IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Previously any errors noticed during the main loop would be ignored.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 14 23:16:16 UTC 2024 on atb-devel-224
This is unused in Samba currently, but is a subtle race that will be difficult
to debug if this is ever used, so this makes things easier for some future
developer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This allows us to mask out RC4 and insist on the modern AES types
where that makes sense.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Replace a call to dbwrap_fetch_locked() with the higherlevel
dbwrap_delete().
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We shall need to add extra SIDs on the end.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Having the lifetime of the encoded claims be tied in a predictable
fashion to a caller‐controlled memory context is less prone to error.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The new ‘claims_data’ structure can store claims in three different
representations — as an encoded blob, as a CLAIMS_SET structure, or as a
series of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claims. Given a set of
claims, the accompanying functions provide a way to convert them into
the desired format.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Some functions in the auth_session subsystem will need to be able to
call encode_claims_set(). Moving said function lets them do that whilst
avoiding circular dependencies and additional public dependencies.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Future callers will rely on resource_groups_out being talloc‐allocated.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
For non-testing callers of auth_generate_session_info(), passing
lp_ctx will allow us to correctly set a flag indicating if claims
should be evaluated.
For testing applications, the default will allow safe operation
inspecting the SID list.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This implementation is no longer called: using a variable of static
storage duration as a conduit for return values is only asking for
trouble.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This implementation doesn’t rely on a variable of static storage
duration being used as a conduit for the return value.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
For now this function is a mere wrapper round krb5_princ_component(),
but one whose interface allows for a more sensible implementation.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
