summaryrefslogtreecommitdiff
path: root/source3/libads/kerberos.c
AgeCommit message (Collapse)AuthorFilesLines
2012-08-09Correctly check for errors in strlower_m() returns.Jeremy Allison1-1/+1
2012-08-09Check error returns from strupper_m() (in all reasonable places).Jeremy Allison1-1/+3
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce1-1/+36
2012-04-12clikrb5: Move pure krb wrapper functions from libads to clikrb5.Simo Sorce1-140/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-10krb5: Require krb5_get_host_realm and krb5_free_host_realm be available to ↵Andrew Bartlett1-4/+0
build with krb5
2012-01-05s3-libads Factor out a new routine ↵Andrew Bartlett1-7/+43
kerberos_get_principal_from_service_hostname() This is now used in the GSE GSSAPI client, so that when we connect to a target server at the CIFS level, we use the same name to connect at the DCE/RPC level. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-20s3: Fix some False/NULL hickupsVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
2011-10-17s3: Before adding KDC's to the krb5.conf, cldap ping themVolker Lendecke1-47/+101
Some Kerberos libraries don't do proper failover. This fixes the situation where a KDC exists in DNS but is not reachable for some reason. Ported to master by Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
2011-09-26s3: Slightly simplify print_kdc_line()Volker Lendecke1-10/+8
No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Sep 26 18:24:25 CEST 2011 on sn-devel-104
2011-09-26s3: Slightly simplify print_kdc_line()Volker Lendecke1-20/+19
No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete.
2011-09-26s3: Slightly simplify print_kdc_line()Volker Lendecke1-49/+52
No code change except for an early "return talloc_asprintf(..)" making an else branch obsolete.
2011-09-18s3: Add some const to create_local_private_krb5_conf_for_domainVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Sep 18 23:31:28 CEST 2011 on sn-devel-104
2011-09-18s3: Add some const to print_kdc_lineVolker Lendecke1-1/+1
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-1/+1
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-06-02Remove another PATH_MAX.Jeremy Allison1-12/+27
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jun 2 02:51:06 CEST 2011 on sn-devel-104
2011-05-05More const fixes for compiler warnings from the waf build.Jeremy Allison1-2/+2
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2011-02-27s3: Fix some nonempty blank linesVolker Lendecke1-10/+9
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-52/+1
Guenther
2010-05-28s3-build: use ndr_misc.h where needed.Günther Deschner1-0/+1
Guenther
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-3/+2
2010-05-17s3-kerberos: temporary fix for ipv6 in print_kdc_line().Günther Deschner1-5/+20
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill in just the kdc_name if we have it and let the krb5 lib figure out the appropriate ipv6 address ipv6 gurus, please check. Guenther
2010-05-17s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner1-7/+12
Guenther
2010-01-30Fix bug #7079 - cliconnect gets realm wrong with trusted domains.Jeremy Allison1-0/+52
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy.
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-06s3-kerberos: fix some build warnings when building against heimdal.Günther Deschner1-2/+2
Guenther
2009-08-26Add a parameter to disable the automatic creation of krb5.conf filesVolker Lendecke1-1/+6
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-)
2009-04-20Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() ifJelmer Vernooij1-1/+1
the system one is broken.
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett1-4/+4
Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-20s3-krb5: Fix Coverity #762 (REVERSE_INULL).Günther Deschner1-6/+6
Guenther
2009-02-06s3: use pidl to pull a KRB5_EDATA_NTSTATUS.Günther Deschner1-36/+6
Guenther
2009-01-16s3:libads: use lock_path for creating paths to local krb5.conf filesMichael Adam1-2/+3
instead of manually doing an asprintf with lp_lockdir() Michael squash
2009-01-16s3:libads: give create_local_private_krb5_conf_for_domain() a common exit pointMichael Adam1-30/+20
Michael
2008-12-03s3: Change sockaddr util function names for consistencyTim Prouty1-3/+3
Also eliminates name conflicts with OneFS system libraries
2008-10-23Use sockaddr_storage only where we rely on the size, use sockaddrJelmer Vernooij1-4/+5
otherwise (to clarify we can also pass in structs smaller than sockaddr_storage, such as sockaddr_in).
2008-09-04kerberos: fix indent of enc type lines in generated krb5.conf files.Günther Deschner1-3/+3
Guenther (This used to be commit 18a26f08b6fab4119a1421a7ca59c32dde8bb8cb)
2008-06-24libads: add ADS_AUTH_USER_CREDS to avoid magic overwriting of usernames.Günther Deschner1-0/+6
Guenther (This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
2008-05-27Memory leak fixes from Chere Zhou <czhou@isilon.com>.Jeremy Allison1-0/+4
Jeremy. (This used to be commit 201bcc8ed291b51be6f4508c6aa1cb17ce6dcbe3)
2008-05-19Fix some comments to match get_kdc_ip_string()'s behaviourroot1-1/+7
(This used to be commit 30956c784f58870ad552a3869d80f99872c31375)
2008-03-17Coverity fixesMarc VanHeyningen1-2/+4
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
2008-03-08Fix Coverity ID 551Volker Lendecke1-0/+2
Correctly return if we can't create the temporary krb5.conf Jeremy, please check! (This used to be commit c2401811aa3d02a9e27969687b9ea035407000c3)
2008-02-25Fix some warningsVolker Lendecke1-7/+15
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result (This used to be commit ad37b7b0aee265a3e4d8b7552610f4b9a105434d)
2008-01-28Restrict the enctypes in the generated krb5.conf files to Win2003 types.Gerald W. Carter1-4/+8
This fixes the failure observed on FC8 when joining a Windows 2008 RC1 domain. We currently do not handle user session keys correctly when the KDC uses AES in the ticket replies. (This used to be commit 8039a2518caae54bc876368c73ec493f3cd4eb73)
2008-01-16Tidy up code and debug for non-default krb5 IPv6 port.Jeremy Allison1-9/+15
Jeremy. (This used to be commit 79b7972de4c2a8c71e37642ddf7e5bbed53dd58a)
2008-01-16Fix IPv6 bug #5204, which caused krb5 DNS lookupsJeremy Allison1-13/+56
for a name '[<ipv6 addr>'. Jeremy. (This used to be commit f2aa921505e49f894bfed4e5e2f9fc01918b1bb0)
2008-01-14Print principal in debug statement in kerberos_kinit_password() as well.Günther Deschner1-1/+2
Guenther (This used to be commit 44d67e84625a2a1a93baecef0e418b48e982443b)
2007-12-17While 'data' is usually 0 terminated, nothing in the spec requires that. The ↵Simo Sorce1-1/+4
correct way is to copy only 'length' bytes. Simo. (This used to be commit 814c1b0e0034fb67c7718760dfcf913904f3e7fa)
2007-12-15Doh, fix typo in error exit.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 44918f39c0598eec681eb9e5c65452f04809c375)