aboutsummaryrefslogtreecommitdiff
path: root/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c')
-rw-r--r--src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index eaf10cf..5e05511 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -549,3 +549,34 @@ krb5_ldap_audit_as_req(krb5_context kcontext, krb5_kdc_req *request,
{
(void) krb5_ldap_lockout_audit(kcontext, client, authtime, error_code);
}
+
+krb5_error_code
+krb5_ldap_check_allowed_to_delegate(krb5_context context,
+ krb5_const_principal client,
+ const krb5_db_entry *server,
+ krb5_const_principal proxy)
+{
+ krb5_error_code code;
+ krb5_tl_data *tlp;
+
+ code = KRB5KDC_ERR_POLICY;
+
+ for (tlp = server->tl_data; tlp != NULL; tlp = tlp->tl_data_next) {
+ krb5_principal acl;
+
+ if (tlp->tl_data_type != KRB5_TL_CONSTRAINED_DELEGATION_ACL)
+ continue;
+
+ if (krb5_parse_name(context, (char *)tlp->tl_data_contents, &acl) != 0)
+ continue;
+
+ if (krb5_principal_compare(context, proxy, acl)) {
+ code = 0;
+ krb5_free_principal(context, acl);
+ break;
+ }
+ krb5_free_principal(context, acl);
+ }
+
+ return code;
+}
generated by cgit v1.1 at 2024-07-08 20:22:51 +0000