Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-03-16 | s3-build: only include asn1 headers where actually needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-12-23 | s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi ↵ | Stefan Metzmacher | 1 | -20/+10 | |
checksum (bug #7883) This fixes SMB session setups with kerberos against some closed source SMB servers. The new behavior matches heimdal and mit. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104 | |||||
2010-09-26 | s3: Remove two talloc_autofree_context() calls | Volker Lendecke | 1 | -2/+2 | |
Both allocated blobs are freed in their routines | |||||
2010-09-11 | s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs | Andrew Bartlett | 1 | -3/+1 | |
The idea of this patch is: Don't support a mix of different kerberos features. Either we should prepare a GSSAPI (8003) checksum and mark the request as such, or we should use the old behaviour (a normal kerberos checksum of 0 data). Sending the GSSAPI checksum data, but without marking it as GSSAPI broke Samba4, and seems well outside the expected behaviour, even if Windows accepts it. Andrew Bartlett | |||||
2010-08-30 | s3-kerberos: try to fix the build w/o kerberos support. | Günther Deschner | 1 | -1/+7 | |
Guenther | |||||
2010-08-13 | s3-krb5 Only build ADS support if arcfour-hmac-md5 is available | Andrew Bartlett | 1 | -2/+0 | |
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org> | |||||
2010-08-06 | s3-krb5: include krb5pac.h where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-07-23 | Fix bug 7583 - Smbclient fails to kerberos connect to a Alfresco JLAN CIFS ↵ | Jeremy Allison | 1 | -152/+151 | |
Server Correctly calculate the gssapi channel binding checkum. Jeremy Signed off by: simo <idra@samba.org> | |||||
2010-07-20 | s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys | Simo Sorce | 1 | -10/+17 | |
2010-07-20 | misc: cleanup get_krb5_smb_session_key() | Simo Sorce | 1 | -8/+15 | |
2010-07-20 | misc: cleanup cli_krb5_get_ticket() | Simo Sorce | 1 | -21/+20 | |
2010-06-05 | s3: fix build on Heimdal based systems like NetBSD5 | Björn Jacke | 1 | -3/+3 | |
2010-06-03 | s3: remove authdata.h | Günther Deschner | 1 | -1/+8 | |
Guenther | |||||
2009-11-27 | s3-kerberos: add a missing reference to authdata headers. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-11-27 | s3-kerberos: only use krb5 headers where required. | Günther Deschner | 1 | -3/+1 | |
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther | |||||
2009-11-27 | s3-kerberos: Fix Bug #6929: build with recent heimdal. | Günther Deschner | 1 | -1/+1 | |
Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier for activation) in new releases (like 1.3.1). Guenther | |||||
2009-11-12 | s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking. | Günther Deschner | 1 | -0/+4 | |
Guenther | |||||
2009-11-12 | s3-kerberos: add smb_krb5_principal_get_realm(). | Günther Deschner | 1 | -0/+25 | |
Guenther | |||||
2009-11-06 | Revert "s3-kerberos: add smb_krb5_parse_name_flags()." | Günther Deschner | 1 | -18/+0 | |
This reverts commit 17ef153b68795fec681f9ce17c198236aba2b1c2. | |||||
2009-11-06 | s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket(). | Günther Deschner | 1 | -5/+20 | |
Guenther | |||||
2009-11-06 | s3-kerberos: use smb_krb5_get_credentials in ads_krb5_mk_req. | Günther Deschner | 1 | -4/+7 | |
Guenther | |||||
2009-11-06 | s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg. | Günther Deschner | 1 | -2/+4 | |
Guenther | |||||
2009-11-06 | s3-kerberos: add smb_krb5_get_{creds,credentials} incl. support for S4U2SELF ↵ | Günther Deschner | 1 | -1/+270 | |
impersonation. Guenther | |||||
2009-11-06 | s3-kerberos: add smb_krb5_parse_name_flags(). | Günther Deschner | 1 | -0/+18 | |
Guenther | |||||
2009-10-16 | s3: fixed krb5 build problem on ubuntu karmic | Andrew Tridgell | 1 | -0/+9 | |
Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635 | |||||
2009-07-16 | More conversions of NULL -> talloc_autofree_context() | Jeremy Allison | 1 | -2/+2 | |
so we at least know when we're using a long-lived context. Jeremy. | |||||
