summaryrefslogtreecommitdiff
path: root/source4/libcli/auth/gensec_krb5.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r2650: fixed a memory leak in make_server_info()Andrew Tridgell1-1/+1
(This used to be commit 4aba6e7101041100f7d400abd5e7144b95528fc3)
2007-10-10r2645: converted the NTLMSSP code to the new style of tallocAndrew Tridgell1-15/+6
(This used to be commit b378aae95d4001c4cf4e6e59ed80ee1bd55382ee)
2007-10-10r2643: convert more of the auth subsyystem to the new talloc methods. ThisAndrew Tridgell1-9/+9
also fixes a memory leak found with --leak-check. (This used to be commit f19201ea274f0a542314c61c4af676197bf154ad)
2007-10-10r2629: convert gensec to the new talloc modelAndrew Tridgell1-2/+2
by making our gensec structures a talloc child of the open connection we can be sure that it will be destroyed when the connection is dropped. (This used to be commit f12ee2f241aab1549bc1d9ca4c35a35a1ca0d09d)
2007-10-10r2385: the gensec:krb5 test is not needed here any more, as we do it in the ↵Andrew Tridgell1-4/+0
registration code (This used to be commit bcf9d787d6bced4c4482fa3e51ccea258563d89e)
2007-10-10r2376: added a way to disable krb5 on the command line. Just useAndrew Tridgell1-0/+5
--option 'gensec:krb5=no' or put "gensec:krb5 = no" in smb.conf Given the frustration I've had with kerberos I was very tempted to name this option --nfk, but resisted the temptation (This used to be commit 2d710a5eb5b36e46fa8f652305fa9ab2e09e02f3)
2007-10-10r2290: Fix 'lsakey' for the server-side, it is static forAndrew Bartlett1-4/+2
'authenticated' connections. Fix kerberos session key issues - we need to call the routine for extracting the session key, not just read the cache. Andrew Bartlett (This used to be commit b80d849b6b586869fc7d3d4153db1a316f2867a9)
2007-10-10r2286: Fixes towards krb5 logins into Samba's CIFS server.Andrew Bartlett1-79/+85
These fixes aim particularly at allowing PAC-less logins, as I don't yet generate a PAC in the lorikeet-heimdal KDC. This is for the benifit of a Kerbeors-enabled domain join, which seems to be progressing quite well! Andrew Bartlett (This used to be commit f5a381094dd5bcbd795a134bc4b8b89901b5e3eb)
2007-10-10r2054: Fix compile warnings/build failures on non-gcc.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 2cbbf123d26081687a15eb7b82738e8187153ba4)
2007-10-10r1794: fix the build MIT krb5Stefan Metzmacher1-2/+4
metze (This used to be commit fe655d047434422eae77486e5fd7fa51eb942677)
2007-10-10r1790: a few updates on krb5 PAC...Stefan Metzmacher1-10/+30
metze (This used to be commit 5a3a10c004ee2c94c42f08d52b36c75b413bdb79)
2007-10-10r1784: a few minor changes and debug the decoded PAC_DATAStefan Metzmacher1-8/+10
metze (This used to be commit 250485b69fbdd494bfd6c69bae94662e24fb0117)
2007-10-10r1770: here's the krb5 server code,Stefan Metzmacher1-7/+257
there're some cleanups needed and we need to verify the PAC correctly and create the auth_session_info correctly... metze (This used to be commit d8fe497097ee49611bb05c4a2fed36912d8e16b4)
2007-10-10r1605: GENSEC krb5 updates - fix a valgrind found uninitialised variable, andAndrew Bartlett1-2/+6
allow tests for 'unwrapped' krb5, allowed by Win2k3. SPENGO changes, trying to get the logic right (when and what sub-mechanisms to wrap). Andrew Bartlett (This used to be commit 8a0f7bf5e282d021afe93994a91fd76fa9c05f42)
2007-10-10r1521: Updates to our SMB signing code.Andrew Bartlett1-1/+3
- This causes our client and server code to use the same core code, with the same debugs etc. - In turn, this will allow the 'mandetory/fallback' signing algorithms to be shared, and only written once. Updates to the SPNEGO code - Don't wrap an empty token to the server, if we are actually already finished. Andrew Bartlett (This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
2007-10-10r1476: Don't print messages about the CCACHE not being found - this is normal.Andrew Bartlett1-2/+6
Andrew Bartlett (This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)
2007-10-10r1475: More kerberos workAndrew Bartlett1-19/+95
- We can now connect to hosts that follow the SPNEGO RFC, and *do not* give us their principal name in the mechListMIC. - The client code now remembers the hostname it connects to - We now kinit for a user, if there is not valid ticket already - Re-introduce clock skew compensation TODO: - See if the username in the ccache matches the username specified - Use a private ccache, rather then the global one, for a 'new' kinit - Determine 'default' usernames. - The default for Krb5 is the one in the ccache, then $USER - For NTLMSSP, it's just $USER Andrew Bartlett (This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
2007-10-10r1462: GENSEC Kerberos and SPENGO work:Andrew Bartlett1-6/+7
- Spelling - it's SPNEGO, not SPENGO - SMB signing - Krb5 logins are now correctly signed - SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not. Andrew Bartlett (This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
2007-10-10r1457: Add the GSSAPI layer to our gensec_krb5 code.Andrew Bartlett1-33/+54
Andrew Bartlett (This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)
2007-10-10r1437: Intermediate commit of krb5 for GENSEC.Andrew Bartlett1-0/+351
The session key in the client is wrong, we don't do signing/sealing and we are sending raw Kerberos, not GSSAPI. But it's a start, and if we continue to have to call Krb5 directly, this will be the basis. I also intend to provide an alternate implementation, using just GSSAPI. Andrew Bartlett (This used to be commit eb0dd4a821dc3dbe370aea9a9c9fb05cf2592e4d)