Author: gd Date: 2005-09-22 23:42:38 +0000 (Thu, 22 Sep 2005) New Revision: 10437
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10437 Log: Use the Kerberos PAC when building the user token in a SPNEGO-Kerberos Session Setup. In a lot of areas this is a direct port from Samba4 (especially the validation/verification of PAC signatures). The main difficulty was not make it work not only with Samba4's heimdal. The first, most obvious benefit from this: it makes it possible for Samba3 running in "security = ads" to use share security descriptors, privileges or any other authorization mechanisms that are based on the user's sid. Thanks a lot to Andrew Bartlett and metze. I tried my best to get original copyrights correct, please shout if I did that wrong somewhere. Guenther Modified: trunk/source/Makefile.in trunk/source/auth/auth_util.c trunk/source/auth/auth_winbind.c trunk/source/configure.in trunk/source/include/ads.h trunk/source/include/authdata.h trunk/source/include/includes.h trunk/source/include/rpc_netlogon.h trunk/source/lib/time.c trunk/source/libads/authdata.c trunk/source/libads/kerberos_verify.c trunk/source/libsmb/clikrb5.c trunk/source/nsswitch/winbindd_pam.c trunk/source/rpc_parse/parse_net.c trunk/source/smbd/sesssetup.c trunk/source/utils/ntlm_auth.c Changeset: Sorry, the patch is too large (2022 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10437