1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

71 Commits

Author SHA1 Message Date
Swen Schillig
3df7789e4b libads: Add kerberos tracing
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2018-12-19 21:49:29 +01:00
Volker Lendecke
a167014554 krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-11-28 17:44:15 +01:00
Swen Schillig
7f902798a7 s3: Free principal if smb_krb5_principal_get_realm() fails
If smb_krb5_principal_get_realm() fails, procesing is aborted and
resources have to be free'd. In this context free'ing the principal
was missing.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-11-22 08:22:18 +01:00
Andreas Schneider
9eccf6a16f s3:libads: Free addr before we free the context
Introduced by dbdbd4875e

CID 1438395

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 14 22:02:06 CEST 2018 on sn-devel-144
2018-08-14 22:02:06 +02:00
Andreas Schneider
dbdbd4875e s3:libads: Fix memory leaks in ads_krb5_chg_password()
Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567

Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-08-11 01:49:16 +02:00
Andreas Schneider
b81ca4f9dc s3:libads: Fix changing passwords with Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12956

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-08-11 18:21:22 +02:00
Andreas Schneider
2de4aea728 s3-libads: Do not use deprecated krb5_change_password()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep  1 00:43:51 CEST 2016 on sn-devel-144
2016-09-01 00:43:51 +02:00
Andreas Schneider
e01587c948 s3-libads: Do not use deprecated krb5_get_init_creds_opt_init()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:18 +02:00
Andreas Schneider
e8632e2af5 krb5_wrap: Rename kerberos_free_data_contents()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:13 +02:00
Andreas Schneider
e6f88c1451 libads: Fix picky const warning with krb5_set_password_using_ccache
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 23 18:20:31 CET 2015 on sn-devel-104
2015-11-23 18:20:31 +01:00
Günther Deschner
aaf2cae36b s3-kpasswd: Fix build warning.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Sep  1 18:15:15 CEST 2014 on sn-devel-104
2014-09-01 18:15:15 +02:00
Günther Deschner
9e42b01865 s3-kpasswd: send a netbios krb5 address to avoid invalid net address errors from
heimdal.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Simo Sorce
1d779bdbb2 Remove custom password change code in libads
Use standard libkrb5 calls instead.

Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Simo Sorce
6bdde64354 Remove duplicate definitions
Thee are already defined both in Heimdal and MIT public headers

Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
d9167c3044 s3-libads/krb5_setpw: free realm from smb_krb5_principal_get_realm().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-08 16:37:36 +02:00
Günther Deschner
3aa9d3005a s3-build: only include asn1 headers where actually needed.
Guenther
2011-03-16 23:46:18 +01:00
Andrew Bartlett
0bad0e3ff2 s3-libads Remove MIT-specific krb5_princ_realm macro calls.
When compiled against heimdal, we need to use a more elegant API.

Andrew Bartlett
2011-02-18 17:00:34 +11:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h.
Guenther
2010-08-05 00:32:02 +02:00
Günther Deschner
04f8c229de s3-kerberos: only use krb5 headers where required.
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
2009-11-27 16:36:00 +01:00
Volker Lendecke
19b783cce9 Async wrapper for open_socket_out_send/recv 2009-01-04 16:42:40 +01:00
Volker Lendecke
fafb9ecc61 open_socket_out is always used with SOCK_STREAM, remove argument "type" 2009-01-03 19:22:06 +01:00
Jeremy Allison
94df767f21 More asprintf warning fixes.
Jeremy.
2008-12-23 11:45:26 -08:00
Günther Deschner
c0cf457c85 s3-asn1: make all of s3 asn1 code do a proper asn1_init() first.
Guenther
2008-10-22 21:37:36 +02:00
Günther Deschner
e9e1246021 kerberos: fix some heimdal build warnings.
Guenther
2008-10-15 21:43:50 +02:00
Marc VanHeyningen
e06aa46b9f Coverity fixes
(This used to be commit 3fc85d2259)
2008-03-17 20:52:25 +01:00
Jeremy Allison
32dd016353 Fix the setup_kaddr() call to cope with IPv6.
This is the last obvious change I can see. At
this point we can start claiming IPv6 support
(Hurrah !:-).
Jeremy.
(This used to be commit bda8c0bf57)
2007-10-29 15:03:36 -07:00
Jeremy Allison
f88b7a076b This is a large patch (sorry). Migrate from struct in_addr
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
2007-10-24 14:16:54 -07:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687e)
2007-10-10 12:22:01 -05:00
Volker Lendecke
f852fdbe06 r17626: Some C++ Warnings
(This used to be commit 09e7c010f0)
2007-10-10 11:38:44 -05:00
Günther Deschner
e030a9e9dc r16268: Add TCP fallback for our implementation of the CHANGEPW kpasswd calls.
This patch is mainly based on the work of Todd Stecher
<tstecher@isilon.com> and has been reviewed by Jeremy.

