summaryrefslogtreecommitdiff
path: root/source3/libsmb/clikrb5.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCsAndrew Bartlett1-3/+1
The idea of this patch is: Don't support a mix of different kerberos features. Either we should prepare a GSSAPI (8003) checksum and mark the request as such, or we should use the old behaviour (a normal kerberos checksum of 0 data). Sending the GSSAPI checksum data, but without marking it as GSSAPI broke Samba4, and seems well outside the expected behaviour, even if Windows accepts it. Andrew Bartlett
2010-08-30s3-kerberos: try to fix the build w/o kerberos support.Günther Deschner1-1/+7
Guenther
2010-08-13s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett1-2/+0
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-06s3-krb5: include krb5pac.h where needed.Günther Deschner1-0/+1
Guenther
2010-07-23Fix bug 7583 - Smbclient fails to kerberos connect to a Alfresco JLAN CIFS ↵Jeremy Allison1-152/+151
Server Correctly calculate the gssapi channel binding checkum. Jeremy Signed off by: simo <idra@samba.org>
2010-07-20s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce1-10/+17
2010-07-20misc: cleanup get_krb5_smb_session_key()Simo Sorce1-8/+15
2010-07-20misc: cleanup cli_krb5_get_ticket()Simo Sorce1-21/+20
2010-06-05s3: fix build on Heimdal based systems like NetBSD5Björn Jacke1-3/+3
2010-06-03s3: remove authdata.hGünther Deschner1-1/+8
Guenther
2009-11-27s3-kerberos: add a missing reference to authdata headers.Günther Deschner1-0/+1
Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-3/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-27s3-kerberos: Fix Bug #6929: build with recent heimdal.Günther Deschner1-1/+1
Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier for activation) in new releases (like 1.3.1). Guenther
2009-11-12s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.Günther Deschner1-0/+4
Guenther
2009-11-12s3-kerberos: add smb_krb5_principal_get_realm().Günther Deschner1-0/+25
Guenther
2009-11-06Revert "s3-kerberos: add smb_krb5_parse_name_flags()."Günther Deschner1-18/+0
This reverts commit 17ef153b68795fec681f9ce17c198236aba2b1c2.
2009-11-06s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().Günther Deschner1-5/+20
Guenther
2009-11-06s3-kerberos: use smb_krb5_get_credentials in ads_krb5_mk_req.Günther Deschner1-4/+7
Guenther
2009-11-06s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner1-2/+4
Guenther
2009-11-06s3-kerberos: add smb_krb5_get_{creds,credentials} incl. support for S4U2SELF ↵Günther Deschner1-1/+270
impersonation. Guenther
2009-11-06s3-kerberos: add smb_krb5_parse_name_flags().Günther Deschner1-0/+18
Guenther
2009-10-16s3: fixed krb5 build problem on ubuntu karmicAndrew Tridgell1-0/+9
Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
2009-07-16More conversions of NULL -> talloc_autofree_context()Jeremy Allison1-2/+2
so we at least know when we're using a long-lived context. Jeremy.
2009-06-04clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij1-3/+8
Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype.
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett1-11/+12
Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-20s3-krb5: Fix Coverity #722 (RESOURCE_LEAK).Günther Deschner1-12/+18
Guenther
2009-02-17Don't miss an absolute pathname as a kerberos keytab path. From Glenn Machin ↵Jeremy Allison1-0/+5
<gmachin@sandia.gov>. Jeremy.
