1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4/kdc
Stefan Metzmacher bf79979f84 s4:kdc: fix user2user tgs-requests for normal user accounts
User2User tgs requests use the session key of the additional
ticket instead of the long term keys based on the password.

In addition User2User also asserts that client and server
are the same account (cecked based on the sid).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Oct 16 15:38:12 UTC 2023 on atb-devel-224
2023-10-16 15:38:12 +00:00
..
mit-kdb s4:kdc: Remove support code for older versions of MIT Kerberos 2023-08-21 23:37:29 +00:00
ad_claims.c s4:kdc: Remove unused function get_claims_blob_for_principal() 2023-10-12 23:13:32 +00:00
ad_claims.h s4:kdc: Remove unused function get_claims_blob_for_principal() 2023-10-12 23:13:32 +00:00
authn_policy_util.c s4:kdc: Add parameters for claims and device info to authn_policy_authenticate_to_service() 2023-10-01 22:45:38 +00:00
authn_policy_util.h s4:kdc: Add parameters for claims and device info to authn_policy_authenticate_to_service() 2023-10-01 22:45:38 +00:00
db-glue.c s4:kdc: fix user2user tgs-requests for normal user accounts 2023-10-16 15:38:12 +00:00
db-glue.h s4:kdc: Pass claims and device info into samba_kdc_check_s4u2proxy_rbcd() 2023-10-12 23:13:32 +00:00
hdb-samba4-plugin.c CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal 2022-07-27 10:52:36 +00:00
hdb-samba4.c s4:kdc: Use claims to evaluate RBCD conditions 2023-10-12 23:13:32 +00:00
kdc-glue.c s4:kdc: Add function to get device PAC entry from Heimdal request structure 2023-10-01 22:45:38 +00:00
kdc-glue.h s4:kdc: Add function to get device PAC entry from Heimdal request structure 2023-10-01 22:45:38 +00:00
kdc-heimdal.c s4:kdc: Correctly report length of KDC packet 2023-08-14 04:57:34 +00:00
kdc-proxy.c s4:kdc: Use newer debugging macros 2023-08-08 04:39:37 +00:00
kdc-proxy.h s4-kdc: Create a kdc-proxy.h header file 2016-06-18 23:32:27 +02:00
kdc-server.c s4:kdc: Refer to correct function in error messages 2023-08-14 04:57:34 +00:00
kdc-server.h CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-27 10:52:36 +00:00
kdc-service-mit.c s4:kdc: Use newer debugging macros 2023-08-08 04:39:37 +00:00
kdc-service-mit.h s4-kdc: restore MIT KDC backend 2018-11-09 17:52:30 +01:00
kpasswd_glue.c s4:kdc: Use newer debugging macros 2023-08-08 04:39:37 +00:00
kpasswd_glue.h kdc: Remove pre-check for existing NT and LM hash from kpasswd 2022-03-17 01:57:38 +00:00
kpasswd-helper.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
kpasswd-helper.h CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-27 10:52:36 +00:00
kpasswd-service-heimdal.c s4:kdc: Remove unnecessary casts 2023-08-14 04:57:34 +00:00
kpasswd-service-mit.c s4:kdc: Remove unnecessary casts 2023-08-14 04:57:34 +00:00
kpasswd-service.c s4:kdc: Add missing newlines to logging messages 2023-08-08 04:39:37 +00:00
kpasswd-service.h s4-kdc: Add a new kpasswd service implementation 2016-09-13 00:19:25 +02:00
ktutil.c s4:kdc: Fix code spelling 2023-08-03 15:25:01 +00:00
mit_kdc_irpc.c s4:kdc: Fail PAC checksum verification if the krbtgt entry has no keys 2023-08-14 04:57:34 +00:00
mit_kdc_irpc.h s4-kdc: Add MIT KRB5 based irpc service for PAC validation 2017-04-29 23:31:09 +02:00
mit_samba.c s4:kdc: Pass claims and device info into samba_kdc_check_s4u2proxy_rbcd() 2023-10-12 23:13:32 +00:00
mit_samba.h s4:mit-samba: Pass flags to mit_samba_get_pac() 2022-04-13 12:59:30 +00:00
pac-blobs.c s4:kdc: Make pac_blobs_remove_blob() never fail 2023-09-14 21:35:29 +00:00
pac-blobs.h s4:kdc: Make pac_blobs_remove_blob() never fail 2023-09-14 21:35:29 +00:00
pac-glue.c s4:kdc: Always regard device info when checking a server authentication policy 2023-10-13 00:11:08 +00:00
pac-glue.h s4:kdc: Make samba_kdc_get_user_info_dc() non‐static 2023-10-12 23:13:32 +00:00
samba_kdc.h s4:kdc: Add functions to fetch claims from the DB or from the PAC 2023-10-12 23:13:32 +00:00
sdb_to_hdb.c s4:kdc: Remove unnecessary assignments 2023-10-01 22:45:38 +00:00
sdb_to_kdb.c s4:kdc: Erase key data 2023-08-14 04:57:34 +00:00
sdb.c s4:kdc: Fix leaks of sdb_entry’s members 2023-08-14 04:57:34 +00:00
sdb.h s4:kdc: fix user2user tgs-requests for normal user accounts 2023-10-16 15:38:12 +00:00
wdc-samba4.c s4:kdc: Adapt interface to new Heimdal revision 2023-10-12 23:13:32 +00:00
wscript_build s4:kdc: Return NTSTATUS and auditing information from samba_kdc_update_pac() to be logged 2023-06-25 23:29:33 +00:00