1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

52 Commits

Author SHA1 Message Date
Andrew Bartlett
f28f5db15a libcli/auth Move PAC parsing and verification in common.
This uses the source3 PAC code (originally from Samba4) with some
small changes to restore functionality needed by the torture tests,
and to have a common API.

Andrew Bartlett
2011-04-20 04:31:07 +02:00
Simo Sorce
26e24928b3 s3-krb: Reformat and add doxygen comment to decode_pac_data()
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30 14:26:37 +02:00
Günther Deschner
e7a6a3ec0d s3: avoid global include of ads.h.
Guenther
2010-08-05 00:32:02 +02:00
Simo Sorce
26f1218a36 s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys 2010-07-20 20:02:09 -04:00
Günther Deschner
614e010daa s3: remove authdata.h
Guenther
2010-06-03 11:00:27 +02:00
Jelmer Vernooij
b8268cf7b0 s3: Remove use of iconv_convenience. 2010-05-18 11:45:31 +02:00
Andrew Bartlett
454b0b3f20 s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.

This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-11 22:52:37 +02:00
Volker Lendecke
a7b06f4c0d s3: Fix a memleak in check_pac_checksum 2010-05-04 12:00:13 +02:00
Günther Deschner
ae20737066 s3-kerberos: do not include authdata headers before including krb5 headers.
Guenther
2009-11-27 18:31:13 +01:00
Günther Deschner
04f8c229de s3-kerberos: only use krb5 headers where required.
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.

Guenther
2009-11-27 16:36:00 +01:00
Jeremy Allison
d2a9f4a272 Remove unused variable warning.
Jeremy.
2009-11-12 14:09:25 -08:00
Günther Deschner
61f0b24763 s3-kerberos: remove smb_krb5_get_tkt_from_creds().
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove
smb_krb5_get_tkt_from_creds() which is not required anymore.

Guenther
2009-11-12 15:50:38 +01:00
Günther Deschner
11687e84e3 s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs.
Guenther
2009-11-06 15:01:39 +01:00
Günther Deschner
9e48dc2b78 s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().
Guenther
2009-11-06 13:35:20 +01:00
Günther Deschner
5e26622510 s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.
Guenther
2009-11-06 12:44:15 +01:00
Günther Deschner
4ffbfc4475 s3-kerberos: add smb_krb5_get_tkt_from_creds().
Guenther
2009-11-06 12:43:46 +01:00
Andrew Bartlett
574a6a8c35 s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context
Signed-off-by: Günther Deschner <gd@samba.org>
2009-04-07 13:25:36 +02:00
Günther Deschner
4b59ecb903 s3-build: no need to duplicate generated ndr_ prototypes.
Guenther
2008-10-20 19:47:00 +02:00
Jelmer Vernooij
cb78d4593b Cope with changed signature of http_timestring(). 2008-10-11 23:57:44 +02:00
Günther Deschner
c48186f507 s3: use samba4 prototype for ndr_push/pull_struct_blob.
Guenther
2008-09-23 09:37:23 +02:00
Günther Deschner
7269a504fd Add my copyright.
Guenther
(This used to be commit d078a87571)
2008-02-27 19:38:48 +01:00
Günther Deschner
3ea40eda94 Some more cleanup in authdata.c.
Guenther
(This used to be commit 5483f5fb44)
2008-02-17 02:11:59 +01:00
Günther Deschner
86843631a2 Align our krb5 PAC decoding routines to the samba4 ones.
(while keeping all the trans krb5 lib support)

Guenther
(This used to be commit c06e507737)
2008-02-17 02:11:59 +01:00
Günther Deschner
a92eb76688 Finally enable pidl generated SAMR & NETLOGON headers and clients.
Guenther
(This used to be commit f7100156a7)
2008-01-17 16:54:46 +01:00
Jeremy Allison
866af9a800 Coverity 512, uninitialized var.
Jeremy.
(This used to be commit 1b7cc80c61)
2008-01-11 23:43:33 -08:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs
(This used to be commit bb35e794ec)
2007-12-15 22:09:36 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Günther Deschner
201f0e1ce4 r24432: Expand kerberos_return_pac() so that it can be used in winbindd.
Guenther
(This used to be commit e70bf0ecc3)
2007-10-10 12:29:46 -05:00
Günther Deschner
3e00e2e9ce r24424: Fix the build.
Guenther
(This used to be commit 029bf26f8a)
2007-10-10 12:29:45 -05:00
Gerald Carter
cdd140fe27 r24158: SE_GROUP_RESOURCE in the other_sids list apparently means a
domain local group.

