summaryrefslogtreecommitdiff
path: root/source3/libsmb/clikrb5.c
AgeCommit message (Collapse)AuthorFilesLines
2009-06-04clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij1-3/+8
Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype.
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett1-11/+12
Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-20s3-krb5: Fix Coverity #722 (RESOURCE_LEAK).Günther Deschner1-12/+18
Guenther
2009-02-17Don't miss an absolute pathname as a kerberos keytab path. From Glenn Machin ↵Jeremy Allison1-0/+5
<gmachin@sandia.gov>. Jeremy.
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher1-5/+5
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner1-26/+36
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner1-2/+2
Guenther
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-2/+2
2008-09-10Fix blocker bug 5745 kerberos authentication with (lib)smbclient is broken.Jeremy Allison1-2/+14
Jeremy. (This used to be commit a59bd0e4854117a8646f4d388a0f7285362d5ba2)
2008-08-31Remove a duplicate retval checkVolker Lendecke1-8/+2
Jeremy, please check! (This used to be commit 6579005e6490f1a99b3860627ba51decaeb864bd)
2008-08-29kerberos: use KRB5_KT_KEY macro where appropriate.Günther Deschner1-15/+5
Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
2008-08-29kerberos: move the KRB5_KEY* macros to header file.Günther Deschner1-12/+0
Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
2008-08-18Fix length error in wrapping spnego blobIgor Mammedov1-1/+1
(This used to be commit 16ee95494ba495c5f5ff8779206f380db1067b2d)
2008-08-11fix build warning.Günther Deschner1-1/+1
Guenther (This used to be commit 85021d6a459c957cc276a93c3515029244f52677)
2008-08-08One more build fix. Ensure we have KRB5_AUTH_CONTEXT_USE_SUBKEY defined ↵Jeremy Allison1-3/+3
before we compile the new code. Jeremy. (This used to be commit 7686752c5b015b15a6729631ba4aeedd25ebc659)
2008-08-08Try and fix the build for systems that don't have ↵Jeremy Allison1-3/+3
krb5_auth_con_set_req_cksumtype(). Jeremy. (This used to be commit 8598e7b06ec57ca6fcde863270e6bb0e2de9993e)
2008-08-08Add Derrick Schommer's <dschommer@F5.com> kerberos delegation patch. SomeJeremy Allison1-2/+184
work by me and advice by Love. Jeremy. (This used to be commit ecc3838e4cb5d0c0769ec6d9a34a877ca584ffcc)
2008-08-04clikrb5: don't use krb5_keyblock_init() when no salt is specifiedStefan Metzmacher1-35/+30
If the caller wants to create a key with no salt we should not use krb5_keyblock_init() (only used when using heimdal) because it does sanity checks on the key length. metze (This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1)
2008-06-26Fix return of uninitialized variable.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 384052f546af8c1c6848c03cad4f2ba618ba7209)
2008-06-24kerberos: add smb_krb5_keytab_name().Günther Deschner1-0/+22
Guenther (This used to be commit c273ce8798062d1b55100411f3e92a01bdbf611c)
2008-06-24kerberos: make smb_krb5_kt_add_entry public, allow to pass keys without ↵Günther Deschner1-18/+38
salting them. Guenther (This used to be commit 7c4da23be1105dc224033b21eb486e7fcdc7d9c5)
2008-06-17clikrb5: remove unrequired create_kerberos_key_from_string_direct() prototype.Günther Deschner1-10/+10
Guenther (This used to be commit ec86852fc6ce2d88ad5835c8fcb337c68fd6f6bc)
2008-05-20Cleanup size_t return values in callers of convert_string_allocateTim Prouty1-3/+6
This patch is the second iteration of an inside-out conversion to cleanup functions in charcnv.c returning size_t == -1 to indicate failure. (This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
2008-02-17Use new IDL based PAC structures in clikrb5.cGünther Deschner1-7/+7
Guenther (This used to be commit 3b0135d57e1e70175a5eec49b603a2e5f700c770)
2007-12-12Make heimdal and MIT happy when iterating through auth data.Günther Deschner1-3/+3
Guenther (This used to be commit 507247dcbf0ef02825a6c5c5f313813714df2d99)
2007-12-12Vista SP1-rc1 appears to break against Samba-3.0.27aGuenther Deschner1-3/+3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jason, Jason Haar wrote: > Patched 3.0.28, compiled, installed and here's the log file. > > Hope it helps. BTW I don't think it matters, but this is on 32bit > CentOS4.5 systems. yes, it helps. Thanks for that. Very interesting, there are two auth data structures where the first one is a PAC and the second something unknown (yet). Can you please try the attached fix ? It should make it work again. Guenther - -- Günther Deschner GPG-ID: 8EE11688 Red Hat gdeschner@redhat.com Samba Team gd@samba.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd MPsZW4G31VOVu64SPjgnJiI= =Co+H -----END PGP SIGNATURE----- (This used to be commit c9adc07ca2a3bb1e0ea98e3b4f68e1a87e5c0196)
2007-12-07Remove next_token - all uses must now be next_token_talloc.Jeremy Allison1-9/+8
No more temptations to use static length strings. Jeremy. (This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
