summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos/kerberos_util.c
AgeCommit message (Collapse)AuthorFilesLines
2012-08-30auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()Andrew Bartlett1-0/+1
This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
2012-05-04Fix compiler warningSimo Sorce1-1/+1
2012-05-04s4-auth-krb: Use compat code to initialize keyblock contentsSimo Sorce1-1/+1
2012-05-04s4-auth-krb: Disable code in MIT buildSimo Sorce1-1/+4
Unfortunately these functions are not available in MIT and there is no easy workaround or compat funciton I can see at this stage. Will fix properly once MIT gets the necessary functions or if another workaround can be found.
2012-05-04Split normal kinit from s4u2 flavored kinitSimo Sorce1-7/+21
This makes it simpler to slowly integrate MIT support and also amkes it somewhat clearer what operation is really requested. The 24u2 part is really only used by the cifs proxy code so we can temporarily disable it in the MIT build w/o major consequences.
2012-04-23For now just disable this Heindal specific stuff in the MIT buildSimo Sorce1-0/+6
2012-04-12s4-auth-krb: Remove unneded dependency on kerberos_util.Simo Sorce1-6/+12
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Simplify salt_princ handling.Simo Sorce1-2/+8
This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Move function to db-glue.c and make it static.Simo Sorce1-19/+0
kerberos_enctype_to_bitmap is not used anywhere else, so just move it there and make it static, one less dependency to worry about. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Move keytab functions in a separate file.Simo Sorce1-706/+11
Confine ldb dependency. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Streamline and cleanup code to make it readable.Simo Sorce1-190/+256
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: streamline and rename enctype functionsSimo Sorce1-11/+12
better express what is being done in the function name.
2012-04-12s4-auth-krb: Make kerberos_enctype_bitmap_to_enctype static.Simo Sorce1-1/+1
It's a helper function not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Make kerberos_enctype_bitmap_to_enctypes static.Simo Sorce1-1/+7
It is not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Make impersonate_principal_from_credentials static.Simo Sorce1-0/+1
It's not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
2011-12-07auth: Allow a NULL principal to be obtained from the credentialsAndrew Bartlett1-2/+10
This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
2011-07-25s4:auth/kerberos: activate windows related krb5 flagsStefan Metzmacher1-0/+10
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jul 25 09:45:01 CEST 2011 on sn-devel-104
2011-06-22s4:auth/kerberos: add S4U2Proxy support to kerberos_kinit_password_cc()Stefan Metzmacher1-0/+1
For S4U2Proxy we need to use the ticket from the S4U2Self stage and ask the kdc for the delegated ticket for the target service. metze
2011-06-21s4/auth: Trivial spelling fixes.Brad Hards1-3/+3
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-05-18s4:auth/credentials: pass 'self_service' to ↵Stefan Metzmacher1-2/+6
cli_credentials_set_impersonate_principal() This also adds a cli_credentials_get_self_service() helper function. In order to support S4U2Proxy we need to be able to set the service principal for the S4U2Self step independent of the target principal. metze
2011-04-14s3-auth Rename smb_krb5_open_keytab to avoid a conflict with s3Andrew Bartlett1-7/+7
The s3 function doesn't use the keytab_container concept. Andrew Bartlett
2011-04-14libcli/auth Move krb5 wrapper functions from s3 into commonAndrew Bartlett1-2/+2
This requires a small rework of the build system to ensure that the correct #define statements are made in both the s3 and top level builds. We now define the various HAVE_ macros in config.h at all times, using heimdal_build/wscript_configure when that is in use. Andrew Bartlett
2010-10-11s4-credentials Add explicit event context handling to Kerberos calls (only)Andrew Bartlett1-0/+13
By setting the event context to use for this operation (only) onto the krb5_context just before we call that operation, we can try and emulate the specification of an event context to the actual send_to_kdc() This eliminates the specification of an event context to many other cli_credentials calls, and the last use of event_context_find() Special care is taken to restore the event context in the event of nesting in the send_to_kdc function. Andrew Bartlett
