1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source4/kdc
Isaac Boukris 7655a0298e db-glue.c: set forwardable flag on cross-realm tgt tickets
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233

Match Windows behavior and allow the forwardable flag to be
set in cross-realm tickets. We used to allow forwardable to
any server, but now that we apply disallow-forwardable policy
in heimdal we need to explicitly allow in the corss-realm case
(and remove the workaround we have for it the MIT plugin).

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184
2020-06-12 22:10:34 +00:00
..
mit-kdb mit-kdc: Explicitly reject S4U requests 2020-03-10 14:46:04 +00:00
db-glue.c db-glue.c: set forwardable flag on cross-realm tgt tickets 2020-06-12 22:10:34 +00:00
db-glue.h s4-kdc: Use sdb in db-glue and hdb-samba4 2015-07-30 13:29:27 +02:00
hdb-samba4-plugin.c
hdb-samba4.c auth auth_log: csbuild unused parm unix_username 2019-06-13 07:16:22 +00:00
kdc-glue.c s4-kdc: move kdc_check_pac() to a new subsystem KDC-GLUE. 2015-07-21 19:04:14 +02:00
kdc-glue.h s4-kdc: Create a kdc-proxy.h header file 2016-06-18 23:32:27 +02:00
kdc-heimdal.c s4:kdc: Fix size type for num_bind in kdc-heimdal 2019-01-19 15:36:51 +01:00
kdc-proxy.c kdc: Fix CID 1435720 Unchecked return value 2018-05-24 00:43:52 +02:00
kdc-proxy.h s4-kdc: Create a kdc-proxy.h header file 2016-06-18 23:32:27 +02:00
kdc-server.c source4/smbd: refactor the process model for prefork 2017-10-19 05:33:09 +02:00
kdc-server.h s4-kdc: Allow to set the keytab_name in the kdc_server structure 2016-09-13 00:19:24 +02:00
kdc-service-mit.c s4-kdc: restore MIT KDC backend 2018-11-09 17:52:30 +01:00
kdc-service-mit.h s4-kdc: restore MIT KDC backend 2018-11-09 17:52:30 +01:00
kpasswd_glue.c samdb: Add remote address to connect 2018-05-10 20:02:23 +02:00
kpasswd_glue.h s4-kdc_kpasswd: split out some code to a KPASSWD_GLUE subsystem. 2015-07-21 19:04:14 +02:00
kpasswd-helper.c samdb: Add remote address to connect 2018-05-10 20:02:23 +02:00
kpasswd-helper.h s4-kdc: Add a kpasswd_samdb_set_password() helper function 2016-09-13 00:19:24 +02:00
kpasswd-service-heimdal.c s4-kdc: Add new kpasswd service Heimdal backend 2016-09-13 00:19:25 +02:00
kpasswd-service-mit.c krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm() 2018-11-28 17:44:15 +01:00
kpasswd-service.c s4:kdc: make use of gensec_update() in kpasswd_process() 2017-05-21 21:05:12 +02:00
kpasswd-service.h s4-kdc: Add a new kpasswd service implementation 2016-09-13 00:19:25 +02:00
ktutil.c s4: Add kerberos tracing 2018-12-20 01:31:17 +01:00
mit_kdc_irpc.c s4-kdc: Add MIT KRB5 based irpc service for PAC validation 2017-04-29 23:31:09 +02:00
mit_kdc_irpc.h s4-kdc: Add MIT KRB5 based irpc service for PAC validation 2017-04-29 23:31:09 +02:00
mit_samba.c db-glue.c: set forwardable flag on cross-realm tgt tickets 2020-06-12 22:10:34 +00:00
mit_samba.h mit-samba: Remove obsolete mit_samba_update_pac_data() 2017-04-29 23:31:12 +02:00
pac-glue.c s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob 2019-10-21 14:40:38 +00:00
pac-glue.h s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob() 2018-03-19 20:30:52 +01:00
samba_kdc.h s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry 2018-03-19 20:30:52 +01:00
sdb_to_hdb.c s4-sdb: Generate etypes list out of keys list 2016-09-26 02:25:07 +02:00
sdb_to_kdb.c CVE-2019-14870: mit-kdc: enforce delegation_not_allowed flag 2019-12-10 10:44:01 +00:00
sdb.c s4-kdc: Remove unused etypes from sdb structure 2016-09-26 06:08:09 +02:00
sdb.h s4-kdc: Remove unused etypes from sdb structure 2016-09-26 06:08:09 +02:00
wdc-samba4.c s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob() 2018-03-19 20:30:52 +01:00
wscript_build kdc: Send bad password via NETLOGON in RODC 2017-05-30 08:06:06 +02:00