summaryrefslogtreecommitdiffstats
path: root/source3/libads/kerberos.c
Commit message (Collapse)AuthorAgeFilesLines
* s3-kerberos: make ipv6 support for generated krb5 config files more robust.Günther Deschner2014-04-041-2/+27
| | | | | | | | | | | | | Older MIT Kerberos libraries will add any secondary ipv6 address as ipv4 address, defining the (default) krb5 port 88 circumvents that. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Apr 4 16:33:12 CEST 2014 on sn-devel-104
* s3-kerberos: remove unused kdc_name from ↵Günther Deschner2014-03-071-6/+4
| | | | | | | | | | | | create_local_private_krb5_conf_for_domain(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
* s3-kerberos: remove print_kdc_line() completely.Günther Deschner2014-03-071-68/+5
| | | | | | | | | | | | | | | | Just calling print_canonical_sockaddr() is sufficient, as it already deals with ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is removed as well. It was pointless because it always derived the port number from the provided address which was either a SMB (usually port 445) or LDAP connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC. Finally, the kerberos libraries that we support and build with, can deal with ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of resolving the DC name on the kerberos library anymore. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libads: Print a message if no realm has been specified.Andreas Schneider2013-08-051-1/+7
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Aug 5 12:24:44 CEST 2013 on sn-devel-104
* s3-libads: Fail create_local_private_krb5_conf_for_domain() if parameters ↵Günther Deschner2013-08-051-0/+4
| | | | | | | | | | missing. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Make sure to set umask() before calling mkstemp().Andreas Schneider2013-03-061-0/+3
| | | | | | | Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
* libads: Always free the talloc_stackframe() on error pathAndrew Bartlett2012-11-051-0/+1
| | | | | | | Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Nov 5 03:33:32 CET 2012 on sn-devel-104
* s3-kerberos: add aes enctypes to generated krb5.conf.Günther Deschner2012-10-021-5/+24
| | | | Guenther
* s3-krb5: use and request AES keys in kerberos operations.Günther Deschner2012-10-021-0/+1
| | | | Guenther
* Correctly check for errors in strlower_m() returns.Jeremy Allison2012-08-091-1/+1
|
* Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2012-08-091-1/+3
|
* Make krb5 wrapper library common so they can be used all overSimo Sorce2012-04-231-1/+36
|
* clikrb5: Move pure krb wrapper functions from libads to clikrb5.Simo Sorce2012-04-121-140/+0
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* krb5: Require krb5_get_host_realm and krb5_free_host_realm be available to ↵Andrew Bartlett2012-01-101-4/+0
| | | | build with krb5
* s3-libads Factor out a new routine ↵Andrew Bartlett2012-01-051-7/+43
| | | | | | | | | | | | kerberos_get_principal_from_service_hostname() This is now used in the GSE GSSAPI client, so that when we connect to a target server at the CIFS level, we use the same name to connect at the DCE/RPC level. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Fix some False/NULL hickupsVolker Lendecke2011-12-201-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
* s3: Before adding KDC's to the krb5.conf, cldap ping themVolker Lendecke2011-10-171-47/+101
| | | | | | | | | | Some Kerberos libraries don't do proper failover. This fixes the situation where a KDC exists in DNS but is not reachable for some reason. Ported to master by Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
* s3: Slightly simplify print_kdc_line()Volker Lendecke2011-09-261-10/+8
| | | | | | | | No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Sep 26 18:24:25 CEST 2011 on sn-devel-104
* s3: Slightly simplify print_kdc_line()Volker Lendecke2011-09-261-20/+19
| | | | | No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete.
* s3: Slightly simplify print_kdc_line()Volker Lendecke2011-09-261-49/+52
| | | | | No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete.
* s3: Add some const to create_local_private_krb5_conf_for_domainVolker Lendecke2011-09-181-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Sep 18 23:31:28 CEST 2011 on sn-devel-104
* s3: Add some const to print_kdc_lineVolker Lendecke2011-09-181-1/+1
|
* s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett2011-06-091-1/+1
| | | | | | | | There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
* s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
* Remove another PATH_MAX.Jeremy Allison2011-06-021-12/+27
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jun 2 02:51:06 CEST 2011 on sn-devel-104
* More const fixes for compiler warnings from the waf build.Jeremy Allison2011-05-051-2/+2
|
* s3-includes: only include system/filesys.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: Fix some nonempty blank linesVolker Lendecke2011-02-271-10/+9
|
* s3-secrets: only include secrets.h when needed.Günther Deschner2010-08-051-0/+1
| | | | Guenther
* s3: avoid global include of ads.h.Günther Deschner2010-08-051-52/+1
| | | | Guenther
* s3-build: use ndr_misc.h where needed.Günther Deschner2010-05-281-0/+1
| | | | Guenther
* s3: Remove use of iconv_convenience.Jelmer Vernooij2010-05-181-3/+2
|
* s3-kerberos: temporary fix for ipv6 in print_kdc_line().Günther Deschner2010-05-171-5/+20
| | | | | | | | | | Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill in just the kdc_name if we have it and let the krb5 lib figure out the appropriate ipv6 address ipv6 gurus, please check. Guenther
* s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner2010-05-171-7/+12
| | | | Guenther
* Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison2010-01-301-0/+52
| | | | | | | | | | | Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
* s3-kerberos: only use krb5 headers where required.Günther Deschner2009-11-271-0/+1
| | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
* s3-kerberos: fix some build warnings when building against heimdal.Günther Deschner2009-11-061-2/+2
| | | | Guenther
* Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke2009-08-261-1/+6
| | | | | | | | | | | | | | This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
* Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() ifJelmer Vernooij2009-04-201-1/+1
| | | | the system one is broken.
* s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett2009-04-071-4/+4
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-krb5: Fix Coverity #762 (REVERSE_INULL).Günther Deschner2009-03-201-6/+6
| | | | Guenther
* s3: use pidl to pull a KRB5_EDATA_NTSTATUS.Günther Deschner2009-02-061-36/+6
| | | | Guenther
* s3:libads: use lock_path for creating paths to local krb5.conf filesMichael Adam2009-01-161-2/+3
| | | | | | | | instead of manually doing an asprintf with lp_lockdir() Michael squash
* s3:libads: give create_local_private_krb5_conf_for_domain() a common exit pointMichael Adam2009-01-161-30/+20
| | | | Michael
* s3: Change sockaddr util function names for consistencyTim Prouty2008-12-031-3/+3
| | | | Also eliminates name conflicts with OneFS system libraries
* Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij2008-10-231-4/+5
| | | | | otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
* kerberos: fix indent of enc type lines in generated krb5.conf files.Günther Deschner2008-09-041-3/+3
| | | | | Guenther (This used to be commit 18a26f08b6fab4119a1421a7ca59c32dde8bb8cb)
* libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.Günther Deschner2008-06-241-0/+6
| | | | | Guenther (This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
* Memory leak fixes from Chere Zhou <czhou@isilon.com>.Jeremy Allison2008-05-271-0/+4
| | | | | Jeremy. (This used to be commit 201bcc8ed291b51be6f4508c6aa1cb17ce6dcbe3)
* Fix some comments to match get_kdc_ip_string()'s behaviourroot2008-05-191-1/+7
| | | | (This used to be commit 30956c784f58870ad552a3869d80f99872c31375)
generated by cgit (git 2.34.1) at 2024-11-17 17:10:56 +0000