summaryrefslogtreecommitdiff
path: root/source3/libsmb/clikrb5.c
AgeCommit message (Collapse)AuthorFilesLines
2012-02-10s3-libsmb: Remove unused kerberos_set_creds_enctype()Andrew Bartlett1-11/+0
Also remove the unused configure tests for krb5_c_enctype_compare. Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html Andrew Bartlett
2012-02-10s3-libsmb: Remove unused kerberos_compatible_enctypesAndrew Bartlett1-10/+0
Also remove the unused configure tests for krb5_c_enctype_compare. Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html Andrew Bartlett
2012-02-10s3-libsmb: Remove unused smb_krb5_mk_error()Andrew Bartlett1-37/+0
Also remove now-unused configure checks for krb5_mk_error(). Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html Andrew Bartlett
2012-02-09s3-libsmb: Remove obsolete smb_krb5_locate_kdc.Andreas Schneider1-89/+0
Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Feb 9 14:58:57 CET 2012 on sn-devel-104
2012-01-10krb5: Require krb5_set_real_time is available to build with krb5Andrew Bartlett1-20/+0
2012-01-10krb5: Require krb5_get_renewed_creds be available to build with krb5Andrew Bartlett1-49/+4
2012-01-10krb5: Require krb5_get_init_creds_opt_alloc/free for build with krb5Andrew Bartlett1-29/+0
This also assumes the modern API with a krb5_context argument. Andrew Bartlett
2012-01-10krb5: Require krb5_fwd_tgt_creds to be available to build with krb5Andrew Bartlett1-3/+3
2012-01-10krb5: Require krb5_c_enctype_compare is available to build with krb5Andrew Bartlett1-4/+0
2011-12-15s3-libsmb: Don't duplicate kerberos service tickets.Andreas Schneider1-5/+0
This fixes bug #8628. Each time we do a client connection. Each time we call to function to get the service ticket from the cache we duplicate it. So with each connection we end up with one or three duplicated tickets. Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104
2011-07-14s3:clikrb5: fix the build with newer heimdal versionsStefan Metzmacher1-0/+4
krb5_get_default_in_tkt_etypes() requires a 3rd argument if KRB5_PDU_NONE is available. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jul 14 21:21:13 CEST 2011 on sn-devel-104
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-1/+1
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-05-06More const fixes. Remove CONST_DISCARD.Jeremy Allison1-1/+1
2011-05-05More const fixes for compiler warnings from the waf build.Jeremy Allison1-59/+67
2011-04-20libcli/auth: Move more kerberos wrapping in commonAndrew Bartlett1-228/+0
These functions are required to get the krb5 PAC parsing and verfication in common. Andrew Bartlett
2011-04-14libcli/auth Move krb5 wrapper functions from s3 into commonAndrew Bartlett1-74/+0
This requires a small rework of the build system to ensure that the correct #define statements are made in both the s3 and top level builds. We now define the various HAVE_ macros in config.h at all times, using heimdal_build/wscript_configure when that is in use. Andrew Bartlett
2011-03-30s3-libsmb: put namequery headers to nmblib.hGünther Deschner1-0/+1
We might find a better name for it and merge other namequery related things as well here... Guenther
2011-03-16s3-build: only include asn1 headers where actually needed.Günther Deschner1-0/+1
Guenther
2010-12-23s3:libsmb: use 16 zero bytes as channel binding checksum in the gssapi ↵Stefan Metzmacher1-20/+10
checksum (bug #7883) This fixes SMB session setups with kerberos against some closed source SMB servers. The new behavior matches heimdal and mit. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104
2010-09-26s3: Remove two talloc_autofree_context() callsVolker Lendecke1-2/+2
Both allocated blobs are freed in their routines
2010-09-11s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCsAndrew Bartlett1-3/+1
