summaryrefslogtreecommitdiff
path: root/source3/libads/kerberos_keytab.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22479: Add "net ads keytab list".Günther Deschner1-0/+112
Guenther (This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
2007-10-10r21863: Fix debug messages with incorrect function name.Jeremy Allison1-15/+15
Jeremy. (This used to be commit d432d81c8321a4444b970169a5c7c3c5709de8e5)
2007-10-10r21561: It makes absolutely no sense to call krb5_kt_resolve() two timesGünther Deschner1-6/+1
directly after another. Guenther (This used to be commit 76ba11d7770bac7c6db2eb1640139bbe270d82c3)
2007-10-10r20486: Always upper case the "host/<sAMAccoutnName>" entry in the keytab fileGerald Carter1-1/+6
so apps will know which one to look for, (This used to be commit d4a5dc3ad5f56a5f741424ecc4fffa0ef39bdc67)
2007-10-10r16952: New derive DES salt code and Krb5 keytab generationGerald Carter1-176/+215
Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
2007-10-10r15210: Add wrapper functions smb_krb5_parse_name, smb_krb5_unparse_name,Jeremy Allison1-11/+11
smb_krb5_parse_name_norealm_conv that pull/push from unix charset to utf8 (which krb5 uses on the wire). This should fix issues when the unix charset is not compatible with or set to utf8. Jeremy. (This used to be commit 37ab42afbc9a79cf5b04ce6a1bf4060e9c961199)
2007-10-10r5759: Patch from Doug VanLeuven <roamdad@sonic.net> to add more case/realm/nameJeremy Allison1-2/+21
permutations to the kerberos keytab. Jeremy. (This used to be commit c687e73f242967cd3a78db66c1dd23349766ebb8)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r3502: Tidy up debugging in kerberos_keytab code.Jeremy Allison1-32/+48
Jeremy. (This used to be commit 82651c1b1704d90ca52be1463ee871801c607d3b)
2007-10-10r3492: Fixes from testing kerberos salted principal fix.Jeremy Allison1-1/+1
Jeremy. (This used to be commit b356a8fdc5a1ac45f2f7f56a0836e794bdecddc6)
2007-10-10r3381: More merging of the #1717 patch. Fixup some erroneous assumptions aboutJeremy Allison1-3/+10
memcpy's into fqdn names. I think the original intent was to create MYNAME.fqdn.tail.part. Will need testing to see I haven't broken keytab support. Jeremy. (This used to be commit 82acf83040654eb8b7e261518a3e5eb9caea7750)
2007-10-10r3379: More merging of kerberos keytab and salting fixes from Nalin ↵Jeremy Allison1-15/+74
Dahyabhai <nalin@redhat.com> (bugid #1717). Jeremy. (This used to be commit 30b8807cf6d5c3c5b9947a7e841d69f0b22eb019)
2007-10-10r1373: Fix from Guenther Deschner <gd@sernet.de> to ensure last error return ↵Jeremy Allison1-1/+2
is not invalid. Jeremy. (This used to be commit 4bdf914cba2a63d186138d1341a7260ad79da1f5)
2007-10-10r1243: Fix so this compiles with Heimdal (in Heimdal krb5_kt_cursor is a ↵Jeremy Allison1-16/+34
struct not a pointer). Jeremy. (This used to be commit 940f893d485a01e73afe714a70d724c2d41c7ad4)
2007-10-10r1236: Heimdal fixes from Guenther Deschner <gd@sernet.de>, more to come beforeJeremy Allison1-9/+12
it compiles with Heimdal. Jeremy. (This used to be commit dd07278b892770ac51750b87a4ab902d4de3a960)
2007-10-10r1222: Valgrind memory leak fixes. Still tracking down a strange one...Jeremy Allison1-0/+4
Can't fix the krb5 memory leaks inside that library :-(. Jeremy. (This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
2007-10-10r1221: Added the last of the system keytab patch from "Dan Perry" ↵Jeremy Allison1-1/+1
<dperry@pppl.gov>, fixed valgrind detected mem corruption in libads/kerberos_keytab.c. Jeremy. (This used to be commit 286f4c809cb1532b3f8ae7ddf92349c68cc8ce31)
2007-10-10r1215: Intermediate checkin of the new keytab code. I need to make sure IJeremy Allison1-23/+7
haven't broken krb5 ticket verification in the mainline code path, also need to check with valgrind. Everything now compiles (MIT, need to also check Heimdal) and the "net keytab" utility code will follow. Jeremy. (This used to be commit f0f2e28958cb9abfed216c71f291f19ea346d630)
2007-10-10r1214: Now compiles. Changed krb5_kt_free_entry to ↵Jeremy Allison1-12/+12
krb5_free_keytab_entry_contents Jeremy. (This used to be commit be8a2dc00dd876c4b596600ae72d4ac05f9ebe64)
2007-10-10r1193: Ensure we check for and use krb5_free_unparsed_name().Jeremy Allison1-3/+4
Jeremy. (This used to be commit af5a08f5ad895cb33c9134771da19ba5e709e742)
2007-10-10r1192: Fixed all memleaks/error code return path leaks I can find. Not sure ↵Jeremy Allison1-42/+94
if compiles yet, but will soon :-). Jeremy. (This used to be commit 0d982956f6ba2f284ffa4313a9e7581a79dbf397)
2007-10-10r1184: Keep latest changes... not compilable yet.Jeremy Allison1-13/+30
Jeremy. (This used to be commit 57c037c6c92d28b70e36859a639c53979126ff01)
2007-10-10r1183: Updates to the code cleanup so I don't lose my changes...Jeremy Allison1-52/+62
Jeremy. (This used to be commit 786a440c189556d5c122b2c9ddca9fdf6bd65d1d)
2007-10-10r1182: Partial re-write of keytab code to clean up, remove memory leaks etc. ↵Jeremy Allison1-47/+77
Work in progress ! It seems the krb5 interfaces are so horrible it's impossible to write good error checking code :-(. Jeremy. (This used to be commit 03f8c8bc07c9d8a378a34c271dcc088d17adb342)
2007-10-10r1180: New file - basis of new system keytab code.Jeremy Allison1-0/+434
Jeremy. (This used to be commit 858e849af697bba67ebaa970257d93b6cff7d9e0)