sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-03 13:47:25 +03:00
Code
104,663 Commits 60 Branches 1,146 Tags
Commit Graph

95 Commits

Author SHA1 Message Date
Andreas Schneider
c0e8616669 krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:16 +02:00
Andreas Schneider
d62172b48e krb5_wrap: Document smb_krb5_keyblock_init_contents() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
96d7c45434 krb5_wrap: Document smb_krb5_kt_get_name() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
6ddeb4aa42 krb5_wrap: Rename smb_krb5_keytab_name() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
1dba7d2956 krb5_wrap: Document smb_krb5_kt_open() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
aa1cca9f27 krb5_wrap: Rename smb_krb5_open_keytab() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
5e934aad48 krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
28a03a72a6 krb5_wrap: Document smb_krb5_kt_open_relative() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
81da37eb90 krb5_wrap: Rename smb_krb5_open_keytab_relative() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
8abd9b5f07 krb5_wrap: Document smb_krb5_enctype_to_string() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
6d063dffb5 krb5_wrap: Document smb_krb5_kt_free_entry() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
eefed8a629 krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
d1de425385 krb5_wrap: Rename smb_get_enctype_from_kt_entry() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:15 +02:00
Andreas Schneider
bff77afd32 krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free() 
Call the Kerberos function directly.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
4fae92dcad krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc() 
Call the Kerberos function directly.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
167c1ce331 krb5_wrap: Remove unused handle_krberror_packet() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
a3852bc0b9 krb5_wrap: Remove unneded smb_krb5_free_error() 
krb5_free_error() is availalbe in MIT and Heimdal. Both implementations
free the contents and the pointer. krb5_free_data_contents() is Heimdal
only. Which function you need to call depends.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
c5fa646b53 krb5_wrap: Document smb_krb5_gen_netbios_krb5_address() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
904e233726 krb5_wrap: Document smb_krb5_free_addresses() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
7aac5434ee krb5_wrap: Document smb_krb5_renew_ticket() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
e27c5288b3 krb5_wrap: Remove redundant comment 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
884972fee3 krb5_wrap: Move krb5_princ_component() to the top 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
1877950250 krb5_wrap: Rename get_krb5_smb_session_key() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
be21e7f203 krb5_wrap: Move krb5_free_unparsed_name() to the top 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
7fe150cbb2 krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
ec1e8d0ec9 krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
97249b7cd0 krb5_wrap: Rename cli_krb5_get_ticket() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:14 +02:00
Andreas Schneider
6cde974c13 krb5_wrap: Improve return value checks and debug messsages 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
86708aab1a krb5_wrap: Fix formatting issues in ads_krb5_mk_req() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
0afc7d98d8 krb5_wrap: Use consistent naming for create_gss_checksum() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
75f748f14e krb5_wrap: Use consistent naming for setup_auth_context() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
83dbaea978 krb5_wrap: Move all ads function to the end 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
dd05113ed1 krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
41172e2755 krb5_wrap: Rename krb5_copy_data_contents() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
e8632e2af5 krb5_wrap: Rename kerberos_free_data_contents() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
2622e16d76 krb5_wrap: Rename get_kerberos_allowed_etypes() 
Use consistent naming.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Andreas Schneider
81917a1162 krb5_wrap: Rename setup_kaddr() 
Use a better and consistent name and switch the arguments to reflect the
name.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-08-31 20:59:13 +02:00
Alexander Bokovoy
f5e749414f Wrap krb5_cc_copy_creds and krb5_cc_copy_cache 
Heimdal and MIT Kerberos have different API to copy credentials from a
ccache. Wrap it via lib/krb5_wrap/.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul 25 21:27:58 CEST 2016 on sn-devel-144
 2016-07-25 21:27:57 +02:00
Jose A. Rivera
becc43b87d krb5_wrap: Fix build error when not using heimdal. 
Just a small typo fix where type and variable were flipped.

Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 25 22:43:27 CEST 2016 on sn-devel-144
 2016-06-25 22:43:27 +02:00
Andreas Schneider
8a0b058cee krb5_wrap: Add smb_krb5_mk_error() 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-06-18 23:32:26 +02:00
Günther Deschner
95b8b02062 lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache(). 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-04-28 16:51:16 +02:00
Ralph Boehme
35b2fb4ff3 krb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries() 
This fixes an regression introduced in 5c5d586d3ebd40 at a higher level
in the caller smb_krb5_kt_add_entry(): calling smb_krb5_kt_add_entry
with keep_old_entries=false resulted in only one enctype per principal
remaining in the exported keytab.

The function smb_krb5_kt_seek_and_delete_old_entries() is called from
smb_krb5_kt_add_entry() when adding keys to a keytab. When the keytab
contains keys with the same kvno as the key to be added and
keep_old_entries is false, the key is deleted without checking the
encryption type of the key. This means that when adding keys for a
principal only the last enctype will be in the exported keytab.

Fix this by checking the encryption type and only treat a key as "old"
if keytab_key_kvno <= new_key_kvno and keytab_key_enctype ==
new_key_enctype.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-04-25 10:35:14 +02:00
Ralph Boehme
b26ae7fbf6 krb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries() 
Unused in this commit, the next commit will use it to avoid deleting
keys with the same kvno but a different enctype.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-04-25 10:35:14 +02:00
Volker Lendecke
a243a9012f lib: Fix CID 1356315 Dereference before null check 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-18 00:29:14 +01:00
Andreas Schneider
2467032a3e krb5-wrap: Use the principal returned by the KDC to create the ccache 
We request a TGT in uppercase from the KDC. We turned on
canonicalization for that so the KDC returns the principal in lowercase
cause of this. As we use the uppercase prinicpal to create the ccache we
fail to find the tickets we need later because it is stored in the
incorrect case. You have to use the princial returned by the KDC here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2016-03-17 04:32:27 +01:00
Andreas Schneider
c2f5c30bea krb5_wrap: Add smb_krb5_open_keytab_relative() function 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-03-10 06:52:25 +01:00
Andreas Schneider
4e367288a5 krb5_wrap: Move smb_krb5_kt_add_entry() to krb5_wrap 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-03-10 06:52:25 +01:00
Andreas Schneider
b73235fb54 krb5_wrap: Do not use deprecated KRB5 functions 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar  7 17:57:39 CET 2016 on sn-devel-144
 2016-03-07 17:57:39 +01:00
Andreas Schneider
e9e306b1d5 krb5_wrap: Fix picky const compiler warnings 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-11-23 15:17:18 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors 
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
 2015-11-06 13:43:45 +01:00