summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos
AgeCommit message (Collapse)AuthorFilesLines
2010-03-16s4:auth/kerberos/kerberos.c - fix also here a memory leakMatthias Dieter Wallnöfer1-0/+1
The options need to be freed also on this error case.
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell3-34/+42
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-31s4:kdc streamline context initializationSimo Sorce2-37/+58
Allow other plugins to init the context without having it try to grab sockets or set samba specific logging.
2010-01-28cleanup: remove trailing spaces and tabsSimo Sorce1-37/+37
2010-01-16s4-kerberos: raise the general kerberos debug level to 3Andrew Tridgell1-1/+1
level 2 for every krb request is a bit much
2010-01-12Strip trailing spacesSimo Sorce1-62/+62
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-9/+4
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-08-21s4:kerberos Use MIT compatible names for these enc typesAndrew Bartlett1-1/+1
This is a small start on (ie, the only trivial part of) the work shown in: http://k5wiki.kerberos.org/wiki/Projects/Samba4_Port#Samba.27s_use_of_Heimdal_symbols.2C_with_MIT_differences (a table of all Kerberos symbols used in Samba4, and notes on where they differ from those provided with MIT Kerberos) Andrew Bartlett
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett2-1/+148
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"Stefan Metzmacher2-148/+1
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze
2009-07-27s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett2-1/+148
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-06-30Rework the kerberos-notes.txt in order and formatDon Davis1-0/+803
This reworks the notes file to be less stream-of-consciousness and more task for porting, with a very particular focus on a potential port of Samba4 to use MIT Kerberos. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-06-19Fixed some uninitialised variablesMatthias Dieter Wallnöfer1-5/+1
I tried hard to not change the program logic. Should fix bug #6439.
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett4-12/+24
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-10Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005Donald T. Davis1-154/+448
Compiled with Andrew over a series of phone calls and gobby sessions, with the aim of documenting Kerberos requirements for Samba to us an alternate (ie, MIT) Kerberos library. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-03-26s4:auth/credentials: use krb5_data_free()Stefan Metzmacher1-5/+1
metze
2009-02-02s4:auth/kerberos: s/private/private_dataStefan Metzmacher1-10/+10
metze
2009-01-03s4:auth/kerberos: convert to tevent_* apiStefan Metzmacher2-14/+13
metze
2009-01-03s4:socket: use a socket_wrapper aware function to auto close the fd event ↵Stefan Metzmacher1-4/+5
for sockets metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher2-8/+8
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-24Rename samba-socket -> samba_socket to fix a couple more compilerJelmer Vernooij1-1/+1
warnings.
2008-12-18s4:lib/socket: socket_connect_send() and socket_connect_ev() should only ↵Stefan Metzmacher1-2/+1
wrok with addresses metze
2008-11-02Remove two debug parameters, not used anywhere.Jelmer Vernooij1-6/+2
Andrew, I was pretty sure these could be removed but if not, please let me know.
2008-10-24Remove unused include param/param.h.Jelmer Vernooij1-1/+0
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij3-0/+4
remove some unused functions.
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer1-3/+1
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-24Kerberos cosmetic changes: Revert a part of the patchMatthias Dieter Wallnöfer1-1/+3
Reverts a part of the patch because it changes the function of the code (suggested by Jelmer).
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer3-14/+12
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-5/+5
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett1-1/+122
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-01auth/kerberos: remove dependencies to internal heimdalStefan Metzmacher2-2/+1
metze (This used to be commit ed0fc19ac6a1194e6fd9a6534cbf7453fa870066)
2008-08-01auth/kerberos: we don't need to include heimdal private headersStefan Metzmacher1-2/+0
metze (This used to be commit 6ec3887aee9bbb9c182ab966d37212edeaa16b5a)
2008-08-01build with the new heimdal versionStefan Metzmacher2-1/+3
(This used to be commit 3817d653faecb70bfafb850fe7d6e83aaed7e6d1)
2008-05-31Revert Jelmer's CFLAGS commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6cAndrew Bartlett1-2/+0
This commit broke the build, because not all files (libreplace, popt) were updated. Andrew Bartlett (This used to be commit 3faacf4351d68a10aea78b53768571d2059772ae)
2008-05-30Move CFLAGS handling out of smb_build.Jelmer Vernooij1-0/+2
(This used to be commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c)
2008-05-18Fix a bunch of dependencies.Jelmer Vernooij1-1/+1
(This used to be commit a63f458462d207d215a6e4ef8e480b0c8daedf6a)
2008-05-18Fix a couple (well, little more than that..) of typos.Jelmer Vernooij1-1/+1
(This used to be commit a6b52119940a900fb0de3864b8bca94e2965cc24)
2008-05-18Create prototype headers from Makefile directory, without smb_build in the ↵Jelmer Vernooij1-1/+2
middle. (This used to be commit f4a77b96f9c17d853348b70794026e5b9e384942)
2008-05-18Use variables for source directory in a couple more places.Jelmer Vernooij1-1/+1
(This used to be commit 2860a7db5968c7007522cdb300eba390da929ab8)
2008-04-08Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3Jelmer Vernooij1-1/+2
Conflicts: source/auth/credentials/config.mk source/auth/gensec/config.mk source/build/smb_build/makefile.pm source/heimdal_build/config.mk source/lib/events/config.mk source/lib/nss_wrapper/config.mk source/lib/policy/config.mk source/lib/registry/config.mk source/lib/socket_wrapper/config.mk source/lib/tdb/config.mk source/lib/tls/config.mk source/lib/util/config.mk source/libcli/config.mk source/libcli/ldap/config.mk source/libnet/config.mk source/librpc/config.mk source/param/config.mk source/rpc_server/config.mk source/scripting/ejs/config.mk source/smbd/process_model.mk (This used to be commit 760378e0294dd0cd4523a83448328478632d7e3d)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-1/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-28Merge v4.0-testJelmer Vernooij1-4/+4
(This used to be commit 977dbdeaf363c8905ed9fd0570eba4be80582833)
2008-03-17Don't require users of credentials.h to have krb5.h and gssapi.hAndrew Bartlett1-4/+4
Rather than require users of Samba4's headers to have krb5-devel installed (presumably in their system paths), don't expose the minor functions which require this by default. Andrew Bartlett (This used to be commit f14737e4d2040d2f401a3b20c5e78d0d793cfc3a)
2008-03-03Move object file lists to the Makefile.Jelmer Vernooij1-6/+9
(This used to be commit a7e6d2a1832db388fdafa1279f84c9a8bbfc87d6)
2008-02-21Avoid use of global_loadparm.Jelmer Vernooij2-3/+12
(This used to be commit c5a95bbe0ce55c29e135a9c6058bf192ec3bb546)
2008-01-15util: Move asn1 to lib/util to trim down the number of subsystems.Jelmer Vernooij1-1/+1
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
2008-01-01r26640: Janitorial: Remove some more uses of global_loadparm.Jelmer Vernooij1-2/+3
(This used to be commit c863f4ebde8efa1a695b4469142d6719e30bc419)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-5/+9
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-5/+17
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)