {
                ret = ENOMEM;
                goto out;
        }
 
+       p->is_trust = true;
        p->kdc_db_ctx = kdc_db_ctx;
        p->realm_dn = realm_dn;
 

diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h
index b76cc31ffda1f195865f5ca251653e850232ac26..e228a82ce6ac323b605d9c590e8301900b34614d 100644 (file)
--- a/source4/kdc/samba_kdc.h
+++ b/source4/kdc/samba_kdc.h
@@ -54,6 +54,9 @@ struct samba_kdc_entry {
        struct samba_kdc_db_context *kdc_db_ctx;
        struct ldb_message *msg;
        struct ldb_dn *realm_dn;
+       bool is_krbtgt;
+       bool is_rodc;
+       bool is_trust;
        void *entry_ex;
 };