2007-10-29Fix the setup_kaddr() call to cope with IPv6.Jeremy Allison1-8/+34
This is the last obvious change I can see. At this point we can start claiming IPv6 support (Hurrah !:-). Jeremy. (This used to be commit bda8c0bf571c994b524a9d67eebc422033d17094)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-2/+2
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-14/+14
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23651: Always, always, always compile before commit...Günther Deschner1-1/+1
Guenther (This used to be commit accb40446ad3f872c5167fc2306d892553293b7b)
2007-10-10r23650: Fix remaining callers of krb5_kt_default().Günther Deschner1-3/+3
Guenther (This used to be commit b9d7a2962a472afb0c6b8e3ac5c2c819d4af2b39)
2007-10-10r23649: Fix the build (by moving smb_krb5_open_keytab() to clikrb5.c).Günther Deschner1-1/+137
Guenther (This used to be commit 19020d19dca7f34be92c8c2ec49ae7dbde60f8c1)
2007-10-10r23609: Removing more redundant codepaths out of smb_krb5_renew_ticket().Günther Deschner1-38/+26
Thanks Volker for the pointer hint :) Guenther (This used to be commit eb1ec508ace3a5eeb53cf47be44047bd9228cd19)
2007-10-10r23588: Some more cleanups and error checks in the krb5 renew function.Günther Deschner1-6/+12
Guenther (This used to be commit 277e07c8553e2ed20bc95493cdc996be43feb6bd)
2007-10-10r23587: Cleanup redundant code in the krb5 renew function.Günther Deschner1-23/+16
Guenther (This used to be commit 0b9acc8610ae2ba9c42168e9ceb2e9ea8bc2f5bd)
2007-10-10r23586: Fix heimdal path in the krb5 renew routine when we need to compose ↵Günther Deschner1-1/+5
the tgt string ourselves. Guenther (This used to be commit 1e4a7af99303fb17ebca499ff7e0a017a2017754)
2007-10-10r23582: Fix event based krb5 ticket refreshing in winbindd.Günther Deschner1-5/+5
We were incorrectly using the renew_till timestamp instead of the renewed ticket's endtime to calculate the next refreshing date. Guenther (This used to be commit aa3511a5b5e6a96a02110a7ad0ab1d43e6d25766)
2007-10-10r22747: Fix some C++ warningsVolker Lendecke1-1/+1
(This used to be commit a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
2007-10-10r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the ↵Günther Deschner1-0/+39
NTSTATUS codes directly out of the krb5_error edata. Guenther (This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
2007-10-10r22479: Add "net ads keytab list".Günther Deschner1-6/+41
Guenther (This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
2007-10-10r22003: Fix from Jiri.Sasek@Sun.COM to wrap our krb5_locate_kdcJeremy Allison1-5/+13
call as smb_krb5_locate_kdc to prevent incorrect linking and crashes on Solaris. Jeremy. (This used to be commit 7d30737c8d851505e81a60443baf9a8c7e523472)
2007-10-10r21846: Try and fix the Darwin build which seems to have a strange krb5.Jeremy Allison1-0/+6
Jeremy. (This used to be commit 1e32b44bfcf7676b3a9f208054fa853e7066eafc)
2007-10-10r21845: Refactor the sessionsetupX code a little to allow usJeremy Allison1-0/+33
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to a client when there's clock skew. Will help people debug this. Prepare us for being able to return the correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED" error with associated krb5 clock skew error to allow clients to re-sync time with us when we're eventually able to be a KDC. Jeremy. (This used to be commit c426340fc79a6b446033433b8de599130adffe28)
2007-10-10r21778: Wrap calls to krb5_get_init_creds_opt_free to handle the differentJames Peach1-6/+23
calling convention in the latest MIT changes. Apparantly Heimdal is also changing to this calling convention. (This used to be commit c29c69d2df377fabb88a78e6f5237de106d5c2c5)
2007-10-10r21240: Fix longstanding Bug #4009.Günther Deschner1-5/+15
For the winbind cached ADS LDAP connection handling (ads_cached_connection()) we were (incorrectly) assuming that the service ticket lifetime equaled the tgt lifetime. For setups where the service ticket just lives 10 minutes, we were leaving hundreds of LDAP connections in CLOSE_WAIT state, until we fail to service entirely with "Too many open files". Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP connection after the ads_do_search_retry() has failed to submit the search request (although the bind succeeded (returning an expired service ticket that we cannot delete from the memory cred cache - this will get fixed later)). Guenther (This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
2007-10-10r21110: Fix kinit with Heimdal (Bug #4226).Günther Deschner1-0/+26
Guenther (This used to be commit ea38e1f8362d75e7ac058a7c4aa06f1ca92ec108)
2007-10-10r21046: Backing out svn r20403 (Andrew's krb5 ticket cleanupGerald Carter1-0/+42
as this is causing the WRONG_PASSWORD error in the SetUserInfo() call during net ads join). We are now back to always list RC4-HMAC first if supported by the krb5 libraries. (This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)