samba.git/source4/auth/session.h, branch master Unnamed repository; edit this file 'description' to name the repository. s4:auth: Have claims_data_encoded_claims_set() return a reference to the encoded claims 2023-10-12T23:13:32+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-10-05T02:11:42+00:00 3e5aba62ecdc227466879d2e74d7314b5f21e6c0 Having the lifetime of the encoded claims be tied in a predictable fashion to a caller‐controlled memory context is less prone to error. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Having the lifetime of the encoded claims be tied in a predictable
fashion to a caller‐controlled memory context is less prone to error.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:auth: Add parameters for claims and device info to auth_generate_security_token() 2023-10-01T22:45:38+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-27T02:16:21+00:00 8a5921d9747929a306b41fbfbe2d860da9d8a164 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:auth: Rename parameter to match function implementation 2023-10-01T22:45:38+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-27T02:08:26+00:00 4f0ba2b0bf2d30790a0de7c41989d67a6b2341c5 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:auth: Add functions to convert between different claims formats 2023-09-27T02:43:28+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-21T03:13:20+00:00 4839adf9da134d83cd6c6a6dcbe48c6c525ac619 The new ‘claims_data’ structure can store claims in three different representations — as an encoded blob, as a CLAIMS_SET structure, or as a series of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claims. Given a set of claims, the accompanying functions provide a way to convert them into the desired format. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
The new ‘claims_data’ structure can store claims in three different
representations — as an encoded blob, as a CLAIMS_SET structure, or as a
series of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claims. Given a set of
claims, the accompanying functions provide a way to convert them into
the desired format.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:auth: Include missing headers 2023-09-27T02:43:28+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-21T03:14:55+00:00 58aa8d99c4f33b26d0bcb809d0cae1de1435219a Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:kdc: Move encode_claims_set() into the auth_session subsystem 2023-09-27T02:43:28+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-09-21T02:48:02+00:00 5e164cc2d662c0d7c13ae2d588f79c394f671b39 Some functions in the auth_session subsystem will need to be able to call encode_claims_set(). Moving said function lets them do that whilst avoiding circular dependencies and additional public dependencies. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Some functions in the auth_session subsystem will need to be able to
call encode_claims_set(). Moving said function lets them do that whilst
avoiding circular dependencies and additional public dependencies.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:auth: Fix code spelling 2023-08-03T14:31:34+00:00 Andreas Schneider asn@samba.org 2023-07-20T09:34:28+00:00 795e464cfaf806f758ab4c12b815d9eb4aaf3c02 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
 s4:auth: Fix typos 2023-05-18T01:03:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-05-09T02:06:23+00:00 9aaedb152ca2e4188b5329d6af1ffa91b97d1ffe Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:auth: Split out new function to generate a security token 2023-05-18T01:03:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-05-09T02:30:40+00:00 e2e752b5461ab3806d8ac9165ee82a77dff6a063 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:kdc: Don't modify cached user_info_dc SIDs 2023-03-22T18:40:31+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-03-20T02:02:53+00:00 9c4f7e4b339d6ed5ed1030f87c9a871b06987265 samba_kdc_get_pac_blobs() passes a pointer to a user_info_dc structure obtained from samba_kdc_get_user_info_from_db() into samba_add_asserted_identity(). The latter function modifies the SIDs of the user_info_dc structure in order to add the Asserted Identity SID, but samba_kdc_get_user_info_from_db() actually caches that structure internally, meaning that subsequent calls will return the modified structure. We should not modify cached SIDs, so have samba_kdc_get_user_info_from_db() return a pointer to constant data, and copy the returned array of SIDs before adding the Asserted Identity SID. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
samba_kdc_get_pac_blobs() passes a pointer to a user_info_dc structure
obtained from samba_kdc_get_user_info_from_db() into
samba_add_asserted_identity(). The latter function modifies the SIDs of
the user_info_dc structure in order to add the Asserted Identity SID,
but samba_kdc_get_user_info_from_db() actually caches that structure
internally, meaning that subsequent calls will return the modified
structure.

We should not modify cached SIDs, so have
samba_kdc_get_user_info_from_db() return a pointer to constant data, and
copy the returned array of SIDs before adding the Asserted Identity SID.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>