2009-06-04 | clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry. | Jelmer Vernooij | 1 | -3/+8 | |
Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype. | |||||
2009-04-07 | s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context | Andrew Bartlett | 1 | -11/+12 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-03-20 | s3-krb5: Fix Coverity #722 (RESOURCE_LEAK). | Günther Deschner | 1 | -12/+18 | |
Guenther | |||||
2009-02-17 | Don't miss an absolute pathname as a kerberos keytab path. From Glenn Machin ↵ | Jeremy Allison | 1 | -0/+5 | |
<gmachin@sandia.gov>. Jeremy. | |||||
2009-01-21 | Memory leaks and other fixes found by Coverity | todd stecher | 1 | -5/+5 | |
2008-10-22 | s3-asn1: make all of s3 asn1 code do a proper asn1_init() first. | Günther Deschner | 1 | -26/+36 | |
Guenther | |||||
2008-10-22 | s3: use shared asn1 code. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2008-10-11 | Cope with changed signature of http_timestring(). | Jelmer Vernooij | 1 | -2/+2 | |
2008-09-10 | Fix blocker bug 5745 kerberos authentication with (lib)smbclient is broken. | Jeremy Allison | 1 | -2/+14 | |
Jeremy. (This used to be commit a59bd0e4854117a8646f4d388a0f7285362d5ba2) | |||||
2008-08-31 | Remove a duplicate retval check | Volker Lendecke | 1 | -8/+2 | |
Jeremy, please check! (This used to be commit 6579005e6490f1a99b3860627ba51decaeb864bd) | |||||
2008-08-29 | kerberos: use KRB5_KT_KEY macro where appropriate. | Günther Deschner | 1 | -15/+5 | |
Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22) | |||||
2008-08-29 | kerberos: move the KRB5_KEY* macros to header file. | Günther Deschner | 1 | -12/+0 | |
Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600) | |||||
2008-08-18 | Fix length error in wrapping spnego blob | Igor Mammedov | 1 | -1/+1 | |
(This used to be commit 16ee95494ba495c5f5ff8779206f380db1067b2d) | |||||
2008-08-11 | fix build warning. | Günther Deschner | 1 | -1/+1 | |
Guenther (This used to be commit 85021d6a459c957cc276a93c3515029244f52677) | |||||
2008-08-08 | One more build fix. Ensure we have KRB5_AUTH_CONTEXT_USE_SUBKEY defined ↵ | Jeremy Allison | 1 | -3/+3 | |
before we compile the new code. Jeremy. (This used to be commit 7686752c5b015b15a6729631ba4aeedd25ebc659) | |||||
2008-08-08 | Try and fix the build for systems that don't have ↵ | Jeremy Allison | 1 | -3/+3 | |
krb5_auth_con_set_req_cksumtype(). Jeremy. (This used to be commit 8598e7b06ec57ca6fcde863270e6bb0e2de9993e) | |||||
2008-08-08 | Add Derrick Schommer's <dschommer@F5.com> kerberos delegation patch. Some | Jeremy Allison | 1 | -2/+184 | |
work by me and advice by Love. Jeremy. (This used to be commit ecc3838e4cb5d0c0769ec6d9a34a877ca584ffcc) | |||||
2008-08-04 | clikrb5: don't use krb5_keyblock_init() when no salt is specified | Stefan Metzmacher | 1 | -35/+30 | |
If the caller wants to create a key with no salt we should not use krb5_keyblock_init() (only used when using heimdal) because it does sanity checks on the key length. metze (This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1) | |||||
2008-06-26 | Fix return of uninitialized variable. | Jeremy Allison | 1 | -1/+1 | |
Jeremy. (This used to be commit 384052f546af8c1c6848c03cad4f2ba618ba7209) | |||||
2008-06-24 | kerberos: add smb_krb5_keytab_name(). | Günther Deschner | 1 | -0/+22 | |
Guenther (This used to be commit c273ce8798062d1b55100411f3e92a01bdbf611c) | |||||
2008-06-24 | kerberos: make smb_krb5_kt_add_entry public, allow to pass keys without ↵ | Günther Deschner | 1 | -18/+38 | |
salting them. Guenther (This used to be commit 7c4da23be1105dc224033b21eb486e7fcdc7d9c5) | |||||
2008-06-17 | clikrb5: remove unrequired create_kerberos_key_from_string_direct() prototype. | Günther Deschner | 1 | -10/+10 | |
Guenther (This used to be commit ec86852fc6ce2d88ad5835c8fcb337c68fd6f6bc) | |||||
2008-05-20 | Cleanup size_t return values in callers of convert_string_allocate | Tim Prouty | 1 | -3/+6 | |
This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d) | |||||
2008-02-17 | Use new IDL based PAC structures in clikrb5.c | Günther Deschner | 1 | -7/+7 | |
Guenther (This used to be commit 3b0135d57e1e70175a5eec49b603a2e5f700c770) |