Fix a typo in the PAC debugging routine
(This used to be commit b0b66b2e7a)
2007-10-10 12:29:15 -05:00
Günther Deschner
2349acdd43 r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, renew,
pac).

Guenther
(This used to be commit 4cada7c148)
2007-10-10 12:28:51 -05:00
Günther Deschner
f659ffc0ee r23970: Allow to set the debuglevel at which to dump the PAC logon info.
Guenther
(This used to be commit 7d321aad83)
2007-10-10 12:28:50 -05:00
Günther Deschner
fce64f6833 r23969: Some helper routines to retrieve a PAC and PAC elements.
Guenther
(This used to be commit d4c87c792a)
2007-10-10 12:28:50 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Gerald Carter
3272b1dd60 r23251: whoops! Fix compile error
(This used to be commit 22a3ea40ac)
2007-10-10 12:22:59 -05:00
Jeremy Allison
71ee55f98d r23080: Fix bug #4637 - we hads missed some cases where
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6f)
2007-10-10 12:22:43 -05:00
Jelmer Vernooij
995205fc60 r18188: merge 3.0-libndr branch
(This used to be commit 1115745cae)
2007-10-10 11:43:56 -05:00
Jeremy Allison
a57f37420b r13588: Second attempt to fix Bug #3330 - treat the string as a
uint8 array and copy as such. Gunther please check (sorry
I reverted your earlier fix).
Jeremy.
(This used to be commit 7a17b39c80)
2007-10-10 11:10:16 -05:00
Jeremy Allison
115996503c r13585: Sorry Gunther, had to revert this. It's got a buffer
overrun. Spoke to Jerry about the correct fix. Will add
this after.
Jeremy.
(This used to be commit 33e13aabd3)
2007-10-10 11:10:16 -05:00
Günther Deschner
4ea92f3098 r13581: Correctly parse a non-null terminated, little-endian UCS2 string in the
PAC_LOGON_NAME structure. This was broken on big-endian machines
(Solaris SPARC and ppc). Fixes Bug #3330.

Jerry, this should be in 3.0.21c.

Guenther
(This used to be commit 9732490811)
2007-10-10 11:10:16 -05:00
Günther Deschner
ad93243f23 r11183: add small helper function to return a PAC_LOGON_INFO.
Guenther
(This used to be commit a8d5d6b845)
2007-10-10 11:05:06 -05:00
Günther Deschner
ebf8a84375 r10710: Fix uninitialized variable. (Thanks to Chengjie Liu
<chengjie.liu@datadomain.com>)

Guenther
(This used to be commit 241466ee65)
2007-10-10 11:04:50 -05:00
Volker Lendecke
aa0dff680d r10671: Attempt to fix the build on machines without kerberos headers.
Volker
(This used to be commit cb816e65a9)
2007-10-10 11:04:49 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Günther Deschner
cc6843fcca r9163: Rename UNKNOWN_TYPE_10 to PAC_LOGON_NAME (merge from samba4)
Guenther
(This used to be commit d14dcba963)
2007-10-10 11:00:27 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Herb Lewis
aa39cc37da get rid of more compiler warnings
(This used to be commit 398bd14fc6)
2003-08-15 04:42:05 +00:00
Volker Lendecke
c9aa836204 Fix memleaks.
Currently I'm compiling against MIT Kerberos 1.2.8.

Anthony, you said you have a heimdal installation available. Could you
please compile this stuff with krb and check it with valgrind?

Thanks,

Volker
(This used to be commit d8ab446859)
2003-08-15 01:46:09 +00:00
Jim McDonough
9f2e6167d2 Update my copyrights according to my agreement with IBM
(This used to be commit c9b209be2b)
2003-08-01 15:21:20 +00:00