Andrew Bartlett
f28f5db15a
libcli/auth Move PAC parsing and verification in common.
...
This uses the source3 PAC code (originally from Samba4) with some
small changes to restore functionality needed by the torture tests,
and to have a common API.
Andrew Bartlett
2011-04-20 04:31:07 +02:00
Simo Sorce
26e24928b3
s3-krb: Reformat and add doxygen comment to decode_pac_data()
...
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:26:37 +02:00
Günther Deschner
e7a6a3ec0d
s3: avoid global include of ads.h.
...
Guenther
2010-08-05 00:32:02 +02:00
Simo Sorce
26f1218a36
s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys
2010-07-20 20:02:09 -04:00
Günther Deschner
614e010daa
s3: remove authdata.h
...
Guenther
2010-06-03 11:00:27 +02:00
Jelmer Vernooij
b8268cf7b0
s3: Remove use of iconv_convenience.
2010-05-18 11:45:31 +02:00
Andrew Bartlett
454b0b3f20
s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
...
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.
This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-11 22:52:37 +02:00
Volker Lendecke
a7b06f4c0d
s3: Fix a memleak in check_pac_checksum
2010-05-04 12:00:13 +02:00
Günther Deschner
ae20737066
s3-kerberos: do not include authdata headers before including krb5 headers.
...
Guenther
2009-11-27 18:31:13 +01:00
Günther Deschner
04f8c229de
s3-kerberos: only use krb5 headers where required.
...
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
2009-11-27 16:36:00 +01:00
Jeremy Allison
d2a9f4a272
Remove unused variable warning.
...
Jeremy.
2009-11-12 14:09:25 -08:00
Günther Deschner
61f0b24763
s3-kerberos: remove smb_krb5_get_tkt_from_creds().
...
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove
smb_krb5_get_tkt_from_creds() which is not required anymore.
Guenther
2009-11-12 15:50:38 +01:00
Günther Deschner
11687e84e3
s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs.
...
Guenther
2009-11-06 15:01:39 +01:00
Günther Deschner
9e48dc2b78
s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().
...
Guenther
2009-11-06 13:35:20 +01:00
Günther Deschner
5e26622510
s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.
...
Guenther
2009-11-06 12:44:15 +01:00
Günther Deschner
4ffbfc4475
s3-kerberos: add smb_krb5_get_tkt_from_creds().
...
Guenther
2009-11-06 12:43:46 +01:00
Andrew Bartlett
574a6a8c35
s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context
...
Signed-off-by: Günther Deschner <gd@samba.org>
2009-04-07 13:25:36 +02:00
Günther Deschner
4b59ecb903
s3-build: no need to duplicate generated ndr_ prototypes.
...
Guenther
2008-10-20 19:47:00 +02:00
Jelmer Vernooij
cb78d4593b
Cope with changed signature of http_timestring().
2008-10-11 23:57:44 +02:00
Günther Deschner
c48186f507
s3: use samba4 prototype for ndr_push/pull_struct_blob.
...
Guenther
2008-09-23 09:37:23 +02:00
Günther Deschner
7269a504fd
Add my copyright.
...
Guenther
(This used to be commit d078a87571
)
2008-02-27 19:38:48 +01:00
Günther Deschner
3ea40eda94
Some more cleanup in authdata.c.
...
Guenther
(This used to be commit 5483f5fb44
)
2008-02-17 02:11:59 +01:00
Günther Deschner
86843631a2
Align our krb5 PAC decoding routines to the samba4 ones.
...
(while keeping all the trans krb5 lib support)
Guenther
(This used to be commit c06e507737
)
2008-02-17 02:11:59 +01:00
Günther Deschner
a92eb76688
Finally enable pidl generated SAMR & NETLOGON headers and clients.
...
Guenther
(This used to be commit f7100156a7
)
2008-01-17 16:54:46 +01:00
Jeremy Allison
866af9a800
Coverity 512, uninitialized var.
...
Jeremy.
(This used to be commit 1b7cc80c61
)
2008-01-11 23:43:33 -08:00
Volker Lendecke
900288a2b8
Replace sid_string_static by sid_string_dbg in DEBUGs
...
(This used to be commit bb35e794ec
)
2007-12-15 22:09:36 +01:00
Jeremy Allison
30191d1a57
RIP BOOL. Convert BOOL -> bool. I found a few interesting
...
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c
)
2007-10-18 17:40:25 -07:00
Günther Deschner
201f0e1ce4
r24432: Expand kerberos_return_pac() so that it can be used in winbindd.
...
Guenther
(This used to be commit e70bf0ecc3
)
2007-10-10 12:29:46 -05:00
Günther Deschner
3e00e2e9ce
r24424: Fix the build.
