Stefan Metzmacher
4b295b106c
wscript: remove executable bits for all wscript* files
...
These files should not be executable.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 11 20:21:01 CET 2017 on sn-devel-144
2017-01-11 20:21:01 +01:00
Stefan Metzmacher
3be1203987
krb5_wrap: let smb_krb5_kinit_s4u2_ccache() work if store_creds.client and server have different realms
...
As the principal in the resulting ccache may not match the realm of the
target principal, we need to store the credentials twice.
The caller uses the ccache principal's realm to construct the
search key for the target principal.
If we get administrator@SAMBADOMAIN via the NTLMSSP authentication
and want to do s4u2selfproxy, we'll get ticket for
client realm: SAMBADOMAIN
client name: administrator
server realm: SAMBA.EXAMPLE.COM
server name: cifs/localdc
This is stored in credential cache, but
the caller will use cifs/localdc@SAMBADOMAIN as
target_principal name when it tries to use the
cache.
So also store the ticket as:
client realm: SAMBADOMAIN
client name: administrator
server realm: SAMBADOMAIN
server name: cifs/localdc
Note that it can always happen that the target is not in the clients
realm, so we always deal with changing realm names, so this is not
a s4u2self/proxy specific thing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-10 13:54:17 +01:00
Volker Lendecke
214abc98e6
lib: Use "all_zero" where appropriate
...
... Saves a few bytes of footprint
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-03 16:04:28 +01:00
Stefan Metzmacher
1e52bb9c34
krb5_wrap: fix smb_krb5_cc_copy_creds() for MIT krb5
...
krb5_cc_copy_creds() expects an already initialized output cache.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Dec 24 21:04:23 CET 2016 on sn-devel-144
2016-12-24 21:04:23 +01:00
Andreas Schneider
9157826573
krb5_wrap: Remove incorrect absolute path checks in smb_krb5_kt_open_relative()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-16 01:55:13 +01:00
Andreas Schneider
e0990ccf4e
krb5_wrap: More checks for absolute path in smb_krb5_kt_open()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-16 01:55:13 +01:00
Andreas Schneider
2f36e6d3ec
krb5_wrap: Fix smb_krb5_mk_error() with MIT Kerberos
...
The server principal is required, so if not set create an obscure one.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 02:58:22 +02:00
Andreas Schneider
1cbdfe91fe
Revert "krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()"
...
This reverts commit c0e8616669
2016-09-09 00:32:12 +02:00
Anoop C S
9f2a8af4b0
krb5_wrap: Remove extra parentheses causing compile error
...
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Sep 1 21:02:54 CEST 2016 on sn-devel-144
2016-09-01 21:02:54 +02:00
Andreas Schneider
381ebd4af5
krb5_wrap: Move unwrap_edata_ntstatus() and make it static
...
This also removes the asn1util dependency from krb5_wrap and moves it to
libads which is the only user.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
3a4eaa00b6
krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
e00af44f44
krb5_wrap: Remove unused smb_krb5_parse_name_norealm()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
907c0b92b7
krb5_wrap: Improve smb_krb5_unparse_name() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
591b867146
krb5_wrap: Improve smb_krb5_parse_name() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
757e77b7fa
krb5_wrap: Document smb_krb5_cc_copy_creds()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
0540cfdd4c
krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
3bc9b764e2
krb5_wrap: Improve krb5_warnx() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
a5f1653651
krb5_wrap: Improve smb_krb5_principal_set_type() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
e77c5ac019
krb5_wrap: Improve smb_krb5_principal_get_type() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
1d8c1cac96
krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:17 +02:00
Andreas Schneider
dbcba4c808
krb5_wrap: Document smb_get_krb5_error_message()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
52c0133b50
krb5_wrap: Document smb_krb5_get_principal_from_service_hostname()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
2454374309
krb5_wrap: Rename kerberos_get_principal_from_service_hostname()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
a110ab82de
krb5_wrap: Improve smb_krb5_principal_set_realm() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
8c3b703068
krb5_wrap: Fix documentation of smb_krb5_principal_get_realm()
...
Create a valid doxygen documentation.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
e8c2525e55
krb5_wrap: Document smb_krb5_make_pac_checksum()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
003358e868
krb5_wrap: Document smb_krb5_make_principal()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
aef6cb2b81
krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
2ac297562f
krb5_wrap: Rename kerberos_kinit_s4u2_cc()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
13da688047
krb5_wrap: Document smb_krb5_kinit_password_ccache()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
696cfcb3c0
krb5_wrap: Rename kerberos_kinit_password_cc()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
294df2e52c
krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentation
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
15c5dd700c
krb5_wrap: Rename kerberos_kinit_keyblock_cc()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
c0e8616669
krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:16 +02:00
Andreas Schneider
d62172b48e
krb5_wrap: Document smb_krb5_keyblock_init_contents()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
96d7c45434
krb5_wrap: Document smb_krb5_kt_get_name()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
6ddeb4aa42
krb5_wrap: Rename smb_krb5_keytab_name()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
1dba7d2956
krb5_wrap: Document smb_krb5_kt_open()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
aa1cca9f27
krb5_wrap: Rename smb_krb5_open_keytab()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
5e934aad48
krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
28a03a72a6
krb5_wrap: Document smb_krb5_kt_open_relative()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
81da37eb90
krb5_wrap: Rename smb_krb5_open_keytab_relative()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
8abd9b5f07
krb5_wrap: Document smb_krb5_enctype_to_string()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
6d063dffb5
krb5_wrap: Document smb_krb5_kt_free_entry()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
eefed8a629
krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
d1de425385
krb5_wrap: Rename smb_get_enctype_from_kt_entry()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:15 +02:00
Andreas Schneider
bff77afd32
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free()
...
Call the Kerberos function directly.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:14 +02:00
Andreas Schneider
4fae92dcad
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc()
...
Call the Kerberos function directly.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:14 +02:00
Andreas Schneider
167c1ce331
krb5_wrap: Remove unused handle_krberror_packet()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:14 +02:00
Andreas Schneider
a3852bc0b9
krb5_wrap: Remove unneded smb_krb5_free_error()
...
krb5_free_error() is availalbe in MIT and Heimdal. Both implementations
free the contents and the pointer. krb5_free_data_contents() is Heimdal
only. Which function you need to call depends.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-31 20:59:14 +02:00
