sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code
14,207 Commits 60 Branches 1,146 Tags
Commit Graph

38 Commits

Author SHA1 Message Date
Jeremy Allison
3f9e3b6070 W00t! Client smb signing is now working correctly with krb5 and w2k server. 
Server code *should* also work (I'll check shortly). May be the odd memory
leak. Problem was we (a) weren't setting signing on in the client krb5 sessionsetup
code (b) we need to ask for a subkey... (c). The client and server need to
ask for local and remote subkeys respectively.
Thanks to Paul Nelson @ Thursby for some sage advice on this :-).
Jeremy.
 -
Jeremy Allison
dd46f8b22d Add krb5_princ_component to Heimdal. Remove cli_ from mark packet signed. 
Jeremy.
 -
Andrew Tridgell
0820840423 use ZERO_STRUCT() instead of memset -
Jim McDonough
10f1da3f4a More on bug 137: rename more of krb5_xxx functions to not start with krb5_ -
Andrew Bartlett
3f9616a68a Merge from HEAD - sync up SessionSetup code to HEAD, including Luke Howard's 
session key and auth verifier patches.

Andrew Bartlett
 -
Jim McDonough
e0c1f9ef61 Fix IRIX build...void fn can't return another void fn -
Jim McDonough
77e1178a88 Sync with HEAD for verifying kerberos tickets. -
Jim McDonough
c7934f5cb5 Sync w/HEAD - add DES_CBC_CRC encryption type -
Jeremy Allison
90336900ad Revert tpot's breakage of the Heimdal fixes. 
Jeremy.
 -
Tim Potter
6f89ee2c9d Sync of Heimdal kerberos stuff with HEAD. If this breaks I'm blaming 
the dog again.
 -
Jeremy Allison
1b71786c16 Finally we compile with Heimdal as well as MIT ! Wonder if it works... :-). 
Jeremy.
 -
Jeremy Allison
85dda43476 Get smbd to link with Heimdal. Still missing some client progs... 
Jeremy.
 -
Jeremy Allison
04cc149c75 Thanks Meeester Potter, for reverting *all* my Heimdal changes because 
I mistyped a comma :-).
Jeremy.
 -
Tim Potter
51b319f57f Merge of kerberos changes to make this branch build again! -
Jeremy Allison
e8c4098da6 Get closer to Heimdal compile... Damn. HEAD has different code in 
kerberos_verify...
Jeremy.
 -
Jeremy Allison
0c98f779f0 Fixup proto generation to not include krb5 specific symbols 
if no kerberos selected. Noticed by Metze.
Jeremy.
 -
Jeremy Allison
a7ee6ed645 More fixes getting us closer to full Heimdal compile.... 
Jeremy.
 -
Jim McDonough
9f1f3cb8bb should be HAVE_KRB5_SET_REAL_TIME (HAVE_ was missing)...fix the build -
Jeremy Allison
92ecd0bf0f Merge in more of the SuSE patches for Heimdal. These changes show how 
to add a function without an explicit #ifdef HEIMDAL which I'm trying
to avoid.
Jeremy.
 -
Andrew Bartlett
8129529c4f Merge from HEAD - vl's fix to my const patch. Also update the 'not have_krb5' 
case.

Andrew Bartlett
 -
Andrew Bartlett
3a7458f947 Merge from HEAD - make Samba compile with -Wwrite-strings without additional 
warnings.  (Adds a lot of const).

Andrew Bartlett
 -
Gerald Carter
36bcb312e9 fix segfault -
Gerald Carter
65e7b5273b sync'ing up for 3.0alpha20 release -
Tim Potter
6a58c9bd06 Removed version number from file header. 
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
 -
Andrew Tridgell
adf44a9bd0 added trusted realm support to ADS authentication 
the method used for checking if a domain is a trusted domain is very
crude, we should really call a backend fn of some sort. For now I'm
using winbindd to do the dirty work.
 -
Andrew Tridgell
23ef22f117 fixed some krb5 ifdefs -
Andrew Tridgell
058a5aee90 added "net join" command 
this completes the first stage of the smbd ADS support
 -
Jeremy Allison
b668d7d656 Ok, I know it's a language thing and it shouldn't matter.... but a kerberos 
name is a "principal", not a principle. English majors will complain :-).
Jeremy.
 -
Andrew Bartlett
44bdb8b12b Fix for compilation on non-krb5 systems -
Andrew Tridgell
d1341d74b7 made smbclient cope better with arbitrary principle forms -
Andrew Tridgell
fd3a3daef3 better krb5 error handling (thanks andrewb!) -
Andrew Tridgell
353c290f05 the beginnings of kerberos support in smbd. It doesn't work yet, but 
it should give something for others to hack on and possibly find what
I'm doing wrong.
 -
Andrew Tridgell
888183a17c fix heimdal compilation -
Andrew Tridgell
076aa97bee added NTLMSSP authentication to libsmb. It seems to work well so I have enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM -
Andrew Tridgell
8b692d8326 improve the error handling in the ASN1 code a bit -
Andrew Tridgell
395cfeea94 added a ASN.1 parser, so now I can properly parse the negTokenInit 
packet which means I can extract the service and realm, so we should
now work with realms other than the local realm.

it also means we now check the list of OIDs given by the server just
in case it says that it doesn't support kerberos. In that case we
should fall back to NTLMSSP but that isn't written yet.
 -
Andrew Tridgell
919734c1a6 fixed some memory leaks, started adding asn1 decoder for server side -
Andrew Tridgell
d330575856 initial kerberos/ADS/SPNEGO support in libsmb and smbclient. To 
activate you need to:

- install krb5 libraries
- run configure
- build smbclient
- run kinit to get a TGT
- run smbclient with the -k option to choose kerberos auth
 -