sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
c69174c07c
samba-mirror/source4/kdc
History
Stefan Metzmacher c69174c07c s4:kdc: pass krbtgt skdc_entries to samba_kdc_update_pac() 
For now we only pass in the krbtgt that verified the client pac
and optionally the krbtgt that verified the device pac.

These can be different depending on the domain of the related
principals.

If we want to apply SID filtering in future we may also need
to pass in the krbtgt that verified the delegated_proxy_pac,
but that needs more research and if not required for the
following changes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-26 11:10:31 +00:00
..
mit-kdb lib:krb5_wrap: Add helper functions to make krb5_data structure 2022-10-05 04:23:33 +00:00
ad_claims.c s4:kdc: Gate claims, auth policies and NTLM restrctions behind 2012/2016 FLs 2023-06-21 19:08:37 +00:00
ad_claims.h s4:kdc: Gate claims, auth policies and NTLM restrctions behind 2012/2016 FLs 2023-06-21 19:08:37 +00:00
authn_policy_util.c s4:kdc: Gate claims, auth policies and NTLM restrctions behind 2012/2016 FLs 2023-06-21 19:08:37 +00:00
authn_policy_util.h s4:kdc: Add function to perform an access check to a service 2023-06-15 05:29:28 +00:00
db-glue.c s4:kdc: Add comment stating that policies aren’t looked up for S4U clients 2023-06-26 11:10:31 +00:00
db-glue.h s4: Add 'const' to some parameters 2023-02-08 00:03:39 +00:00
hdb-samba4-plugin.c CVE-2022-32744 s4:kdc: Modify HDB plugin to only look up kpasswd principal 2022-07-27 10:52:36 +00:00
hdb-samba4.c s4:kdc: Handle new KDC_AUTH_EVENT_CLIENT_FOUND audit event 2023-06-26 11:10:31 +00:00
kdc-glue.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
kdc-glue.h s4:kdc: Add functionality to log client and server authentication policies 2023-06-25 23:29:33 +00:00
kdc-heimdal.c s4:kdc: Replace FAST cookie with dummy string 2023-06-21 13:19:17 +00:00
kdc-proxy.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
kdc-proxy.h s4-kdc: Create a kdc-proxy.h header file 2016-06-18 23:32:27 +02:00
kdc-server.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
kdc-server.h CVE-2022-32744 s4:kdc: Rename keytab_name -> kpasswd_keytab_name 2022-07-27 10:52:36 +00:00
kdc-service-mit.c s4:kdc: Set kerberos debug class for kdc service 2022-09-08 23:34:15 +00:00
kdc-service-mit.h s4-kdc: restore MIT KDC backend 2018-11-09 17:52:30 +01:00
kpasswd_glue.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
kpasswd_glue.h kdc: Remove pre-check for existing NT and LM hash from kpasswd 2022-03-17 01:57:38 +00:00
kpasswd-helper.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
kpasswd-helper.h CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets 2022-07-27 10:52:36 +00:00
kpasswd-service-heimdal.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
kpasswd-service-mit.c s4:kdc: Make use of smb_krb5_data_from_blob() helper function 2022-10-05 04:23:33 +00:00
kpasswd-service.c s4:kdc: Don’t call memcpy() with a NULL pointer 2023-05-05 03:52:30 +00:00
kpasswd-service.h s4-kdc: Add a new kpasswd service implementation 2016-09-13 00:19:25 +02:00
ktutil.c ktutil: Print the numeric enctype if krb5_enctype_to_string() fails 2021-08-06 05:53:44 +00:00
mit_kdc_irpc.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
mit_kdc_irpc.h s4-kdc: Add MIT KRB5 based irpc service for PAC validation 2017-04-29 23:31:09 +02:00
mit_samba.c s4:kdc: pass krbtgt skdc_entries to samba_kdc_update_pac() 2023-06-26 11:10:31 +00:00
mit_samba.h s4:mit-samba: Pass flags to mit_samba_get_pac() 2022-04-13 12:59:30 +00:00
pac-blobs.c s4:kdc: Factor out PAC blob functions into new source file 2023-05-18 01:03:37 +00:00
pac-blobs.h s4:kdc: Factor out PAC blob functions into new source file 2023-05-18 01:03:37 +00:00
pac-glue.c s4:kdc: pass krbtgt skdc_entries to samba_kdc_update_pac() 2023-06-26 11:10:31 +00:00
pac-glue.h s4:kdc: pass krbtgt skdc_entries to samba_kdc_update_pac() 2023-06-26 11:10:31 +00:00
samba_kdc.h s4:kdc: Replace FAST cookie with dummy string 2023-06-21 13:19:17 +00:00
sdb_to_hdb.c s4:kdc: translate sdb_entry->old[er]_keys into hdb_add_history_key() 2023-06-24 07:18:03 +00:00
sdb_to_kdb.c s4:kdc: Set Kerberos debug class for all KDC files 2022-09-12 03:27:55 +00:00
sdb.c CVE-2022-37966 s4:kdc: announce PA-SUPPORTED-ETYPES like windows. 2022-12-13 13:07:30 +00:00
sdb.h s4:kdc: Make maximum lifetime and renew time signed 2023-05-18 01:03:37 +00:00
wdc-samba4.c s4:kdc: pass krbtgt skdc_entries to samba_kdc_update_pac() 2023-06-26 11:10:31 +00:00
wscript_build s4:kdc: Return NTSTATUS and auditing information from samba_kdc_update_pac() to be logged 2023-06-25 23:29:33 +00:00