14 Commits

Author	SHA1	Message	Date
Andreas Schneider	c7be3d1fff	s4:mitkdc: Implement mit_samba_check_allowed_to_delegate_from() for RBCD ... This just implements a call in the MIT KDB shim layer. It will be used in the next commits in the KDB plugin. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2022-03-04 14:05:31 +00:00
Andreas Schneider	b20606b291	s4:mitkdc: Add support for S4U2Self & S4U2Proxy ... Pair-Programmed-With: Alexander Bokovoy <ab@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2022-03-04 14:05:31 +00:00
Andreas Schneider	f1ca16f309	s4:mitkdc: Add support for MIT Kerberos 1.20 ... This also addresses CVE-2020-17049. MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It will be released in autumn 2022. We need to support MIT Kerberos 1.19 till enough distributions have been released with MIT Kerberos 1.20. Pair-Programmed-With: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2022-03-04 14:05:31 +00:00
Andreas Schneider	e95fb04c5d	s4:mitkdc: Add support for pac_attrs and requester_sid ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-12-15 03:41:32 +00:00
Andreas Schneider	61fa866449	CVE-2020-25719 mit-samba: Add mit_samba_princ_needs_pac() ... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-11-09 19:45:34 +00:00
Andreas Schneider	764e485450	mit-samba: Remove obsolete mit_samba_update_pac_data() ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2017-04-29 23:31:12 +02:00
Andreas Schneider	648388ad00	s4-kdc: Implement mit_samba_reget_pac() ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2017-04-29 23:31:12 +02:00
Andreas Schneider	a72eecd5bf	mit-samba: Remove unused mit_samba_get_pac_data() ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2017-04-29 23:31:11 +02:00
Andreas Schneider	e240cff591	s4-kdc: Implement mit_samba_get_pac() ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2017-04-29 23:31:11 +02:00
Andreas Schneider	23c249a88b	mit_samba: Add function for handling bad password count ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2016-03-17 04:32:28 +01:00
Andreas Schneider	9734b5d9ed	mit_samba: Add functions to generate random password and salt. ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2016-03-17 04:32:28 +01:00
Andreas Schneider	909e7f9ff6	mit_samba: Add function to change the password ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2016-03-17 04:32:28 +01:00
Andreas Schneider	597772dbd2	mit_samba: Directly pass the principal and kflags ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2016-03-17 04:32:28 +01:00
Andreas Schneider	33fcc76aa7	mit_samba: Make mit_samba a shim layer between Samba and KDB ... Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2016-03-17 04:32:27 +01:00