I sucessfully tested and valgrinded it with MIT 1.4.3, 1.3.5, Heimdal
0.7.2 and 0.6.1rc3.

Guenther
(This used to be commit 535d03cbe8)
2007-10-10 11:17:29 -05:00
Volker Lendecke
edcffcbe28 r16201: Fix Klocwork 439
(This used to be commit b369d0891a)
2007-10-10 11:17:24 -05:00
Jeremy Allison
b68b05854f r15210: Add wrapper functions smb_krb5_parse_name, smb_krb5_unparse_name,
smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
(This used to be commit 37ab42afbc)
2007-10-10 11:16:28 -05:00
Günther Deschner
485a286a65 r14585: Tighten argument list of kerberos_kinit_password again,
kerberos_kinit_password_ext provides access to more options.

Guenther
(This used to be commit afc519530f)
2007-10-10 11:15:38 -05:00
Jeremy Allison
5f224c2c26 r14170: Paranioa fix for sesssetup.
Fix Coverity bug #26. Guard against NULL ref.
Jeremy.
(This used to be commit c0f906ac8d)
2007-10-10 11:15:15 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Volker Lendecke
f99b429446 r11551: Add a few more initialize_krb5_error_table
(This used to be commit d92c83aa42)
2007-10-10 11:05:20 -05:00
Jeremy Allison
8d7c886671 r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4
x86_64 box.
Jeremy.
(This used to be commit d720867a78)
2007-10-10 11:05:02 -05:00
James Peach
8c072021ef r9780: Clean up a bunch of compiler warnings.
(This used to be commit 623d2e6931)
2007-10-10 11:03:26 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Günther Deschner
a13b603b79 r3711: Fix KRB5_SETPW-defines, no change in behaviour.
A value of '2' is due to an expired internet draft, while 0xff80 comes
from RFC3244. See Bugzilla #1661 for details.

Thanks to Luke Mewburn <lukem@NetBSD.org> for his research.

Guenther
(This used to be commit 3906c1623f)
2007-10-10 10:53:16 -05:00
Günther Deschner
428ca3998b r3436: Fix build with recent heimdal-versions (0.6.3) as pointed out by Luke
Mewburn <lukem@NetBSD.org> and close Bugzilla #1661.

Leaving the old define for KRB5_KPASSWD_VERS_SETPW (added by Antti
Andreimann) as fallback when the library does not provide one.

Guenther
(This used to be commit 00598877df)
2007-10-10 10:53:06 -05:00
Jeremy Allison
0772ddbae1 r3377: Merge in first part of modified patch from Nalin Dahyabhai <nalin@redhat.com>
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.
(This used to be commit 7565019286)
2007-10-10 10:53:05 -05:00
Jeremy Allison
6106de34e5 r1247: Final fix to make this compile on Heimdal.
Jeremy.
(This used to be commit b462b8fa2f)
2007-10-10 10:52:02 -05:00
Jeremy Allison
1f7dbded04 r1223: Fix valgrind error with realm manipulation.... Damn macros :-(.
Jeremy.
(This used to be commit 5a1d8c3c9b)
2007-10-10 10:52:01 -05:00
Jeremy Allison
7825677b86 r1222: Valgrind memory leak fixes. Still tracking down a strange one...
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
(This used to be commit ad440213aa)
2007-10-10 10:52:00 -05:00
Gerald Carter
63378d6f0e r541: fixing segfault in winbindd caused -r527 -- looks like a bug in heimdal; also initialize some pointers
(This used to be commit be74e88d9a)
2007-10-10 10:51:28 -05:00
Jim McDonough
9a8e30d04b Fix bugzilla # 1208
Winbind tickets expired.  We now check the expiration time, and acquire
new tickets.  We couln't rely on renewing them, because if we didn't get
a request before they expired, we wouldn't have renewed them.  Also, there
is a one-week limit in MS on renewal life, so new tickets would have been
needed after a week anyway.   Default is 10 hours, so we should only be
acquiring them that often, unless the configuration on the DC is changed (and
the minimum is 1 hour).
(This used to be commit c2436c433a)
2004-03-24 17:32:55 +00:00