IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This was seen in the wild, with a Huawei Unified Storage System S5500 V3 against the AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11425
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 5 09:43:40 CEST 2015 on sn-devel-104
This was seen in the wild, with a Huawei Unified Storage System S5500 V3 against the AD DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11425
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This fixes authentication with local credentials against its own server
using netbios domain name.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
We should always pass down the saltPrincipal to smb_krb5_update_keytab()
function.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fixes this:
../source4/auth/gensec/gensec_gssapi.c:1017:3: error: format ‘%ju’ expects argument of type ‘uintmax_t’, but argument 3 has type ‘size_t’ [-Werror=format=]
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This way are able to support GENSEC_FEATURE_SIGN_PKT_HEADER also together with
GENSEC_FEATURE_SEAL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 24 04:00:43 CEST 2015 on sn-devel-104
This way are able to support GENSEC_FEATURE_SIGN_PKT_HEADER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There's not a high chance that this module worked at all.
Requesting SASL_SSF in order to get the max input length
is completely broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This way the result matches what gss_wrap_iov_length() would return.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This avoids calls to gensec_gssapi_sig_size() as fallback in
gensec_max_input_size().
gensec_gssapi_sig_size() needs to report the sig size
gensec_{sign,seal}_packet(), which could be different to the
overhead produced by gensec_wrap().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When requesting initiator credentials fails, we need to map the error code
KRB5KRB_AP_ERR_BAD_INTEGRITY to NT_STATUS_LOGON_FAILURE as well. This is what
current MIT kerberos returns.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
With MIT Kerberos it is possible that the GSS_C_DELEG_FLAG is set, but
the delegated_cred_handle is NULL which results in a NULL-pointer
dereference. This way we fix it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The 'nt_status' variable is set to NT_STATUS_OK before.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11164
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This ensures that in the all-Samba PAC creation code, we do not escape a space character if present
in the logon name. This matches what we do in the Heimdal code in the KDC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Feb 25 16:32:29 CET 2015 on sn-devel-104
The smb_krb5_send_and_recv_func_forced and smb_krb5_send_and_recv_func
functions could leak an event context including an epoll FD and some
memory. This may explain a flapping test in krb5.kdc
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This helps us keep things safe in LDB where we put this in a opaque pointer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10993
Andrew Bartlett
Change-Id: I46fe53ba655ca0810c276b72fbca524884cdf22d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows the winbind.pac.krb5 test to pass against the s3member environment, which uses the password from secrets.tdb.
Andrew Bartlett
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Found at MS interop event while working on AES kerberos key support.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Sep 26 23:37:09 CEST 2014 on sn-devel-104
Change-Id: I2807cf2af9e4c3282e6ff54a6dd8e90f34e9481f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
This new helper function will also be used by pdb_samba_dsdb.
Change-Id: I008af94a0822012c211cfcc6108a8b1285f4d7c7
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Found with valgrind.
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Aug 8 19:01:56 CEST 2014 on sn-devel-104
Change-Id: Iaa168d520f124e0c43c7edd649318f0b8ee25020
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Tue Jul 8 16:51:09 CEST 2014 on sn-devel-104
