summaryrefslogtreecommitdiff
path: root/lib/krb5_wrap
AgeCommit message (Collapse)AuthorFilesLines
2013-03-06Make sure to set umask() before calling mkstemp().Andreas Schneider1-0/+4
Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
2013-03-05krb5_wrap: Make sure we don't dereference a NULL pointer.Andreas Schneider1-1/+3
Reviewed-by: David Disseldorp <ddiss@samba.org>
2012-12-21krb5_wrap: Remove dead code in smb_krb5_renew_ticket().Andreas Schneider1-7/+2
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-11-01lib/krb5_wrap: request enc_types in the correct order (bug #9272)Stefan Metzmacher1-6/+6
aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 should have a higher priority than arcfour-hmac-md5, otherwise the KDC still gives us arcfour-hmac-md5 session keys. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-10-02s3-krb5: use and request AES keys in kerberos operations.Günther Deschner1-0/+6
Guenther
2012-09-12lib/krb5_wrap: when deleting default realm, pass char*, not char**Alexander Bokovoy1-1/+1
Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 10:33:37 CEST 2012 on sn-devel-104
2012-08-29lib/krb4_wrap: Add const to kt_copy_one_principalAndrew Bartlett2-2/+2
2012-08-29libkrb5: Fix build with MIT Kerberos.Andreas Schneider1-6/+6
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
2012-08-28lib/krb5_wrap: Move enctype conversion functions into a simple helper fileAndrew Bartlett4-36/+109
2012-08-28lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrapAndrew Bartlett2-0/+23
2012-08-28lib/krb5_wrap: Bring list of all enc types into krb5_wrapAndrew Bartlett2-0/+16
2012-06-03lib/krb5_wrap: Remove unused smb_krb5_get_credsAndrew Bartlett2-125/+0
Found by callcatcher This has been unsused since commit 61f0b247633501d6bf4103ca8345048e537c043d Author: Günther Deschner <gd@samba.org> Date: Thu Nov 12 15:42:03 2009 +0100 s3-kerberos: remove smb_krb5_get_tkt_from_creds(). Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Jun 3 13:04:06 CEST 2012 on sn-devel-104
2012-06-01waf: check for krb5_create_checksum and krb5_creds.flags for some Heimdal ↵Alexander Bokovoy1-0/+4
versions Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Jun 1 11:23:21 CEST 2012 on sn-devel-104
2012-05-30lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used thereAndrew Bartlett1-8/+0
This is also where the related krb5_princ_component is declared. Also fix the configure check to use the correct name This helps the autoconf build on Heimdal. Andrew Bartlett
2012-05-23krb5samba: Add smb_gss_oid_equal wrapper.Andreas Schneider3-2/+89
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy1-3/+7
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-23lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT KerberosAlexander Bokovoy1-19/+22
In case krb5_cc_get_lifetime is not available, iterate over existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL, and use its lifetime. This is how it is implemented in Heimdal and how it was suggested to be done by MIT Kerberos developers.
2012-05-23gensec_gssapi: Make it possible to build with MIT krb5Simo Sorce1-0/+3
We need to ifdef out some minor things here because there is no available API to set these options in MIT. The realm and canonicalize options should be not interesting in the client case. Same for the send_to_kdc hacks. Also the OLD DES3 enctype is not at all interesting. I am not aware that Windows will ever use DES3 and no modern implementation relies on that enctype anymore as it has been fully deprecated long ago, so we can simply ignore it.
2012-05-08krb5samba: Add smb_krb5_make_pac_checksum.Andreas Schneider2-0/+83
Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
2012-05-08krb5samba: Add krb5_free_checksum_contents wrapperSimo Sorce2-0/+14
2012-05-04krb5samba: Add a smb_krb5_cc_get_lifetime() function.Andreas Schneider2-0/+59
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04krb5samba: Add compat function for krb5_kt_compareSimo Sorce2-0/+39
2012-05-04krb5samba: Add compat krb5_make_principal for MIT buildSimo Sorce2-0/+45
2012-05-04krb5samba: Add compat code to initialize keyblock contentsSimo Sorce2-0/+27
2012-05-04Move keytab_copy to krb5samba libSimo Sorce3-1/+241
This is a helper fucntion that uses purely krb5 code, so it belongs to krb5samba which is the krb5 wrapper for samba.
2012-05-04Split normal kinit from s4u2 flavored kinitSimo Sorce2-31/+71
This makes it simpler to slowly integrate MIT support and also amkes it somewhat clearer what operation is really requested. The 24u2 part is really only used by the cifs proxy code so we can temporarily disable it in the MIT build w/o major consequences.
2012-05-04Move kerberos_kinit_password_cc to krb5samba libSimo Sorce2-0/+405
2012-05-04Move kerberos_kinit_keyblock_cc to krb5samba libSimo Sorce2-0/+98
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not available.
2012-05-04krb5samba: Remove unnecessary include fileSimo Sorce1-1/+0
2012-05-04Fix krb5_samba.c buildSimo Sorce1-0/+4
2012-04-25lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into ↵Alexander Bokovoy1-0/+1
lib/replace/system/gssapi.h With waf build include directories are defined by dependencies specified to subsystems. Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds when there are no system-wide gssapi/gssapi.h available. Split out GSSAPI header includes in a separate replacement header and use that explicitly where needed. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
2012-04-24s3: Attempt to fix the build without kerberosVolker Lendecke1-7/+6
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
2012-04-23Avoid warning about KRB5_DEPRECATE with MIT libsSimo Sorce1-0/+4
2012-04-23krb5_samba: Add support for krb5_princ_size when using HeimdalSimo Sorce1-0/+8
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce3-0/+1976