+++ /dev/null
-^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_freshness\(ad_dc\)
-^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_freshness_current\(ad_dc\)
-^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_freshness_current_dh\(ad_dc\)
-^samba.tests.krb5.pkinit_tests.samba.tests.krb5.pkinit_tests.PkInitTests.test_pkinit_freshness_dh\(ad_dc\)
&user_info_dc->num_sids);
}
+NTSTATUS samba_kdc_add_fresh_public_key_identity(struct auth_user_info_dc *user_info_dc)
+{
+ return add_sid_to_array_attrs_unique(
+ user_info_dc,
+ &global_sid_Fresh_Public_Key_Identity,
+ SE_GROUP_DEFAULT_FLAGS,
+ &user_info_dc->sids,
+ &user_info_dc->num_sids);
+}
+
static NTSTATUS samba_kdc_add_compounded_auth(struct auth_user_info_dc *user_info_dc)
{
return add_sid_to_array_attrs_unique(
struct auth_user_info_dc *user_info_dc);
NTSTATUS samba_kdc_add_claims_valid(struct auth_user_info_dc *user_info_dc);
+NTSTATUS samba_kdc_add_fresh_public_key_identity(struct auth_user_info_dc *user_info_dc);
return map_errno_from_nt_status(nt_status);
}
+ if (kdc_request_get_pkinit_freshness_used(r)) {
+ nt_status = samba_kdc_add_fresh_public_key_identity(user_info_dc_shallow_copy);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DBG_ERR("Failed to add Fresh Public Key Identity: %s\n",
+ nt_errstr(nt_status));
+ talloc_free(mem_ctx);
+ return map_errno_from_nt_status(nt_status);
+ }
+ }
+
ret = samba_kdc_get_claims_data_from_db(server_entry->kdc_db_ctx->samdb,
skdc_entry,
&auth_claims.user_claims);