summaryrefslogtreecommitdiffstats
path: root/source3/libads/kerberos.c
Commit message (Collapse)AuthorAgeFilesLines
* Correctly check for errors in strlower_m() returns.Jeremy Allison2012-08-091-1/+1
|
* Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2012-08-091-1/+3
|
* Make krb5 wrapper library common so they can be used all overSimo Sorce2012-04-231-1/+36
|
* clikrb5: Move pure krb wrapper functions from libads to clikrb5.Simo Sorce2012-04-121-140/+0
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* krb5: Require krb5_get_host_realm and krb5_free_host_realm be available to ↵Andrew Bartlett2012-01-101-4/+0
| | | | build with krb5
* s3-libads Factor out a new routine ↵Andrew Bartlett2012-01-051-7/+43
| | | | | | | | | | | | kerberos_get_principal_from_service_hostname() This is now used in the GSE GSSAPI client, so that when we connect to a target server at the CIFS level, we use the same name to connect at the DCE/RPC level. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Fix some False/NULL hickupsVolker Lendecke2011-12-201-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
* s3: Before adding KDC's to the krb5.conf, cldap ping themVolker Lendecke2011-10-171-47/+101
| | | | | | | | | | Some Kerberos libraries don't do proper failover. This fixes the situation where a KDC exists in DNS but is not reachable for some reason. Ported to master by Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
* s3: Slightly simplify print_kdc_line()Volker Lendecke2011-09-261-10/+8
| | | | | | | | No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Sep 26 18:24:25 CEST 2011 on sn-devel-104
* s3: Slightly simplify print_kdc_line()Volker Lendecke2011-09-261-20/+19
| | | | | No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete.
* s3: Slightly simplify print_kdc_line()Volker Lendecke2011-09-261-49/+52
| | | | | No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete.
* s3: Add some const to create_local_private_krb5_conf_for_domainVolker Lendecke2011-09-181-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Sep 18 23:31:28 CEST 2011 on sn-devel-104
* s3: Add some const to print_kdc_lineVolker Lendecke2011-09-181-1/+1
|
* s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2011-06-091-1/+1
| | | | | | | | There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
* s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
* Remove another PATH_MAX.Jeremy Allison2011-06-021-12/+27
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jun 2 02:51:06 CEST 2011 on sn-devel-104
* More const fixes for compiler warnings from the waf build.Jeremy Allison2011-05-051-2/+2
|
* s3-includes: only include system/filesys.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: Fix some nonempty blank linesVolker Lendecke2011-02-271-10/+9
|
* s3-secrets: only include secrets.h when needed.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3: avoid global include of ads.h.Günther Deschner2010-08-051-52/+1
| | | | Guenther
* s3-build: use ndr_misc.h where needed.Günther Deschner2010-05-281-0/+1
| | | | Guenther
* s3: Remove use of iconv_convenience.Jelmer Vernooij2010-05-181-3/+2
|
* s3-kerberos: temporary fix for ipv6 in print_kdc_line().Günther Deschner2010-05-171-5/+20
| | | | | | | | | | Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill in just the kdc_name if we have it and let the krb5 lib figure out the appropriate ipv6 address ipv6 gurus, please check. Guenther
* s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner2010-05-171-7/+12
| | | | Guenther
* Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison2010-01-301-0/+52
| | | | | | | | | | | Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
* s3-kerberos: only use krb5 headers where required.Günther Deschner2009-11-271-0/+1
| | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
* s3-kerberos: fix some build warnings when building against heimdal.Günther Deschner2009-11-061-2/+2
| | | | Guenther
* Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke2009-08-261-1/+6
| | | | | | | | | | | | | | This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
* Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() ifJelmer Vernooij2009-04-201-1/+1
| | | | the system one is broken.
* s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett2009-04-071-4/+4
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-krb5: Fix Coverity #762 (REVERSE_INULL).Günther Deschner2009-03-201-6/+6
| | | | Guenther
* s3: use pidl to pull a KRB5_EDATA_NTSTATUS.Günther Deschner2009-02-061-36/+6
| | | | Guenther
* s3:libads: use lock_path for creating paths to local krb5.conf filesMichael Adam2009-01-161-2/+3
| | | | | | | | instead of manually doing an asprintf with lp_lockdir() Michael squash
* s3:libads: give create_local_private_krb5_conf_for_domain() a common exit pointMichael Adam2009-01-161-30/+20
| | | | Michael
* s3: Change sockaddr util function names for consistencyTim Prouty2008-12-031-3/+3
| | | | Also eliminates name conflicts with OneFS system libraries
* Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij2008-10-231-4/+5
| | | | | otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
* kerberos: fix indent of enc type lines in generated krb5.conf files.Günther Deschner2008-09-041-3/+3
| | | | | Guenther (This used to be commit 18a26f08b6fab4119a1421a7ca59c32dde8bb8cb)
* libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.Günther Deschner2008-06-241-0/+6
| | | | | Guenther (This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
* Memory leak fixes from Chere Zhou <czhou@isilon.com>.Jeremy Allison2008-05-271-0/+4
| | | | | Jeremy. (This used to be commit 201bcc8ed291b51be6f4508c6aa1cb17ce6dcbe3)
* Fix some comments to match get_kdc_ip_string()'s behaviourroot2008-05-191-1/+7
| | | | (This used to be commit 30956c784f58870ad552a3869d80f99872c31375)
* Coverity fixesMarc VanHeyningen2008-03-171-2/+4
| | | | (This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
* Fix Coverity ID 551Volker Lendecke2008-03-081-0/+2
| | | | | | | Correctly return if we can't create the temporary krb5.conf Jeremy, please check! (This used to be commit c2401811aa3d02a9e27969687b9ea035407000c3)
* Fix some warningsVolker Lendecke2008-02-251-7/+15
| | | | | warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result (This used to be commit ad37b7b0aee265a3e4d8b7552610f4b9a105434d)
* Restrict the enctypes in the generated krb5.conf files to Win2003 types.Gerald W. Carter2008-01-281-4/+8
| | | | | | | This fixes the failure observed on FC8 when joining a Windows 2008 RC1 domain. We currently do not handle user session keys correctly when the KDC uses AES in the ticket replies. (This used to be commit 8039a2518caae54bc876368c73ec493f3cd4eb73)
* Tidy up code and debug for non-default krb5 IPv6 port.Jeremy Allison2008-01-161-9/+15
| | | | | Jeremy. (This used to be commit 79b7972de4c2a8c71e37642ddf7e5bbed53dd58a)
* Fix IPv6 bug #5204, which caused krb5 DNS lookupsJeremy Allison2008-01-161-13/+56
| | | | | | for a name '[<ipv6 addr>'. Jeremy. (This used to be commit f2aa921505e49f894bfed4e5e2f9fc01918b1bb0)
* Print principal in debug statement in kerberos_kinit_password() as well.Günther Deschner2008-01-141-1/+2
| | | | | Guenther (This used to be commit 44d67e84625a2a1a93baecef0e418b48e982443b)
* While 'data' is usually 0 terminated, nothing in the spec requires that. The ↵Simo Sorce2007-12-171-1/+4
| | | | | | | correct way is to copy only 'length' bytes. Simo. (This used to be commit 814c1b0e0034fb67c7718760dfcf913904f3e7fa)
* Doh, fix typo in error exit.Jeremy Allison2007-12-151-2/+2
| | | | | Jeremy. (This used to be commit 44918f39c0598eec681eb9e5c65452f04809c375)
generated by cgit (git 2.34.1) at 2025-09-25 21:24:37 +0000