summaryrefslogtreecommitdiffstats
path: root/source4/auth/kerberos
Commit message (Collapse)AuthorAgeFilesLines
...
* heimdal: Fix name of hx509 library.Jelmer Vernooij2010-10-051-1/+1
|
* s4-kerberos Don't regenerate key values for each alias in keytabAndrew Bartlett2010-10-021-43/+35
| | | | | | | | | Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
* s4-auth Add make_server_info_pac() to include 'resource domain' groupsAndrew Bartlett2010-10-021-5/+3
| | | | | | | | Previously, our PAC code didn't include these groups into the server_info from which we would eventually calculate the full list of tokenGroups. Andrew Bartlett
* s4-auth: fixed a vagrind error when creating keytabsAndrew Tridgell2010-10-011-0/+3
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-kerberos Don't segfault if the password isn't specified in keytab generationAndrew Bartlett2010-09-261-0/+7
| | | | | | | Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
* s4-kerberos Rework keytab handling to export servicePrincipalName entriesAndrew Bartlett2010-09-242-126/+164
| | | | | | | This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
* s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett2010-09-242-139/+229
| | | | | | | | This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
* s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes()Andrew Bartlett2010-09-241-2/+3
| | | | | | The previous code never worked Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4-kerberos: obey the credentials setting for forwardable ticketsAndrew Tridgell2010-09-163-27/+40
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-2/+2
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:kerberos Add functions to convert msDS-SupportedEncryptionTypesAndrew Bartlett2010-06-292-0/+60
| | | | | | This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
* s4:provision Add an msDS-SupportedEncryptionTypes entry to our DCAndrew Bartlett2010-06-291-0/+3
| | | | | | | | This ensures that our DC will use all the available encyption types. (The KDC reads this entry to determine what the server supports) Andrew Bartlett
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-182-26/+8
|
* s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett2010-05-023-20/+39
| | | | | | | | | This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
* s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett2010-04-103-50/+161
| | | | | | A torture test to demonstrate will be added soon. Andrew Bartlett
* s4-waf: removed the AUTOGENERATED markersAndrew Tridgell2010-04-061-4/+0
| | | | we won't be using the mk -> wscript generator again
* s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell2010-04-061-0/+2
| | | | them
* build: commit all the waf build files in the treeAndrew Tridgell2010-04-061-0/+11
|
* s4:auth/kerberos/kerberos.c - fix also here a memory leakMatthias Dieter Wallnöfer2010-03-161-0/+1
| | | | The options need to be freed also on this error case.
* s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell2010-02-263-34/+42
| | | | | | | | We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:kdc streamline context initializationSimo Sorce2010-01-312-37/+58
| | | | | Allow other plugins to init the context without having it try to grab sockets or set samba specific logging.
* cleanup: remove trailing spaces and tabsSimo Sorce2010-01-281-37/+37
|
* s4-kerberos: raise the general kerberos debug level to 3Andrew Tridgell2010-01-161-1/+1
| | | | level 2 for every krb request is a bit much
* Strip trailing spacesSimo Sorce2010-01-121-62/+62
|
* s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer2009-10-141-9/+4
| | | | | | For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
* s4:kerberos Use MIT compatible names for these enc typesAndrew Bartlett2009-08-211-1/+1
| | | | | | | | | This is a small start on (ie, the only trivial part of) the work shown in: http://k5wiki.kerberos.org/wiki/Projects/Samba4_Port#Samba.27s_use_of_Heimdal_symbols.2C_with_MIT_differences (a table of all Kerberos symbols used in Samba4, and notes on where they differ from those provided with MIT Kerberos) Andrew Bartlett
* s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett2009-07-282-1/+148
| | | | | | | | | | | | It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
* Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"Stefan Metzmacher2009-07-272-148/+1
| | | | | | | | | | This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze
* s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett2009-07-272-1/+148
| | | | | | | | | | | | It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
* Rework the kerberos-notes.txt in order and formatDon Davis2009-06-301-0/+803
| | | | | | | | This reworks the notes file to be less stream-of-consciousness and more task for porting, with a very particular focus on a potential port of Samba4 to use MIT Kerberos. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* Fixed some uninitialised variablesMatthias Dieter Wallnöfer2009-06-191-5/+1
| | | | I tried hard to not change the program logic. Should fix bug #6439.
* s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett2009-06-124-12/+24
| | | | | | | | | | | 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
* Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005Donald T. Davis2009-06-101-154/+448
| | | | | | | | Compiled with Andrew over a series of phone calls and gobby sessions, with the aim of documenting Kerberos requirements for Samba to us an alternate (ie, MIT) Kerberos library. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:auth/credentials: use krb5_data_free()Stefan Metzmacher2009-03-261-5/+1
| | | | metze
* s4:auth/kerberos: s/private/private_dataStefan Metzmacher2009-02-021-10/+10
| | | | metze
* s4:auth/kerberos: convert to tevent_* apiStefan Metzmacher2009-01-032-14/+13
| | | | metze
* s4:socket: use a socket_wrapper aware function to auto close the fd event ↵Stefan Metzmacher2009-01-031-4/+5
| | | | | | for sockets metze
* s4:lib/tevent: rename structsStefan Metzmacher2008-12-292-8/+8
| | | | | | | | | | | | | | | | | | | | list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
* Rename samba-socket -> samba_socket to fix a couple more compilerJelmer Vernooij2008-12-241-1/+1
| | | | warnings.
* s4:lib/socket: socket_connect_send() and socket_connect_ev() should only ↵Stefan Metzmacher2008-12-181-2/+1
| | | | | | wrok with addresses metze
* Remove two debug parameters, not used anywhere.Jelmer Vernooij2008-11-021-6/+2
| | | | | Andrew, I was pretty sure these could be removed but if not, please let me know.
* Remove unused include param/param.h.Jelmer Vernooij2008-10-241-1/+0
|
* Make sure prototypes are always included, make some functions static andJelmer Vernooij2008-10-203-0/+4
| | | | remove some unused functions.
* Fix include paths to new location of libutil.Jelmer Vernooij2008-10-111-1/+1
|
* Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer2008-09-241-3/+1
| | | | This commit applies some cosmetic corrections for the KERBEROS library.
* Kerberos cosmetic changes: Revert a part of the patchMatthias Dieter Wallnöfer2008-09-241-1/+3
| | | | Reverts a part of the patch because it changes the function of the code (suggested by Jelmer).
* Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer2008-09-243-14/+12
| | | | This commit applies some cosmetic corrections for the KERBEROS library.
* Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett2008-09-031-5/+5
| | | | | | | | This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
* Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett2008-08-281-1/+122
| | | | | | | | | | | | | | This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
* auth/kerberos: remove dependencies to internal heimdalStefan Metzmacher2008-08-012-2/+1
| | | | | metze (This used to be commit ed0fc19ac6a1194e6fd9a6534cbf7453fa870066)
generated by cgit (git 2.34.1) at 2025-09-03 15:10:17 +0000