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher1-5/+5
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner1-26/+36
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner1-2/+2
Guenther
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-2/+2
2008-09-10Fix blocker bug 5745 kerberos authentication with (lib)smbclient is broken.Jeremy Allison1-2/+14
Jeremy. (This used to be commit a59bd0e4854117a8646f4d388a0f7285362d5ba2)
2008-08-31Remove a duplicate retval checkVolker Lendecke1-8/+2
Jeremy, please check! (This used to be commit 6579005e6490f1a99b3860627ba51decaeb864bd)
2008-08-29kerberos: use KRB5_KT_KEY macro where appropriate.Günther Deschner1-15/+5
Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
2008-08-29kerberos: move the KRB5_KEY* macros to header file.Günther Deschner1-12/+0
Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
2008-08-18Fix length error in wrapping spnego blobIgor Mammedov1-1/+1
(This used to be commit 16ee95494ba495c5f5ff8779206f380db1067b2d)
2008-08-11fix build warning.Günther Deschner1-1/+1
Guenther (This used to be commit 85021d6a459c957cc276a93c3515029244f52677)
2008-08-08One more build fix. Ensure we have KRB5_AUTH_CONTEXT_USE_SUBKEY defined ↵Jeremy Allison1-3/+3
before we compile the new code. Jeremy. (This used to be commit 7686752c5b015b15a6729631ba4aeedd25ebc659)
2008-08-08Try and fix the build for systems that don't have ↵Jeremy Allison1-3/+3
krb5_auth_con_set_req_cksumtype(). Jeremy. (This used to be commit 8598e7b06ec57ca6fcde863270e6bb0e2de9993e)
2008-08-08Add Derrick Schommer's <dschommer@F5.com> kerberos delegation patch. SomeJeremy Allison1-2/+184
work by me and advice by Love. Jeremy. (This used to be commit ecc3838e4cb5d0c0769ec6d9a34a877ca584ffcc)
2008-08-04clikrb5: don't use krb5_keyblock_init() when no salt is specifiedStefan Metzmacher1-35/+30
If the caller wants to create a key with no salt we should not use krb5_keyblock_init() (only used when using heimdal) because it does sanity checks on the key length. metze (This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1)
2008-06-26Fix return of uninitialized variable.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 384052f546af8c1c6848c03cad4f2ba618ba7209)
2008-06-24kerberos: add smb_krb5_keytab_name().Günther Deschner1-0/+22
Guenther (This used to be commit c273ce8798062d1b55100411f3e92a01bdbf611c)
2008-06-24kerberos: make smb_krb5_kt_add_entry public, allow to pass keys without ↵Günther Deschner1-18/+38
salting them. Guenther (This used to be commit 7c4da23be1105dc224033b21eb486e7fcdc7d9c5)
2008-06-17clikrb5: remove unrequired create_kerberos_key_from_string_direct() prototype.Günther Deschner1-10/+10
Guenther (This used to be commit ec86852fc6ce2d88ad5835c8fcb337c68fd6f6bc)
2008-05-20Cleanup size_t return values in callers of convert_string_allocateTim Prouty1-3/+6
This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
2008-02-17Use new IDL based PAC structures in clikrb5.cGünther Deschner1-7/+7
Guenther (This used to be commit 3b0135d57e1e70175a5eec49b603a2e5f700c770)
2007-12-12Make heimdal and MIT happy when iterating through auth data.Günther Deschner1-3/+3
Guenther (This used to be commit 507247dcbf0ef02825a6c5c5f313813714df2d99)
2007-12-12Vista SP1-rc1 appears to break against Samba-3.0.27aGuenther Deschner1-3/+3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jason, Jason Haar wrote: > Patched 3.0.28, compiled, installed and here's the log file. > > Hope it helps. BTW I don't think it matters, but this is on 32bit > CentOS4.5 systems. yes, it helps. Thanks for that. Very interesting, there are two auth data structures where the first one is a PAC and the second something unknown (yet). Can you please try the attached fix ? It should make it work again. Guenther - -- Günther Deschner GPG-ID: 8EE11688 Red Hat gdeschner@redhat.com Samba Team gd@samba.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd MPsZW4G31VOVu64SPjgnJiI= =Co+H -----END PGP SIGNATURE----- (This used to be commit c9adc07ca2a3bb1e0ea98e3b4f68e1a87e5c0196)
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison1-9/+8
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)