sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-12-02 00:23:50 +03:00
Code Activity
24,233 Commits 64 Branches 1,179 Tags
481cc9ab6a6608e13710c93783ea4e62363e78be
Commit Graph

33 Commits

Author SHA1 Message Date
Jeremy Allison
f35a266b3c RIP BOOL. Convert BOOL -> bool. I found a few interesting 
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
 2007-10-18 17:40:25 -07:00
Andrew Tridgell
b0132e94fc r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text 2007-10-10 12:28:22 -05:00
Jeremy Allison
407e6e695b r23779: Change from v2 or later to v3 or later. 
Jeremy.
 2007-10-10 12:28:20 -05:00
Günther Deschner
accb40446a r23651: Always, always, always compile before commit... 
Guenther
 2007-10-10 12:23:41 -05:00
Günther Deschner
b9d7a2962a r23650: Fix remaining callers of krb5_kt_default(). 
Guenther
 2007-10-10 12:23:41 -05:00
Günther Deschner
19020d19dc r23649: Fix the build (by moving smb_krb5_open_keytab() to clikrb5.c). 
Guenther
 2007-10-10 12:23:41 -05:00
Günther Deschner
a2befee3f2 r23648: Allow to list a custom krb5 keytab file with: 
net ads keytab list /path/to/krb5.keytab

Guenther
 2007-10-10 12:23:41 -05:00
Günther Deschner
7ca002f4cc r23646: Generalize our internal keytab handling to support a broader range of default 
keytabnames (like "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab"). This also
fixes keytab support with Heimdal (which supports the WRFILE pragma as well
now).

Guenther
 2007-10-10 12:23:40 -05:00
Günther Deschner
9ec76c5427 r22479: Add "net ads keytab list". 
Guenther
 2007-10-10 12:19:37 -05:00
Jeremy Allison
d432d81c83 r21863: Fix debug messages with incorrect function name. 
Jeremy.
 2007-10-10 12:18:39 -05:00
Günther Deschner
76ba11d777 r21561: It makes absolutely no sense to call krb5_kt_resolve() two times 
directly after another.

Guenther
 2007-10-10 12:18:13 -05:00
Gerald Carter
d4a5dc3ad5 r20486: Always upper case the "host/<sAMAccoutnName>" entry in the keytab file 
so apps will know which one to look for,
 2007-10-10 12:16:52 -05:00
Gerald Carter
6261dd3c67 r16952: New derive DES salt code and Krb5 keytab generation 
Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
  keys
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
 2007-10-10 11:19:15 -05:00
Jeremy Allison
37ab42afbc r15210: Add wrapper functions smb_krb5_parse_name, smb_krb5_unparse_name, 
smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
 2007-10-10 11:16:28 -05:00
Jeremy Allison
c687e73f24 r5759: Patch from Doug VanLeuven <roamdad@sonic.net> to add more case/realm/name 
permutations to the kerberos keytab.
Jeremy.
 2007-10-10 10:55:59 -05:00
Jeremy Allison
620f2e608f r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation 
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
 2007-10-10 10:53:32 -05:00
Jeremy Allison
82651c1b17 r3502: Tidy up debugging in kerberos_keytab code. 
Jeremy.
 2007-10-10 10:53:08 -05:00
Jeremy Allison
b356a8fdc5 r3492: Fixes from testing kerberos salted principal fix. 
Jeremy.
 2007-10-10 10:53:07 -05:00
Jeremy Allison
82acf83040 r3381: More merging of the #1717 patch. Fixup some erroneous assumptions about 
memcpy's into fqdn names. I think the original intent was to create
MYNAME.fqdn.tail.part.
Will need testing to see I haven't broken keytab support.
Jeremy.
 2007-10-10 10:53:05 -05:00
Jeremy Allison
30b8807cf6 r3379: More merging of kerberos keytab and salting fixes from Nalin Dahyabhai <nalin@redhat.com> 
(bugid #1717).
Jeremy.
 2007-10-10 10:53:05 -05:00
Jeremy Allison
4bdf914cba r1373: Fix from Guenther Deschner <gd@sernet.de> to ensure last error return is not invalid. 
Jeremy.
 2007-10-10 10:52:08 -05:00
Jeremy Allison
940f893d48 r1243: Fix so this compiles with Heimdal (in Heimdal krb5_kt_cursor is a struct not a pointer). 
Jeremy.
 2007-10-10 10:52:02 -05:00
Jeremy Allison
dd07278b89 r1236: Heimdal fixes from Guenther Deschner <gd@sernet.de>, more to come before 
it compiles with Heimdal.
Jeremy.
 2007-10-10 10:52:01 -05:00
Jeremy Allison
ad440213aa r1222: Valgrind memory leak fixes. Still tracking down a strange one... 
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
 2007-10-10 10:52:00 -05:00
Jeremy Allison
286f4c809c r1221: Added the last of the system keytab patch from "Dan Perry" <dperry@pppl.gov>, 
fixed valgrind detected mem corruption in libads/kerberos_keytab.c.
Jeremy.
 2007-10-10 10:52:00 -05:00
Jeremy Allison
f0f2e28958 r1215: Intermediate checkin of the new keytab code. I need to make sure I 
haven't broken krb5 ticket verification in the mainline code path,
also need to check with valgrind. Everything now compiles (MIT, need
to also check Heimdal) and the "net keytab" utility code will follow.
Jeremy.
 2007-10-10 10:52:00 -05:00
Jeremy Allison
be8a2dc00d r1214: Now compiles. Changed krb5_kt_free_entry to krb5_free_keytab_entry_contents 
Jeremy.
 2007-10-10 10:52:00 -05:00
Jeremy Allison
af5a08f5ad r1193: Ensure we check for and use krb5_free_unparsed_name(). 
Jeremy.
 2007-10-10 10:51:59 -05:00
Jeremy Allison
0d982956f6 r1192: Fixed all memleaks/error code return path leaks I can find. Not sure if compiles yet, 
but will soon :-).
Jeremy.
 2007-10-10 10:51:59 -05:00
Jeremy Allison
57c037c6c9 r1184: Keep latest changes... not compilable yet. 
Jeremy.
 2007-10-10 10:51:59 -05:00
Jeremy Allison
786a440c18 r1183: Updates to the code cleanup so I don't lose my changes... 
Jeremy.
 2007-10-10 10:51:58 -05:00
Jeremy Allison
03f8c8bc07 r1182: Partial re-write of keytab code to clean up, remove memory leaks etc. Work in progress ! 
It seems the krb5 interfaces are so horrible it's impossible to write good error checking
code :-(.
Jeremy.
 2007-10-10 10:51:58 -05:00
Jeremy Allison
858e849af6 r1180: New file - basis of new system keytab code. 
Jeremy.
 2007-10-10 10:51:58 -05:00