Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
This allows a password alone to be used to accept kerberos tickets.
Of course, we need to have got the salt right, but we do not need also
the correct kvno. This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
|
|
|
|
Several functions use the same logic as kerberos_pac_logon_info. Move
kerberos_pac_logon_info to common code and reuse it to remove the code
duplication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This is also where the related krb5_princ_component is declared.
Also fix the configure check to use the correct name
This helps the autoconf build on Heimdal.
Andrew Bartlett
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
System MIT krb5 build also enabled by specifying --without-ad-dc
When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.
Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
* Samba 4 client libraries and their Python bindings
* Samba 3 server (smbd, nmbd, winbindd from source3/)
* Samba 3 client libraries
In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
|
|
|
|
|
|
|
|
Unfortunately these functions are not available in MIT and there is no easy
workaround or compat funciton I can see at this stage. Will fix properly once
MIT gets the necessary functions or if another workaround can be found.
|
|
This is a helper fucntion that uses purely krb5 code, so it belongs to
krb5samba which is the krb5 wrapper for samba.
|
|
|
|
|
|
|
|
Make it clearly a gensec_krb5 accessory file.
This function should never be used anywhere else.
This function was copied out from the Heimdal tree and is kept in a separate
file for clarity and to keep the original license boilerplate.
|
|
This makes it simpler to slowly integrate MIT support and also amkes it
somewhat clearer what operation is really requested.
The 24u2 part is really only used by the cifs proxy code so we can temporarily
disable it in the MIT build w/o major consequences.
|
|
|
|
Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.
|
|
|
|
Code bails out with ENOMEM 2 lines a bove if config_file is NULL anyways
|
|
lib/replace/system/gssapi.h
With waf build include directories are defined by dependencies specified to subsystems.
Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds
when there are no system-wide gssapi/gssapi.h available.
Split out GSSAPI header includes in a separate replacement header and use that explicitly
where needed.
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
|
|
|
|
|
|
Turn the logging data to an opaque pointer.
Ifdef code and use MIT logging function when built against system MIT.
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
This allows us to make parse_principal static in kerbeors_util again and
avoid a silly game where we alloc containers and set destrcutors only to
release the whole thing at the end of the function.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
kerberos_enctype_to_bitmap is not used anywhere else, so just move it there and
make it static, one less dependency to worry about.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Confine ldb dependency.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
better express what is being done in the function name.
|
|
It's a helper function not used anywhere else.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
It is not used anywhere else.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
It's not used anywhere else.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
|
These are defined in the krb5 abstraction headers elsewhere.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
|
|
This uses a single callback to handle the PAC from the DATA_BLOB
format until it becomes a struct auth_session_info.
This allows a seperation between the GSS acceptor code and the PAC
interpretation code based on the supplied auth context.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 29 01:10:59 CET 2011 on sn-devel-104
|
|
This will help with writing a gensec module for the s3 gse layer.
Andrew Bartlett
|
|
This is important when trying to let GSSAPI search the keytab.
Andrew Bartlett
|
|
This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.
Based on a request by Gémes Géza <geza@kzsdabas.hu>
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
|