svn commit: samba r10437 - in trunk/source: . auth include lib
libads libsmb nsswitch rpc_parse smbd utils
gd at samba.org
gd at samba.org
Thu Sep 22 23:42:44 GMT 2005
Author: gd
Date: 2005-09-22 23:42:38 +0000 (Thu, 22 Sep 2005)
New Revision: 10437
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10437
Log:
Use the Kerberos PAC when building the user token in a SPNEGO-Kerberos
Session Setup.
In a lot of areas this is a direct port from Samba4 (especially the
validation/verification of PAC signatures). The main difficulty was not
make it work not only with Samba4's heimdal.
The first, most obvious benefit from this: it makes it possible for
Samba3 running in "security = ads" to use share security descriptors,
privileges or any other authorization mechanisms that are based on the
user's sid.
Thanks a lot to Andrew Bartlett and metze.
I tried my best to get original copyrights correct, please shout if I
did that wrong somewhere.
Guenther
Modified:
trunk/source/Makefile.in
trunk/source/auth/auth_util.c
trunk/source/auth/auth_winbind.c
trunk/source/configure.in
trunk/source/include/ads.h
trunk/source/include/authdata.h
trunk/source/include/includes.h
trunk/source/include/rpc_netlogon.h
trunk/source/lib/time.c
trunk/source/libads/authdata.c
trunk/source/libads/kerberos_verify.c
trunk/source/libsmb/clikrb5.c
trunk/source/nsswitch/winbindd_pam.c
trunk/source/rpc_parse/parse_net.c
trunk/source/smbd/sesssetup.c
trunk/source/utils/ntlm_auth.c
Changeset:
Sorry, the patch is too large (2022 lines) to include; please use WebSVN to see it!
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10437
More information about the samba-cvs
mailing list