summaryrefslogtreecommitdiffstats
path: root/source3/libsmb/clikrb5.c
Commit message (Collapse)AuthorAgeFilesLines
* s3: Remove two talloc_autofree_context() callsVolker Lendecke2010-09-261-2/+2
| | | | Both allocated blobs are freed in their routines
* s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCsAndrew Bartlett2010-09-111-3/+1
| | | | | | | | | | | | | The idea of this patch is: Don't support a mix of different kerberos features. Either we should prepare a GSSAPI (8003) checksum and mark the request as such, or we should use the old behaviour (a normal kerberos checksum of 0 data). Sending the GSSAPI checksum data, but without marking it as GSSAPI broke Samba4, and seems well outside the expected behaviour, even if Windows accepts it. Andrew Bartlett
* s3-kerberos: try to fix the build w/o kerberos support.Günther Deschner2010-08-301-1/+7
| | | | Guenther
* s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett2010-08-131-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
* s3-krb5: include krb5pac.h where needed.Günther Deschner2010-08-061-0/+1
| | | | Guenther
* Fix bug 7583 - Smbclient fails to kerberos connect to a Alfresco JLAN CIFS ↵Jeremy Allison2010-07-231-152/+151
| | | | | | | | | | Server Correctly calculate the gssapi channel binding checkum. Jeremy Signed off by: simo <idra@samba.org>
* s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce2010-07-201-10/+17
|
* misc: cleanup get_krb5_smb_session_key()Simo Sorce2010-07-201-8/+15
|
* misc: cleanup cli_krb5_get_ticket()Simo Sorce2010-07-201-21/+20
|
* s3: fix build on Heimdal based systems like NetBSD5Björn Jacke2010-06-051-3/+3
|
* s3: remove authdata.hGünther Deschner2010-06-031-1/+8
| | | | Guenther
* s3-kerberos: add a missing reference to authdata headers.Günther Deschner2009-11-271-0/+1
| | | | Guenther
* s3-kerberos: only use krb5 headers where required.Günther Deschner2009-11-271-3/+1
| | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
* s3-kerberos: Fix Bug #6929: build with recent heimdal.Günther Deschner2009-11-271-1/+1
| | | | | | | Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier for activation) in new releases (like 1.3.1). Guenther
* s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.Günther Deschner2009-11-121-0/+4
| | | | Guenther
* s3-kerberos: add smb_krb5_principal_get_realm().Günther Deschner2009-11-121-0/+25
| | | | Guenther
* Revert "s3-kerberos: add smb_krb5_parse_name_flags()."Günther Deschner2009-11-061-18/+0
| | | | This reverts commit 17ef153b68795fec681f9ce17c198236aba2b1c2.
* s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().Günther Deschner2009-11-061-5/+20
| | | | Guenther
* s3-kerberos: use smb_krb5_get_credentials in ads_krb5_mk_req.Günther Deschner2009-11-061-4/+7
| | | | Guenther
* s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner2009-11-061-2/+4
| | | | Guenther
* s3-kerberos: add smb_krb5_get_{creds,credentials} incl. support for S4U2SELF ↵Günther Deschner2009-11-061-1/+270
| | | | | | impersonation. Guenther
* s3-kerberos: add smb_krb5_parse_name_flags().Günther Deschner2009-11-061-0/+18
| | | | Guenther
* s3: fixed krb5 build problem on ubuntu karmicAndrew Tridgell2009-10-161-0/+9
| | | | | | | Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
* More conversions of NULL -> talloc_autofree_context()Jeremy Allison2009-07-161-2/+2
| | | | | so we at least know when we're using a long-lived context. Jeremy.
* clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij2009-06-041-3/+8
| | | | | Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype.
* s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett2009-04-071-11/+12
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-krb5: Fix Coverity #722 (RESOURCE_LEAK).Günther Deschner2009-03-201-12/+18
| | | | Guenther
* Don't miss an absolute pathname as a kerberos keytab path. From Glenn Machin ↵Jeremy Allison2009-02-171-0/+5
| | | | | | <gmachin@sandia.gov>. Jeremy.