The idea of this patch is: Don't support a mix of different kerberos features. Either we should prepare a GSSAPI (8003) checksum and mark the request as such, or we should use the old behaviour (a normal kerberos checksum of 0 data). Sending the GSSAPI checksum data, but without marking it as GSSAPI broke Samba4, and seems well outside the expected behaviour, even if Windows accepts it. Andrew Bartlett
2010-08-30s3-kerberos: try to fix the build w/o kerberos support.Günther Deschner1-1/+7
Guenther
2010-08-13s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett1-2/+0
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-06s3-krb5: include krb5pac.h where needed.Günther Deschner1-0/+1
Guenther
2010-07-23Fix bug 7583 - Smbclient fails to kerberos connect to a Alfresco JLAN CIFS ↵Jeremy Allison1-152/+151
Server Correctly calculate the gssapi channel binding checkum. Jeremy Signed off by: simo <idra@samba.org>
2010-07-20s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce1-10/+17
2010-07-20misc: cleanup get_krb5_smb_session_key()Simo Sorce1-8/+15
2010-07-20misc: cleanup cli_krb5_get_ticket()Simo Sorce1-21/+20
2010-06-05s3: fix build on Heimdal based systems like NetBSD5Björn Jacke1-3/+3
2010-06-03s3: remove authdata.hGünther Deschner1-1/+8
Guenther
2009-11-27s3-kerberos: add a missing reference to authdata headers.Günther Deschner1-0/+1
Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-3/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-27s3-kerberos: Fix Bug #6929: build with recent heimdal.Günther Deschner1-1/+1
Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier for activation) in new releases (like 1.3.1). Guenther
2009-11-12s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.Günther Deschner1-0/+4
Guenther
2009-11-12s3-kerberos: add smb_krb5_principal_get_realm().Günther Deschner1-0/+25
Guenther
2009-11-06Revert "s3-kerberos: add smb_krb5_parse_name_flags()."Günther Deschner1-18/+0
This reverts commit 17ef153b68795fec681f9ce17c198236aba2b1c2.
2009-11-06s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().Günther Deschner1-5/+20
Guenther
2009-11-06s3-kerberos: use smb_krb5_get_credentials in ads_krb5_mk_req.Günther Deschner1-4/+7
Guenther
2009-11-06s3-kerberos: modify cli_krb5_get_ticket to take a new impersonate_princ_s arg.Günther Deschner1-2/+4
Guenther
2009-11-06s3-kerberos: add smb_krb5_get_{creds,credentials} incl. support for S4U2SELF ↵Günther Deschner1-1/+270
impersonation. Guenther
2009-11-06s3-kerberos: add smb_krb5_parse_name_flags().Günther Deschner1-0/+18
Guenther
2009-10-16s3: fixed krb5 build problem on ubuntu karmicAndrew Tridgell1-0/+9
Karmic has MIT krb5 1.7-beta3, which has the symbol krb5_auth_con_set_req_cksumtype but no prototype for it. See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
2009-07-16More conversions of NULL -> talloc_autofree_context()Jeremy Allison1-2/+2
so we at least know when we're using a long-lived context. Jeremy.
2009-06-04clikrb5: Prefer krb5_free_keytab_entry_contents to krb5_kt_free_entry.Jelmer Vernooij1-3/+8
Both functions exist in MIT Kerberos >= 1.7, but only krb5_free_keytab_entry_contents has a prototype.
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett1-11/+12
Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-20s3-krb5: Fix Coverity #722 (RESOURCE_LEAK).Günther Deschner1-12/+18
Guenther
2009-02-17Don't miss an absolute pathname as a kerberos keytab path. From Glenn Machin ↵Jeremy Allison1-0/+5
<gmachin@sandia.gov>. Jeremy.
2009-01-21Memory leaks and other fixes found by Coveritytodd stecher1-5/+5
2008-10-22s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.Günther Deschner1-26/+36
Guenther
2008-10-22s3: use shared asn1 code.Günther Deschner1-2/+2
Guenther
generated by cgit (git 2.34.1) at 2024-11-16 13:33:34 +0000