IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Heimdal and MIT Kerberos have different API to copy credentials from a
ccache. Wrap it via lib/krb5_wrap/.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul 25 21:27:58 CEST 2016 on sn-devel-144
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144
MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Just a small typo fix where type and variable were flipped.
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 25 22:43:27 CEST 2016 on sn-devel-144
This fixes an regression introduced in 5c5d586d3ebd40 at a higher level
in the caller smb_krb5_kt_add_entry(): calling smb_krb5_kt_add_entry
with keep_old_entries=false resulted in only one enctype per principal
remaining in the exported keytab.
The function smb_krb5_kt_seek_and_delete_old_entries() is called from
smb_krb5_kt_add_entry() when adding keys to a keytab. When the keytab
contains keys with the same kvno as the key to be added and
keep_old_entries is false, the key is deleted without checking the
encryption type of the key. This means that when adding keys for a
principal only the last enctype will be in the exported keytab.
Fix this by checking the encryption type and only treat a key as "old"
if keytab_key_kvno <= new_key_kvno and keytab_key_enctype ==
new_key_enctype.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Unused in this commit, the next commit will use it to avoid deleting
keys with the same kvno but a different enctype.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We request a TGT in uppercase from the KDC. We turned on
canonicalization for that so the KDC returns the principal in lowercase
cause of this. As we use the uppercase prinicpal to create the ccache we
fail to find the tickets we need later because it is stored in the
incorrect case. You have to use the princial returned by the KDC here.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a preparation to move smb_krb5_kt_add_entry() to krb5_wrap.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar 7 17:57:39 CET 2016 on sn-devel-144
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
We request a TGT in uppercase from the KDC. We turned on
canonicalization for that so the KDC returns the principal in lowercase
cause of this. As we use the uppercase prinicpal to create the ccache we
fail to find the tickets we need later because it is stored in the
incorrect case. You have to use the princial returned by the KDC here.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Use standard libkrb5 calls instead.
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 8 08:30:50 CEST 2014 on sn-devel-104
This reuses krb5_data_copy() if available, choosed not to call it
krb5_data_copy as that is easily mixed up with krb5_copy_data (which allocs the
krb5_data pointer). Thanks Simo for proposing the better name.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This function can take either a calculated salt or a principal and calculate the
salt on its own.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96
should have a higher priority than arcfour-hmac-md5,
otherwise the KDC still gives us arcfour-hmac-md5 session keys.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
