Age | Commit message (Collapse) | Author | Files | Lines |
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
caused the RPC-SECRETS test to crash smbd in an inlined version of
this memcmp() call. This patch should have absolutely no effect at
all, but in fact it prevents the crash.
Disassembling at the point of the crash, it shows that gcc is inlining
the memcmp(). I don't know enough MIPS assembler to actually spot the
bug. In case anyone reading this does know MIPS assembler, here is the
gcc generated code that crashes:
0x105e0218 <gssapi_krb5_verify_header+168>: lw $t1,52($sp)
0x105e021c <gssapi_krb5_verify_header+172>: lw $t1,0($t1)
0x105e0220 <gssapi_krb5_verify_header+176>: lhu $t1,0($t1)
0x105e0224 <gssapi_krb5_verify_header+180>: lw $t2,68($sp)
0x105e0228 <gssapi_krb5_verify_header+184>: lhu $t2,0($t2)
0x105e022c <gssapi_krb5_verify_header+188>: subu $t1,$t1,$t2
it gets a segv at 0x105e0220.
lha, what do you think of this? The change should be innocuous on all
other platforms, apart from making the code harder to read :(
(This used to be commit 95455b57893c99d6d2dc20c4f75042ae4c1cfe85)
|
|
(This used to be commit 3697cd6597875fe22f6885ce20612a32d0be2513)
|
|
showed up on ia_64 systems
(This used to be commit 1f38a7ea56944466d90622832e4570dc324adc4e)
|
|
sensible log messages to gensec_gssapi.
Andrew Bartlett
(This used to be commit df2e4f061f3bc82930dfcdbb75b775939ae8832e)
|
|
correct grammar
(This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
|
|
- use int32_t for seq_number
both changes let us use the types which the main heimdal code uses
metze
(This used to be commit ecff7b70aadb9ac27731a5b44aa20b49ac82321a)
|
|
it anymore
metze
(This used to be commit e1842c9b55ffd0792fea2cff37b812d319c76f1f)
|
|
Andrew Bartlett
(This used to be commit 0132312124260f74001546a34ff96db89d72b7f6)
|
|
Always remember to free the crypto context (found by Luke Howard)
(This used to be commit 4b44355d42592f4acaae459c6ae09dd928f083b7)
|
|
similarly built clients) behave.
This is better than just ignoring the checksum, if it isn't the GSSAPI
checksum. (Samba4 clients in Samba3 mode use more than just the MD5
checksum, and will use a signed AES checksum if available. Actual
samba3 may well do the same in future, against a suitable KDC).
Also a change for easier debugging of checksum issues.
Andrew Bartlett
(This used to be commit 120374f5f9e9af0653a26e0308e4bfdabbcaa3f3)
|
|
This includes many useful upstream changes, many of which should
reduce warnings in our compile.
It also includes a change to the HDB interface, which removes the need
for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch().
The new flags replace the old entry type enum.
(This required the rework in hdb-ldb.c included in this commit)
Andrew Bartlett
(This used to be commit ef5604b87744c89e66e4d845f45b23563754ec05)
|
|
Andrew Bartlett
(This used to be commit f0e538126c5cb29ca14ad0d8281eaa0a715ed94f)
|
|
this is CFX).
Caught by Valgrind.
Andrew Bartlett
(This used to be commit bdb55ce2b57adf3b7c6eb1455c3775d013c72e5d)
|
|
Andrew Bartlett
(This used to be commit 97a0a0e2fa6784e5fc5278f7a15b385ddcb6a3b3)
|
|
We do need the gsskrb5_get_initiator_subkey() routine. But we should
ensure that we do always get a valid key, to prevent any segfaults.
Without this code, we get a different session key compared with
Win2k3, and so kerberised smb signing fails.
Andrew Bartlett
(This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
|
|
same session key. I need to understand this more, but it works
samba/samba, and I don't have access to windows doing AES (longhorn)
yet.
Andrew Bartlett
(This used to be commit 38809b43a5d6bd668e9cb714573dc1e72ceff092)
|
|
gsskrb5_get_initiator_subkey() routine is bougs. We can indeed use
gss_krb5_get_subkey().
This is fortunate, as there was a segfault bug in 'initiator' version.
Andrew Bartlett
(This used to be commit ec11870ca1f9231dd3eeae792fc3268b31477e11)
|
|
interface worked, so hdb-ldb.c and the glue have been updated.
Andrew Bartlett
(This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e)
|
|
for referencing an existing in-MEMORY keytab (required for the new way
we push that to GSSAPI).
Andrew Bartlett
(This used to be commit 2426581dfb9f5f0f9367f846c01dfd3c30fea954)
|
|
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
|
|
Andrew Bartlett
(This used to be commit 6bb1b244284a209ebcb50c17ad59d4528658da0b)
|
|
change this checksum, as it is inside the encrypted packets.
Where the client (such as Samba3) fakes up GSSAPI, allow it to
continue. We can't rid the world of all Samba3 and similar clients...
Andrew Bartlett
(This used to be commit e60cdb63fb37e44252f83a56a6302f0bd22dec4d)
|
|
DCE_STYLE modified version, and add parametric options to control
delegation.
It turns out the only remaining issue is sending delegated credentials
to a windows server, probably due to the bug lha mentions in his blog
(using the wrong key).
If I turn delgation on in smbclient, but off in smbd, I can proxy a
cifs session.
I can't wait till Heimdal 0.8, so I'll see if I can figure out the fix
myself :-)
Andrew Bartlett
(This used to be commit fd5fd03570c13f5644e53ff89ac8eca7c0985740)
|
|
Andrew Bartlett
(This used to be commit 0a4194118974bdde4e10fd32578a5beeb6e768ce)
|
|
of the gsskrb5_acquire_cred hack.
Add support for delegated credentials into the auth and credentials
subsystem, and specifically into gensec_gssapi.
Add the CIFS NTVFS handler as a consumer of delegated credentials,
when no user/domain/password is specified.
Andrew Bartlett
(This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
|
|
(This used to be commit a0b4036ba6ae423bab3ec698d3e404f03bb0f9d5)
|
|
have easy access to the event context.
This stops Samba dead-locking against itself when the winbindd client
tries to contact the KDC.
Andrew Bartlett
(This used to be commit 57f811115ed768ea1f170dcd71038398bf2ab6e9)
|
|
to CVS of 2005-10-24).
Andrew Bartlett
(This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174)
|
|
Andrew Bartlett
(This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
|
|
the other
ideas I have had.
When I get a full list of things I want to do to a krb5_context I'll
either add gsskrb5_ wrappers, or a way of speicfying the krb5 context
per gssapi context.
(I want to ensure that the only krb5_context variables created while
executing Samba4 are via our wrapper).
Andrew Bartlett
(This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625)
|
|
(This used to be commit 5767c05909c9927b3a806614b1f1bd2f90a35dd3)
|
|
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
|
|
Andrew Bartlett
(This used to be commit c17926b6fe278fd757862885f82fd342b755167c)
|
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
to Heimdal CVS as of 2005-08-27).
Andrew Bartlett
(This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
|
|
Delete test_crypto_wrapping.c, previously included but unbuilt.
Andrew Bartlett
(This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
|
|
This is my first attempt at this, so there may be a few rough edges.
Andrew Bartlett
(This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
|
|
(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)
|