summaryrefslogtreecommitdiffstats
path: root/auth/kerberos
Commit message (Collapse)AuthorAgeFilesLines
* auth/kerberos: explicitly use allow_warnings=TrueStefan Metzmacher2014-04-021-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth/kerberos: fix a typo.Günther Deschner2014-03-121-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac ↵Andrew Bartlett2012-09-221-0/+3
| | | | | | | changes Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Sep 22 02:44:07 CEST 2012 on sn-devel-104
* auth/kerberos: Adjust log level for failed PAC signature verificationChristof Schmitt2012-09-201-1/+1
| | | | | | | | With winbindd trying to verify the signature of an application provided PAC, this message can be easily triggered. Adjust the debug level to avoid filling up the logs. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth/kerberos: Do not do pointer arithmatic on a void *Andrew Bartlett2012-07-301-1/+1
| | | | | | Found with -Werror=pointer-arith Andrew Bartlett
* auth: Common function for retrieving PAC_LOGIN_INFO from PACChristof Schmitt2012-07-062-0/+47
| | | | | | | | Several functions use the same logic as kerberos_pac_logon_info. Move kerberos_pac_logon_info to common code and reuse it to remove the code duplication. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()Alexander Bokovoy2012-06-061-2/+18
| | | | | | | | | | | | | | gss_get_name_attribute() can return unintialized pac_display_buffer and later gss_release_buffer() will crash on attempting to release it. The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514 http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087 We need to initialize variables before using gss_get_name_attribute() Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed Jun 6 18:22:51 CEST 2012 on sn-devel-104
* gse: Use the smb_gss_oid_equal wrapper.Andreas Schneider2012-05-231-1/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into ↵Alexander Bokovoy2012-04-252-1/+2
| | | | | | | | | | | | | | lib/replace/system/gssapi.h With waf build include directories are defined by dependencies specified to subsystems. Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds when there are no system-wide gssapi/gssapi.h available. Split out GSSAPI header includes in a separate replacement header and use that explicitly where needed. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
* Make krb5 wrapper library common so they can be used all overSimo Sorce2012-04-233-4/+55
|
* auth-krb: Move pac related util functions in a single place.Simo Sorce2012-04-124-11/+78
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Make functions static.Simo Sorce2012-04-123-100/+2
| | | | | | | The remaining gssapi_parse functions were used exclusively in gensec_krb5. Move them there and make them static. Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Use simpler method to extract keytype.Simo Sorce2012-04-121-19/+12
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Nove oid packet check to gensec_util.Simo Sorce2012-04-121-20/+0
| | | | | | | | This is clearly a utiliy function generic to gensec. Also the 3 callers had identical implementations. Provide a generic implementation for all of them and avoid duplicating the code everywhere. Signed-off-by: Andreas Schneider <asn@samba.org>
* auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key typeAndrew Bartlett2012-03-081-4/+23
| | | | | | | | | | The key type OID is optional, but we require that information to determine if we should use NEW_SPNEGO. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Mar 8 11:53:57 CET 2012 on sn-devel-104
* auth/kerberos: Ensure we do not print invalid memory in failure caseAndrew Bartlett2012-03-081-4/+1
| | | | | | This codeblock may not have any set->elements, so we should not print them. Copy&paste in the original code. Andrew Bartlett
* auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett2012-02-171-0/+113
| | | | | | | | | gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
* auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett2012-01-121-6/+3
|
* auth/kerberos: Remove unused headers from gssapi_parse.cAndrew Bartlett2012-01-111-2/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth/kerberos: Rename memory contexts for greater clarityAndrew Bartlett2011-12-291-34/+34
| | | | | | | | This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett
* auth/kerberos: Make pac_data_out in kerberos_decode_pac() optionalAndrew Bartlett2011-12-291-3/+32
|
* auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett2011-12-282-2/+121
| | | | | | This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
* Add missing com_err dependenciesEwoud Kohl van Wijngaarden2011-10-061-1/+1
| | | | | | | Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Thu Oct 6 02:10:21 CEST 2011 on sn-devel-104
* auth/kerberos/gssapi_pac: fix compiler warningsStefan Metzmacher2011-06-151-6/+5
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 15 19:06:24 CEST 2011 on sn-devel-104
* Fix Samba3 on OpenIndiana.Gordon Ross2011-05-071-0/+24
| | | | | | | | | | | I'd like Samba to use the native OpenLDAP and MIT Kerberos libs. Attached are some patches to do that. (relative to git master) It does not build for me without these. (OpenIndiana is an off-shoot of OpenSolaris See http://www.openindiana.org) Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat May 7 02:20:14 CEST 2011 on sn-devel-104
* auth/kerberos Add check for gss_inquire_sec_context_by_oidAndrew Bartlett2011-04-271-4/+10
| | | | | | | | | Not all kerberos distributions have this function. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 27 07:39:08 CEST 2011 on sn-devel-104
* auth/kerberos Move all the PAC handling functions to auth/kerberosAndrew Bartlett2011-04-272-1/+365
|
* auth/kerberos: Create common helper to get the verified PAC from GSSAPIAndrew Bartlett2011-04-272-0/+126
This only works for Heimdal and MIT Krb5 1.8, other versions will get an ACCESS_DEINED error. We no longer manually verify any details of the PAC in Samba for GSSAPI logins, as we never had the information to do it properly, and it is better to have the GSSAPI library handle it. Andrew Bartlett
generated by cgit (git 2.34.1) at 2024-06-01 15:48:45 +0000