2010-10-11kerberos_util: Put into separate subsystem.Jelmer Vernooij1-1/+2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
2010-10-02s4-kerberos Don't regenerate key values for each alias in keytabAndrew Bartlett1-43/+35
Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
2010-10-01s4-auth: fixed a vagrind error when creating keytabsAndrew Tridgell1-0/+3
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-26s4-kerberos Don't segfault if the password isn't specified in keytab generationAndrew Bartlett1-0/+7
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
2010-09-24s4-kerberos Rework keytab handling to export servicePrincipalName entriesAndrew Bartlett1-124/+160
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett
2010-09-24s4-kerberos Move 'set key into keytab' code out of credentials.Andrew Bartlett1-139/+223
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett
2010-09-24s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes()Andrew Bartlett1-2/+3
The previous code never worked Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-09-16s4-kerberos: obey the credentials setting for forwardable ticketsAndrew Tridgell1-1/+31
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-06-29s4:kerberos Add functions to convert msDS-SupportedEncryptionTypesAndrew Bartlett1-0/+57
This will allow us to interpret this attibute broadly in Samba. Andrew Bartlett
2010-05-02s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett1-5/+11
This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
2010-04-10s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett1-33/+84
A torture test to demonstrate will be added soon. Andrew Bartlett
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell1-28/+34
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2009-08-21s4:kerberos Use MIT compatible names for these enc typesAndrew Bartlett1-1/+1
This is a small start on (ie, the only trivial part of) the work shown in: http://k5wiki.kerberos.org/wiki/Projects/Samba4_Port#Samba.27s_use_of_Heimdal_symbols.2C_with_MIT_differences (a table of all Kerberos symbols used in Samba4, and notes on where they differ from those provided with MIT Kerberos) Andrew Bartlett
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer1-3/+1
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-24Kerberos cosmetic changes: Revert a part of the patchMatthias Dieter Wallnöfer1-1/+3
Reverts a part of the patch because it changes the function of the code (suggested by Jelmer).
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer1-10/+8
This commit applies some cosmetic corrections for the KERBEROS library.
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-1/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-17Don't require users of credentials.h to have krb5.h and gssapi.hAndrew Bartlett1-4/+4
Rather than require users of Samba4's headers to have krb5-devel installed (presumably in their system paths), don't expose the minor functions which require this by default. Andrew Bartlett (This used to be commit f14737e4d2040d2f401a3b20c5e78d0d793cfc3a)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij1-6/+6
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r22990: free temporary memory also on success...Stefan Metzmacher1-0/+1
metze (This used to be commit 876a6ef4857a73987d1eba127161993cf07a613b)
2007-10-10r22558: Move to a static list of enctypes to put into our keytab. In future,Andrew Bartlett1-59/+40
I'll allow this to be configured from the secrets.ldb, but it should fix some user issues. Andrew Bartlett (This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
2007-10-10r21175: Fix the kerberos keytab update code to handle deletes.Andrew Bartlett1-3/+2
Fix the join code to know that the ldb layer handles the keytab update. Andrew Bartlett (This used to be commit d3fbc089f4161ae71b21077d50130fdabd8b2d77)
2007-10-10r19677: Fix more dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 17c2557834aad8c85fb640054c942f99bbce1d94)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+1
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19568: When we get back a skew error, try with no skew. This allows us toAndrew Bartlett1-38/+50
recover from inheriting an invalid skew from a ccache. Andrew Bartlett (This used to be commit 4881f0583dd42083bb2bc2eeca32316f890c4804)
2007-10-10r15853: started the process of removing the warnings now thatAndrew Tridgell1-6/+6
talloc_set_destructor() is type safe. The end result will be lots less use of void*, and less calls to talloc_get_type() (This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)