summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos
AgeCommit message (Collapse)AuthorFilesLines
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij2-26/+8
2010-05-02s4:credentials Make the CCACHE in credentials depend on the things that built itAndrew Bartlett3-20/+39
This means that we consider the ccache only as reliable as the least specified of the inputs we used. This means that we will regenerate the ccache if any of the inputs change. Andrew Bartlett
2010-04-10s4:credentials Add the functions needed to do S4U2Self with cli_credentialsAndrew Bartlett3-50/+161
A torture test to demonstrate will be added soon. Andrew Bartlett
2010-04-06s4-waf: removed the AUTOGENERATED markersAndrew Tridgell1-4/+0
we won't be using the mk -> wscript generator again
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06build: commit all the waf build files in the treeAndrew Tridgell1-0/+11
2010-03-16s4:auth/kerberos/kerberos.c - fix also here a memory leakMatthias Dieter Wallnöfer1-0/+1
The options need to be freed also on this error case.
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell3-34/+42
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-01-31s4:kdc streamline context initializationSimo Sorce2-37/+58
Allow other plugins to init the context without having it try to grab sockets or set samba specific logging.
2010-01-28cleanup: remove trailing spaces and tabsSimo Sorce1-37/+37
2010-01-16s4-kerberos: raise the general kerberos debug level to 3Andrew Tridgell1-1/+1
level 2 for every krb request is a bit much
2010-01-12Strip trailing spacesSimo Sorce1-62/+62
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-9/+4
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-08-21s4:kerberos Use MIT compatible names for these enc typesAndrew Bartlett1-1/+1
This is a small start on (ie, the only trivial part of) the work shown in: http://k5wiki.kerberos.org/wiki/Projects/Samba4_Port#Samba.27s_use_of_Heimdal_symbols.2C_with_MIT_differences (a table of all Kerberos symbols used in Samba4, and notes on where they differ from those provided with MIT Kerberos) Andrew Bartlett
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett2-1/+148
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"Stefan Metzmacher2-148/+1
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze
2009-07-27s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett2-1/+148
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-06-30Rework the kerberos-notes.txt in order and formatDon Davis1-0/+803
This reworks the notes file to be less stream-of-consciousness and more task for porting, with a very particular focus on a potential port of Samba4 to use MIT Kerberos. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-06-19Fixed some uninitialised variablesMatthias Dieter Wallnöfer1-5/+1
I tried hard to not change the program logic. Should fix bug #6439.
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett4-12/+24
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-10Clarify and expand the Kerberos notes made by Andrew Bartlett in 2005Donald T. Davis1-154/+448
Compiled with Andrew over a series of phone calls and gobby sessions, with the aim of documenting Kerberos requirements for Samba to us an alternate (ie, MIT) Kerberos library. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-03-26s4:auth/credentials: use krb5_data_free()Stefan Metzmacher1-5/+1
metze
2009-02-02s4:auth/kerberos: s/private/private_dataStefan Metzmacher1-10/+10
metze
2009-01-03s4:auth/kerberos: convert to tevent_* apiStefan Metzmacher2-14/+13
metze
2009-01-03s4:socket: use a socket_wrapper aware function to auto close the fd event ↵Stefan Metzmacher1-4/+5
for sockets metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher2-8/+8
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-24Rename samba-socket -> samba_socket to fix a couple more compilerJelmer Vernooij1-1/+1
warnings.
2008-12-18s4:lib/socket: socket_connect_send() and socket_connect_ev() should only ↵Stefan Metzmacher1-2/+1
wrok with addresses metze
2008-11-02Remove two debug parameters, not used anywhere.Jelmer Vernooij1-6/+2
Andrew, I was pretty sure these could be removed but if not, please let me know.
2008-10-24Remove unused include param/param.h.Jelmer Vernooij1-1/+0
2008-10-20Make sure prototypes are always included, make some functions static andJelmer Vernooij3-0/+4
remove some unused functions.
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer1-3/+1
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-24Kerberos cosmetic changes: Revert a part of the patchMatthias Dieter Wallnöfer1-1/+3
Reverts a part of the patch because it changes the function of the code (suggested by Jelmer).
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer3-14/+12
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-5/+5
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett1-1/+122
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-01auth/kerberos: remove dependencies to internal heimdalStefan Metzmacher2-2/+1
metze (This used to be commit ed0fc19ac6a1194e6fd9a6534cbf7453fa870066)
2008-08-01auth/kerberos: we don't need to include heimdal private headersStefan Metzmacher1-2/+0
metze (This used to be commit 6ec3887aee9bbb9c182ab966d37212edeaa16b5a)
2008-08-01build with the new heimdal versionStefan Metzmacher2-1/+3
(This used to be commit 3817d653faecb70bfafb850fe7d6e83aaed7e6d1)
2008-05-31Revert Jelmer's CFLAGS commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6cAndrew Bartlett1-2/+0
This commit broke the build, because not all files (libreplace, popt) were updated. Andrew Bartlett (This used to be commit 3faacf4351d68a10aea78b53768571d2059772ae)
2008-05-30Move CFLAGS handling out of smb_build.Jelmer Vernooij1-0/+2
(This used to be commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c)
2008-05-18Fix a bunch of dependencies.Jelmer Vernooij1-1/+1
(This used to be commit a63f458462d207d215a6e4ef8e480b0c8daedf6a)
2008-05-18Fix a couple (well, little more than that..) of typos.Jelmer Vernooij1-1/+1
(This used to be commit a6b52119940a900fb0de3864b8bca94e2965cc24)
2008-05-18Create prototype headers from Makefile directory, without smb_build in the ↵Jelmer Vernooij1-1/+2
middle. (This used to be commit f4a77b96f9c17d853348b70794026e5b9e384942)
2008-05-18Use variables for source directory in a couple more places.Jelmer Vernooij1-1/+1
(This used to be commit 2860a7db5968c7007522cdb300eba390da929ab8)
2008-04-08Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3Jelmer Vernooij1-1/+2
Conflicts: source/auth/credentials/config.mk source/auth/gensec/config.mk source/build/smb_build/makefile.pm source/heimdal_build/config.mk source/lib/events/config.mk source/lib/nss_wrapper/config.mk source/lib/policy/config.mk source/lib/registry/config.mk source/lib/socket_wrapper/config.mk source/lib/tdb/config.mk source/lib/tls/config.mk source/lib/util/config.mk source/libcli/config.mk source/libcli/ldap/config.mk source/libnet/config.mk source/librpc/config.mk source/param/config.mk source/rpc_server/config.mk source/scripting/ejs/config.mk source/smbd/process_model.mk (This used to be commit 760378e0294dd0cd4523a83448328478632d7e3d)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij1-1/+2
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-28Merge v4.0-testJelmer Vernooij1-4/+4
(This used to be commit 977dbdeaf363c8905ed9fd0570eba4be80582833)
2008-03-17Don't require users of credentials.h to have krb5.h and gssapi.hAndrew Bartlett1-4/+4
Rather than require users of Samba4's headers to have krb5-devel installed (presumably in their system paths), don't expose the minor functions which require this by default. Andrew Bartlett (This used to be commit f14737e4d2040d2f401a3b20c5e78d0d793cfc3a)
generated by cgit (git 2.34.1) at 2024-11-06 18:17:24 +0000