...
Guenther
(This used to be commit 029bf26f8a
)
2007-10-10 12:29:45 -05:00
Gerald Carter
cdd140fe27
r24158: SE_GROUP_RESOURCE in the other_sids list apparently means a
...
domain local group.
Fix a typo in the PAC debugging routine
(This used to be commit b0b66b2e7a
)
2007-10-10 12:29:15 -05:00
Günther Deschner
2349acdd43
r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, renew,
...
pac).
Guenther
(This used to be commit 4cada7c148
)
2007-10-10 12:28:51 -05:00
Günther Deschner
f659ffc0ee
r23970: Allow to set the debuglevel at which to dump the PAC logon info.
...
Guenther
(This used to be commit 7d321aad83
)
2007-10-10 12:28:50 -05:00
Günther Deschner
fce64f6833
r23969: Some helper routines to retrieve a PAC and PAC elements.
...
Guenther
(This used to be commit d4c87c792a
)
2007-10-10 12:28:50 -05:00
Andrew Tridgell
5e54558c6d
r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
...
(This used to be commit b0132e94fc
)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80
r23779: Change from v2 or later to v3 or later.
...
Jeremy.
(This used to be commit 407e6e695b
)
2007-10-10 12:28:20 -05:00
Gerald Carter
3272b1dd60
r23251: whoops! Fix compile error
...
(This used to be commit 22a3ea40ac
)
2007-10-10 12:22:59 -05:00
Jeremy Allison
71ee55f98d
r23080: Fix bug #4637 - we hads missed some cases where
...
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6f
)
2007-10-10 12:22:43 -05:00
Jelmer Vernooij
995205fc60
r18188: merge 3.0-libndr branch
...
(This used to be commit 1115745cae
)
2007-10-10 11:43:56 -05:00
Jeremy Allison
a57f37420b
r13588: Second attempt to fix Bug #3330 - treat the string as a
...
uint8 array and copy as such. Gunther please check (sorry
I reverted your earlier fix).
Jeremy.
(This used to be commit 7a17b39c80
)
2007-10-10 11:10:16 -05:00
Jeremy Allison
115996503c
r13585: Sorry Gunther, had to revert this. It's got a buffer
...
overrun. Spoke to Jerry about the correct fix. Will add
this after.
Jeremy.
(This used to be commit 33e13aabd3
)
2007-10-10 11:10:16 -05:00
Günther Deschner
4ea92f3098
r13581: Correctly parse a non-null terminated, little-endian UCS2 string in the
...
PAC_LOGON_NAME structure. This was broken on big-endian machines
(Solaris SPARC and ppc). Fixes Bug #3330 .
Jerry, this should be in 3.0.21c.
Guenther
(This used to be commit 9732490811
)
2007-10-10 11:10:16 -05:00
Günther Deschner
ad93243f23
r11183: add small helper function to return a PAC_LOGON_INFO.
...
Guenther
(This used to be commit a8d5d6b845
)
2007-10-10 11:05:06 -05:00
Günther Deschner
ebf8a84375
r10710: Fix uninitialized variable. (Thanks to Chengjie Liu
...
<chengjie.liu@datadomain.com>)
Guenther
(This used to be commit 241466ee65
)
2007-10-10 11:04:50 -05:00
Volker Lendecke
aa0dff680d
r10671: Attempt to fix the build on machines without kerberos headers.
...
Volker
(This used to be commit cb816e65a9
)
2007-10-10 11:04:49 -05:00
Gerald Carter
54abd2aa66
r10656: BIG merge from trunk. Features not copied over
...
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7
)
2007-10-10 11:04:48 -05:00
Günther Deschner
cc6843fcca
r9163: Rename UNKNOWN_TYPE_10 to PAC_LOGON_NAME (merge from samba4)
...
Guenther
(This used to be commit d14dcba963
)
2007-10-10 11:00:27 -05:00
Jeremy Allison
acf9d61421
r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
...
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f
)
2007-10-10 10:53:32 -05:00
Herb Lewis
aa39cc37da
get rid of more compiler warnings
...
(This used to be commit 398bd14fc6
)
2003-08-15 04:42:05 +00:00
Volker Lendecke
c9aa836204
Fix memleaks.
...
Currently I'm compiling against MIT Kerberos 1.2.8.
Anthony, you said you have a heimdal installation available. Could you
please compile this stuff with krb and check it with valgrind?
Thanks,
Volker
(This used to be commit d8ab446859
)
2003-08-15 01:46:09 +00:00
Jim McDonough
9f2e6167d2
Update my copyrights according to my agreement with IBM
...
(This used to be commit c9b209be2b
)
2003-08-01 15:21:20 +00:00