summaryrefslogtreecommitdiff
path: root/source4/kdc/pac-glue.c
AgeCommit message (Expand)AuthorFilesLines
2026-01-20lib: Remove &data_blob_null refsVolker Lendecke1-3/+6
2025-04-03s4:kdc: samba_kdc_add_compounded_auth() should add Compounded_Authentication ...Stefan Metzmacher1-1/+5
2025-04-03s4:kdc: only use compound authentication with an explicit FAST armorStefan Metzmacher1-0/+4
2025-04-03s4:kdc: samba_kdc_update_pac() doesn't need explicit delegated_proxy_principalStefan Metzmacher1-5/+1
2025-04-03s4:kdc: store pac_princ in struct samba_kdc_entry_pacStefan Metzmacher1-4/+23
2025-04-03s4:kdc: pass pac_princ to samba_kdc_entry_pac()Stefan Metzmacher1-0/+1
2025-04-03s4:kdc: pass pac_princ to samba_kdc_entry_pac_from_trusted()Stefan Metzmacher1-0/+1
2025-04-03s4:kdc: let samba_kdc_entry_pac[_from_trusted]() assert krbtgt is valid if pa...Stefan Metzmacher1-0/+8
2025-02-22s4:kdc: split access check preparation from the actual check in samba_kdc_upd...Stefan Metzmacher1-24/+37
2025-02-22s4:kdc: let samba_kdc_get_claims_blob() check msDS-EgressClaimsTransformation...Stefan Metzmacher1-2/+148
2025-02-22s4:kdc: let samba_kdc_get_claims_data() check msDS-IngressClaimsTransformatio...Stefan Metzmacher1-10/+75
2025-02-22s4:kdc: let samba_kdc_update_pac() always call samba_kdc_get_upn_info_blob()Stefan Metzmacher1-17/+15
2025-02-22s4:kdc: let samba_kdc_update_pac() always call samba_kdc_get_logon_info_blob()Stefan Metzmacher1-31/+12
2025-02-22s4:kdc: also pass override_resource_groups to samba_kdc_get_logon_info_blob()Stefan Metzmacher1-1/+4
2025-02-22s4:kdc: move device_{info,claims}_blob generation in samba_kdc_update_pac()Stefan Metzmacher1-27/+27
2025-02-22s4:kdc: regenerate the client claims blob in samba_kdc_update_pac() if neededStefan Metzmacher1-10/+4
2025-02-22s4:kdc: let samba_kdc_get_claims_data() indicate if regeneration is neededStefan Metzmacher1-9/+30
2025-02-22s4:kdc: rewrite the logic in samba_kdc_get_claims_data()Stefan Metzmacher1-22/+29
2025-02-22s4:kdc: let samba_kdc_get_claims_data_from_pac() return if a buffer was foundStefan Metzmacher1-4/+15
2025-02-22s4:kdc: let samba_kdc_get_pac() use samba_kdc_get_claims_blob()Stefan Metzmacher1-5/+5
2025-02-22s4:kdc: let samba_kdc_get_claims_blob() take struct claims_data as input.Stefan Metzmacher1-15/+2
2025-02-22s4:kdc: let samba_kdc_update_pac() always fetch the user claimsStefan Metzmacher1-13/+27
2025-02-22s4:kdc: let samba_kdc_update_pac() use samba_kdc_entry_pac_valid_principal() ...Stefan Metzmacher1-1/+1
2025-02-22s4:kdc: remove useless samba_kdc_get_user_info_dc() from samba_kdc_get_device...Stefan Metzmacher1-20/+2
2025-02-22s4:kdc: move user_info_dc_shallow_copy variable in samba_kdc_update_pac()Stefan Metzmacher1-1/+2
2025-02-22s4:kdc: move samba_kdc_get_user_info_dc() for the device in samba_kdc_update_...Stefan Metzmacher1-14/+12
2025-02-22s4:kdc: move samba_kdc_get_user_info_dc() up in samba_kdc_update_pac()Stefan Metzmacher1-20/+20
2025-02-22s4:kdc: introduce need_device helper variable in samba_kdc_update_pac()Stefan Metzmacher1-6/+16
2025-02-22s4:kdc: make samba_kdc_get_{user_info_dc,claims_data} staticStefan Metzmacher1-0/+9
2025-02-22s4:kdc: pass samba_kdc_entry_pac to samba_kdc_check_s4u2proxy_rbcd()Stefan Metzmacher1-3/+45
2025-02-22s4:kdc: move samba_kdc_check_s4u2proxy_rbcd() from db-glue to pac-glueStefan Metzmacher1-0/+174
2025-02-22s4:kdc: make a lot of pac-glue.c functions staticStefan Metzmacher1-2/+27
2025-02-22s4:kdc: split out samba_kdc_get_pac() from samba_wdc_get_pac()Stefan Metzmacher1-0/+279
2025-02-22s4:kdc: don't return ENOENT from samba_kdc_get_claims_data[_from_pac]Stefan Metzmacher1-0/+2
2025-02-14s4:kdc: pass the full samba_kdc_db_context to most helper functionsStefan Metzmacher1-30/+31
2025-02-14s4:kdc: let struct samba_kdc_entry_pac remember the krbtgt samba_kdc_entryStefan Metzmacher1-5/+5
2025-02-14s4:kdc: always go through samba_kdc_get_device_info_blob()Stefan Metzmacher1-147/+7
2024-06-10s4-auth: Use consistant externally-supplied time in auth stackAndrew Bartlett1-0/+1
2024-02-28s4-kdc: Add "Fresh Public Key Identity" SID if PKINIT freshness usedAndrew Bartlett1-0/+10
2023-11-07s4:kdc: Don’t convey PAC buffers from an RODC‐issued PACJoseph Sutton1-1/+6
2023-11-07s4:kdc: Move return code checks closer to where the return codes are setJoseph Sutton1-4/+6
2023-11-01s4:kdc: Have samba_kdc_get_device_info_blob() call samba_kdc_get_user_info_dc...Joseph Sutton1-41/+11
2023-11-01s4:kdc: Do not add Claims Valid SID twiceJoseph Sutton1-31/+3
2023-11-01s4:kdc: Add the Asserted Identity SID to the PAC only if the original RODC‐...Joseph Sutton1-7/+72
2023-11-01s4:kdc: Add Claims Valid SID to info regenerated from RODC‐issued PACsJoseph Sutton1-0/+8
2023-10-17s4:kdc: Make ‘struct user_info_dc’ members constJoseph Sutton1-1/+4
2023-10-13s4:kdc: Always regard device info when checking a server authentication policyJoseph Sutton1-1/+1
2023-10-12s4:kdc: Make samba_kdc_get_user_info_dc() non‐staticJoseph Sutton1-6/+6
2023-10-12s4:kdc: Use device claims to evaluate client authentication policyJoseph Sutton1-1/+15
2023-10-12s4:kdc: Use claims and device info to evaluate server authentication policyJoseph Sutton1-5/+32
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 11:44:35 +0000