summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos
AgeCommit message (Collapse)AuthorFilesLines
2013-02-19s4:auth/kerberos: make use of samba_tevent_context_init()Stefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-08-30auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()Andrew Bartlett2-0/+2
This allows a password alone to be used to accept kerberos tickets. Of course, we need to have got the salt right, but we do not need also the correct kvno. This allows gensec_gssapi to accept tickets based on a secrets.tdb entry. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
2012-08-28lib/krb5_wrap: Move enctype conversion functions into a simple helper fileAndrew Bartlett1-45/+0
2012-07-06auth: Common function for retrieving PAC_LOGIN_INFO from PACChristof Schmitt2-45/+0
Several functions use the same logic as kerberos_pac_logon_info. Move kerberos_pac_logon_info to common code and reuse it to remove the code duplication. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-06-12s4:kerberos: fix typos in kerberos-notes.txtMichael Adam1-2/+2
2012-05-30lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used thereAndrew Bartlett1-0/+8
This is also where the related krb5_princ_component is declared. Also fix the configure check to use the correct name This helps the autoconf build on Heimdal. Andrew Bartlett
2012-05-23gse: Use the smb_gss_oid_equal wrapper.Andreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy1-1/+1
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-08s4-auth: Use smb_krb5_make_pac_checksum.Andreas Schneider1-54/+24
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04s4:auth/kerberos: don't do tracing in MIT buildAlexander Bokovoy1-17/+0
Signed-off-by: Simo Sorce <idra@samba.org>
2012-05-04s4-auth-krb: Make srv_keytab.c build against MIT KerberosSimo Sorce1-8/+11
2012-05-04Fix incompatible assignment warningSimo Sorce1-1/+1
2012-05-04Fix compiler warningSimo Sorce1-1/+1
2012-05-04s4-auth-krb: Use compat code to initialize keyblock contentsSimo Sorce1-1/+1
2012-05-04s4-auth-krb: Disable code in MIT buildSimo Sorce1-1/+4
Unfortunately these functions are not available in MIT and there is no easy workaround or compat funciton I can see at this stage. Will fix properly once MIT gets the necessary functions or if another workaround can be found.
2012-05-04Move keytab_copy to krb5samba libSimo Sorce2-231/+1
This is a helper fucntion that uses purely krb5 code, so it belongs to krb5samba which is the krb5 wrapper for samba.
2012-05-04Fix keytab_copy to compile with MIT librariues tooSimo Sorce1-10/+12
2012-05-04keytab_copy: Fix style, whitespacesSimo Sorce1-8/+17
2012-05-04kerberos_pac: Fix code to work with MIT tooSimo Sorce1-3/+3
2012-05-04s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5Simo Sorce2-103/+1
Make it clearly a gensec_krb5 accessory file. This function should never be used anywhere else. This function was copied out from the Heimdal tree and is kept in a separate file for clarity and to keep the original license boilerplate.
2012-05-04Split normal kinit from s4u2 flavored kinitSimo Sorce1-7/+21
This makes it simpler to slowly integrate MIT support and also amkes it somewhat clearer what operation is really requested. The 24u2 part is really only used by the cifs proxy code so we can temporarily disable it in the MIT build w/o major consequences.
2012-05-04Move kerberos_kinit_password_cc to krb5samba libSimo Sorce3-427/+1
2012-05-04Move kerberos_kinit_keyblock_cc to krb5samba libSimo Sorce2-55/+0
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not available.
2012-05-04krb-init: define out heimdal specific stuff in mitkrb buildSimo Sorce1-3/+12
2012-05-04s4-auth-krb: avoid useless conditionSimo Sorce1-1/+1
Code bails out with ENOMEM 2 lines a bove if config_file is NULL anyways
2012-04-25lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into ↵Alexander Bokovoy2-1/+2
lib/replace/system/gssapi.h With waf build include directories are defined by dependencies specified to subsystems. Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds when there are no system-wide gssapi/gssapi.h available. Split out GSSAPI header includes in a separate replacement header and use that explicitly where needed. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce2-4/+5
2012-04-23For now just disable this Heindal specific stuff in the MIT buildSimo Sorce4-3/+25
2012-04-23Make krb5 context initialization not heimdal specificSimo Sorce2-22/+54
Turn the logging data to an opaque pointer. Ifdef code and use MIT logging function when built against system MIT.
2012-04-19Fix Error messagesSimo Sorce1-4/+2
2012-04-12srv_keytab: Pass krb5_context directly, it's all we use anyways.Simo Sorce1-16/+11
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12auth-krb: Move pac related util functions in a single place.Simo Sorce1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Remove dependency on credentials too.Simo Sorce2-11/+5
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Remove unneded dependency on kerberos_util.Simo Sorce3-40/+54
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Simplify salt_princ handling.Simo Sorce4-287/+187
This allows us to make parse_principal static in kerbeors_util again and avoid a silly game where we alloc containers and set destrcutors only to release the whole thing at the end of the function. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Move function to db-glue.c and make it static.Simo Sorce2-20/+0
kerberos_enctype_to_bitmap is not used anywhere else, so just move it there and make it static, one less dependency to worry about. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Move keytab functions in a separate file.Simo Sorce4-707/+749
Confine ldb dependency. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Streamline and cleanup code to make it readable.Simo Sorce1-190/+256
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: streamline and rename enctype functionsSimo Sorce1-11/+12
better express what is being done in the function name.
2012-04-12s4-auth-krb: Make kerberos_enctype_bitmap_to_enctype static.Simo Sorce2-3/+1
It's a helper function not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Make kerberos_enctype_bitmap_to_enctypes static.Simo Sorce1-1/+7
It is not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Move function into more appropriate header.Simo Sorce1-0/+8
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12s4-auth-krb: Make impersonate_principal_from_credentials static.Simo Sorce1-0/+1
It's not used anywhere else. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12krb5_wrap: remove duplicate declaration and dead ifdefSimo Sorce1-4/+0
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-10krb5: Require krb5_set_real_time is available to build with krb5Andrew Bartlett1-4/+0
2012-01-09s4-kerberos: remove some unused prototypes.Günther Deschner1-22/+0
These are defined in the krb5 abstraction headers elsewhere. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
2011-12-29s4-gensec: Move parsing of the PAC blob and creating the session_info into authAndrew Bartlett1-0/+1
This uses a single callback to handle the PAC from the DATA_BLOB format until it becomes a struct auth_session_info. This allows a seperation between the GSS acceptor code and the PAC interpretation code based on the supplied auth context. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
2011-12-28auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett2-123/+2
This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
2011-12-07auth: Allow a NULL principal to be obtained from the credentialsAndrew Bartlett1-2/+10
This is important when trying to let GSSAPI search the keytab. Andrew Bartlett
2011-11-29s4-samba-tool: Add --principal argument to samba-tool domain exportkeytabAndrew Bartlett1-61/+134
This allows only a particular principal to be exported to the keytab. This is useful when setting up unix servers in a Samba controlled domain. Based on a request by Gémes Géza <geza@kzsdabas.hu> Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104