#include "auth/kerberos/pac_utils.h"
#include "param/param.h"
#include "../libds/common/flags.h"
+#include "../libds/common/roles.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
krb5_principal princ;
const char *error_string;
enum credentials_obtained obtained;
+ enum server_role server_role = lpcfg_server_role(lp_ctx);
+ /*
+ * We require a PAC and can skip the transited check
+ * (unless we're in standalone/MIT-realm mode)
+ */
+ bool skip_transited_check = (server_role != ROLE_STANDALONE);
mem_ctx = talloc_new(cred);
if (!mem_ctx) {
talloc_free(mem_ctx);
return ret;
}
+ maj_stat = smb_gss_krb5_prepare_acceptor_cred(&min_stat,
+ skip_transited_check,
+ &gcc->creds);
+ if (maj_stat) {
+ if (min_stat) {
+ ret = min_stat;
+ } else {
+ ret = EINVAL;
+ }
+ }
+ if (ret != 0) {
+ talloc_free(mem_ctx);
+ return ret;
+ }
cred->server_gss_creds_obtained = cred->keytab_obtained;
talloc_set_destructor(gcc, free_gssapi_creds);
cred->server_gss_creds = gcc;
git.samba.org / metze / samba / wip.git / commitdiff