1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

16 Commits

Author SHA1 Message Date
Andreas Schneider
ab0cbf9bba auth: Fix picky const warnings in gssapi_pac
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-11-23 15:17:18 +01:00
Stefan Metzmacher
21ed0efac0 auth/kerberos: avoid compiler warnings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-20 20:43:12 +01:00
Andrew Bartlett
0f21fe7666 auth/kerberos: Do not do pointer arithmatic on a void *
Found with -Werror=pointer-arith

Andrew Bartlett
2012-07-30 14:25:09 +10:00
Alexander Bokovoy
238d24af4e auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
gss_get_name_attribute() can return unintialized pac_display_buffer
and later gss_release_buffer() will crash on attempting to release it.

The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087

We need to initialize variables before using gss_get_name_attribute()

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Jun  6 18:22:51 CEST 2012 on sn-devel-104
2012-06-06 18:22:51 +02:00
Alexander Bokovoy
594e316181 lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into lib/replace/system/gssapi.h
With waf build include directories are defined by dependencies specified to subsystems.
Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds
when there are no system-wide gssapi/gssapi.h available.

Split out GSSAPI header includes in a separate replacement header and use that explicitly
where needed.

Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
2012-04-25 00:18:32 +02:00
Simo Sorce
08c733d75f Make krb5 wrapper library common so they can be used all over 2012-04-23 19:20:38 -04:00
Simo Sorce
70c303a7f3 auth-krb: Move pac related util functions in a single place.
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12 12:06:43 +02:00
Simo Sorce
3fd6deda7d auth-krb: Make functions static.
The remaining gssapi_parse functions were used exclusively in
gensec_krb5.  Move them there and make them static.

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12 12:06:43 +02:00
Simo Sorce
d857e393ac auth-krb: Use simpler method to extract keytype.
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-12 12:06:42 +02:00
Andrew Bartlett
9a11f2ea09 auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key type
The key type OID is optional, but we require that information to determine if
we should use NEW_SPNEGO.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Mar  8 11:53:57 CET 2012 on sn-devel-104
2012-03-08 11:53:57 +01:00
Andrew Bartlett
5b372d7015 auth/kerberos: Ensure we do not print invalid memory in failure case
This codeblock may not have any set->elements, so we should not print them.  Copy&paste in the original code.

Andrew Bartlett
2012-03-08 10:14:05 +01:00
Andrew Bartlett
674278d5b0 auth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi
Thie ensures that both code bases use the same logic to determine the use
of NEW_SPNEGO.

Andrew Bartlett
2012-02-17 17:36:38 +11:00
Stefan Metzmacher
9ba10877aa auth/kerberos/gssapi_pac: fix compiler warnings
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 15 19:06:24 CEST 2011 on sn-devel-104
2011-06-15 19:06:24 +02:00
Gordon Ross
ac25835ab7 Fix Samba3 on OpenIndiana.
I'd like Samba to use the native OpenLDAP and MIT Kerberos libs.
Attached are some patches to do that. (relative to git master)
It does not build for me without these.

(OpenIndiana is an off-shoot of OpenSolaris  See http://www.openindiana.org)

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat May  7 02:20:14 CEST 2011 on sn-devel-104
2011-05-07 02:20:14 +02:00
Andrew Bartlett
47e2870228 auth/kerberos Add check for gss_inquire_sec_context_by_oid
Not all kerberos distributions have this function.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 07:39:08 CEST 2011 on sn-devel-104
2011-04-27 07:39:08 +02:00
Andrew Bartlett
6ec4306f8c auth/kerberos: Create common helper to get the verified PAC from GSSAPI
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.

We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.

Andrew Bartlett
2011-04-27 11:56:48 +10:00