sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code
132,976 Commits 60 Branches 1,144 Tags 452 MiB
e3a710f290
Commit Graph

6 Commits

Author SHA1 Message Date
Simo Sorce
b8653f4ee7 Restrict GSSAPI query to the krb5 mechanism 
Otherwise GSSAPI will consult other mechanisms if available and we can
only cope with krb5 credentials here.

Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 30 20:45:23 UTC 2020 on sn-devel-184
 2020-09-30 20:45:23 +00:00
Andreas Schneider
ded788bccb krb5_wrap: Use #ifdef instead of #if for config.h definitions 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
 2018-11-28 23:19:21 +01:00
Andreas Schneider
6b73f75540 krb5_wrap: Fix smb_gss_krb5_import_cred() picky-developer build 
This does not build on Fedora 25 with picky-developer turned on.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
 2017-03-14 15:22:12 +01:00
Alexander Bokovoy
57286d5773 s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper 
MIT krb5 1.9 version of gss_krb5_import_cred() may fail when importing
credentials from a keytab without specifying actual principal.
This was fixed in MIT krb5 1.9.2 (see commit
71c3be093db577aa52f6b9a9a3a9f442ca0d8f20 in MIT krb5-1.9 branch, git
master's version is bd18687a705a8a6cdcb7c140764d1a7c6a3381b5).

Move fallback code to the smb_gss_krb5_import_cred wrapper. We only
expect this fallback to happen with krb5 GSSAPI mechanism, thus hard
code use of krb5 mech when calling to gss_acquire_cred.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Mar  8 22:00:24 CET 2017 on sn-devel-144
 2017-03-08 22:00:24 +01:00
Alexander Bokovoy
0e6e8dd260 lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper 
Wrap gss_krb5_import_cred() to allow re-implementing it with
gss_acquire_cred_from() for newer MIT versions. gss_acquire_cred_from()
works fine with GSSAPI interposer (GSS-proxy) while
gss_krb5_import_cred() is not interposed yet.

The wrapper has additional parameter, krb5_context handle, to facilitate
with credentials cache name discovery. All our callers to
gss_krb5_import_cred() already have krb5 context handy.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2017-03-08 18:00:11 +01:00
Andreas Schneider
0a6e568344 krb5samba: Add smb_gss_oid_equal wrapper. 
Signed-off-by: Andreas Schneider <asn@samba.org>
 2012-05-23 17:51:51 +03:00