samba.git/source4/kdc, branch talloc-2.3.4 Unnamed repository; edit this file 'description' to name the repository. s4:kdc: Add asserted identity SID to identify whether S4U2Self has occurred 2022-04-13T13:54:27+00:00 Andreas Schneider asn@samba.org 2021-10-11T12:47:25+00:00 9ad03f51a34359c9b0d513dd8c3c17b635469c8f Because the KDC does not limit protocol transition (S4U2Self), two new well-known SIDs are available to give this control to the resource administrator. These SIDs identify whether protocol transition (S4U2Self) has occurred, and can be used with standard access control lists to grant or limit access as needed. See https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Apr 13 13:54:27 UTC 2022 on sn-devel-184 
Because the KDC does not limit protocol transition (S4U2Self), two new
well-known SIDs are available to give this control to the resource
administrator. These SIDs identify whether protocol transition (S4U2Self) has
occurred, and can be used with standard access control lists to grant or limit
access as needed.

See
https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 13 13:54:27 UTC 2022 on sn-devel-184
s4:kdc: Fix S4U2Proxy in RODC case to return an error 2022-04-13T12:59:30+00:00 Andreas Schneider asn@samba.org 2022-03-23T15:34:25+00:00 887f0cf243a3d4bc3e87654794c3bc8ec6857aac Tested also against Windows Server 2022. Details: https://lists.samba.org/archive/cifs-protocol/2022-April/003673.html Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> 
Tested also against Windows Server 2022.

Details:
https://lists.samba.org/archive/cifs-protocol/2022-April/003673.html

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
s4:kdc: pass down SAMBA_KDC_FLAG_PROTOCOL_TRANSITION to samba_kdc_update_pac() 2022-04-13T12:59:30+00:00 Andreas Schneider asn@samba.org 2021-10-11T12:47:25+00:00 461dc44e740aacad41bb0df0552560d1eb3c6ea8 This gives samba_kdc_update_pac() a chance to detect S4U2Self. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> 
This gives samba_kdc_update_pac() a chance to detect S4U2Self.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
s4:mit-samba: Pass flags to mit_samba_get_pac() 2022-04-13T12:59:30+00:00 Andreas Schneider asn@samba.org 2021-10-11T11:33:33+00:00 2a79a5eef8ff103f9a5c42f1d14a7d4a84df93d7 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 s4:mit-samba: Pass flags to ks_get_pac() 2022-04-13T12:59:30+00:00 Andreas Schneider asn@samba.org 2021-10-11T11:31:49+00:00 c29d5fcbea335d0382a3d42da36e7aeed817a71b Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 s4:kdc: Set debug class for pac-glue 2022-04-13T12:59:30+00:00 Andreas Schneider asn@samba.org 2022-03-23T16:25:09+00:00 dbbb5ca169ee412cfe1e26e5b98e2a07aeedbbc9 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 Add missing final newline to end of c file 2022-04-01T10:29:31+00:00 Andreas Schneider asn@samba.org 2022-03-16T14:40:28+00:00 59d1044e557d10f8aee3b4900f57e0ebbe6def88 find $(pwd) -type f -name "*.c" | xargs sed -i -e '$a\' Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
find $(pwd) -type f -name "*.c" | xargs sed -i -e '$a\'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 s4:kdc: Add Smart Card and file based PKINIT support 2022-03-25T20:58:33+00:00 Andreas Schneider asn@samba.org 2022-01-19T11:49:45+00:00 28f57a757b65a734c13f55501dc2f92efacad7dd Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 s4:kdc: If we set the kerberos debug level to 10 write a trace file 2022-03-25T20:58:33+00:00 Andreas Schneider asn@samba.org 2022-01-20T07:46:55+00:00 5636c59a6d06a2ee092c64a736ad333bf9eac9aa Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 s4:kdc: Remove trailing white spaces in kdc-service-mit.c 2022-03-25T20:58:33+00:00 Andreas Schneider asn@samba.org 2022-02-24T11:18:18+00:00 7b226a66ac6aae266692b08c62a93829746238a8 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>