* Memory leaks and other fixes found by Coveritytodd stecher2009-01-211-5/+5
|
* s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner2008-10-221-26/+36
| | | | Guenther
* s3: use shared asn1 code.Günther Deschner2008-10-221-2/+2
| | | | Guenther
* Cope with changed signature of http_timestring().Jelmer Vernooij2008-10-111-2/+2
|
* Fix blocker bug 5745 kerberos authentication with (lib)smbclient is broken.Jeremy Allison2008-09-101-2/+14
| | | | | Jeremy. (This used to be commit a59bd0e4854117a8646f4d388a0f7285362d5ba2)
* Remove a duplicate retval checkVolker Lendecke2008-08-311-8/+2
| | | | | Jeremy, please check! (This used to be commit 6579005e6490f1a99b3860627ba51decaeb864bd)
* kerberos: use KRB5_KT_KEY macro where appropriate.Günther Deschner2008-08-291-15/+5
| | | | | Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
* kerberos: move the KRB5_KEY* macros to header file.Günther Deschner2008-08-291-12/+0
| | | | | Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
* Fix length error in wrapping spnego blobIgor Mammedov2008-08-181-1/+1
| | | | (This used to be commit 16ee95494ba495c5f5ff8779206f380db1067b2d)
* fix build warning.Günther Deschner2008-08-111-1/+1
| | | | | Guenther (This used to be commit 85021d6a459c957cc276a93c3515029244f52677)
* One more build fix. Ensure we have KRB5_AUTH_CONTEXT_USE_SUBKEY defined ↵Jeremy Allison2008-08-081-3/+3
| | | | | | | before we compile the new code. Jeremy. (This used to be commit 7686752c5b015b15a6729631ba4aeedd25ebc659)
* Try and fix the build for systems that don't have ↵Jeremy Allison2008-08-081-3/+3
| | | | | | | krb5_auth_con_set_req_cksumtype(). Jeremy. (This used to be commit 8598e7b06ec57ca6fcde863270e6bb0e2de9993e)
* Add Derrick Schommer's <dschommer@F5.com> kerberos delegation patch. SomeJeremy Allison2008-08-081-2/+184
| | | | | | work by me and advice by Love. Jeremy. (This used to be commit ecc3838e4cb5d0c0769ec6d9a34a877ca584ffcc)
* clikrb5: don't use krb5_keyblock_init() when no salt is specifiedStefan Metzmacher2008-08-041-35/+30
| | | | | | | | | If the caller wants to create a key with no salt we should not use krb5_keyblock_init() (only used when using heimdal) because it does sanity checks on the key length. metze (This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1)
* Fix return of uninitialized variable.Jeremy Allison2008-06-261-1/+1
| | | | | Jeremy. (This used to be commit 384052f546af8c1c6848c03cad4f2ba618ba7209)
* kerberos: add smb_krb5_keytab_name().Günther Deschner2008-06-241-0/+22
| | | | | Guenther (This used to be commit c273ce8798062d1b55100411f3e92a01bdbf611c)
* kerberos: make smb_krb5_kt_add_entry public, allow to pass keys without ↵Günther Deschner2008-06-241-18/+38
| | | | | | | salting them. Guenther (This used to be commit 7c4da23be1105dc224033b21eb486e7fcdc7d9c5)
* clikrb5: remove unrequired create_kerberos_key_from_string_direct() prototype.Günther Deschner2008-06-171-10/+10
| | | | | Guenther (This used to be commit ec86852fc6ce2d88ad5835c8fcb337c68fd6f6bc)
* Cleanup size_t return values in callers of convert_string_allocateTim Prouty2008-05-201-3/+6
| | | | | | This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
* Use new IDL based PAC structures in clikrb5.cGünther Deschner2008-02-171-7/+7
| | | | | Guenther (This used to be commit 3b0135d57e1e70175a5eec49b603a2e5f700c770)
* Make heimdal and MIT happy when iterating through auth data.Günther Deschner2007-12-121-3/+3
| | | | | Guenther (This used to be commit 507247dcbf0ef02825a6c5c5f313813714df2d99)
* Vista SP1-rc1 appears to break against Samba-3.0.27aGuenther Deschner2007-12-121-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jason, Jason Haar wrote: > Patched 3.0.28, compiled, installed and here's the log file. > > Hope it helps. BTW I don't think it matters, but this is on 32bit > CentOS4.5 systems. yes, it helps. Thanks for that. Very interesting, there are two auth data structures where the first one is a PAC and the second something unknown (yet). Can you please try the attached fix ? It should make it work again. Guenther - -- Günther Deschner GPG-ID: 8EE11688 Red Hat gdeschner@redhat.com Samba Team gd@samba.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd MPsZW4G31VOVu64SPjgnJiI= =Co+H -----END PGP SIGNATURE----- (This used to be commit c9adc07ca2a3bb1e0ea98e3b4f68e1a87e5c0196)
generated by cgit (git 2.34.1) at 2025-09-25 20:12:03 +0000