summaryrefslogtreecommitdiff
path: root/auth/kerberos/gssapi_pac.c
Commit message (Collapse)AuthorAgeFilesLines
* auth/kerberos: Fix typo in error message regarding fetching PAC using HeimdalMatt Selsky2018-03-191-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13311 Signed-off-by: Matt Selsky <matthew.selsky@twosigma.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* define DBGC_AUTH classkkplein2018-01-081-0/+4
| | | | | | Signed-off-by: Mourik Jan C Heupink <heupink@merit.unu.edu> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* mit: make it possible to build with MIT kerberos and --picky-developerGünther Deschner2016-09-291-1/+2
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* gensec: Change log level for message when obtaining PAC from ↵Christof Schmitt2016-07-061-6/+4
| | | | | | | | | | | | | | | | | gss_get_name_attribute failed This is the second part for the issue from commit 8bb4fccd. A KDC that does not return a PAC first triggers this message, then the "resorting to local user lookup" one. Change the log level for the "obtaining PAC via GSSAPI gss_get_name_attribute" message as well to avoid spamming the logs during normal usage. While changing this message, also remove the discard_const since it is no longer required. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 6 04:27:03 CEST 2016 on sn-devel-144
* auth: fix a memory leak in gssapi_get_session_key()Uri Simchoni2016-07-061-6/+1
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006 Signed-off-by: Uri Simchoni <uri@samba.org> Signed-off-by: Richard Sharpe <rsharpe@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Wed Jul 6 00:40:15 CEST 2016 on sn-devel-144
* auth: Fix picky const warnings in gssapi_pacAndreas Schneider2015-11-231-2/+10
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* auth/kerberos: avoid compiler warningsStefan Metzmacher2015-03-201-4/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth/kerberos: Do not do pointer arithmatic on a void *Andrew Bartlett2012-07-301-1/+1
| | | | | | Found with -Werror=pointer-arith Andrew Bartlett
* auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()Alexander Bokovoy2012-06-061-2/+18
| | | | | | | | | | | | | | gss_get_name_attribute() can return unintialized pac_display_buffer and later gss_release_buffer() will crash on attempting to release it. The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514 http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087 We need to initialize variables before using gss_get_name_attribute() Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed Jun 6 18:22:51 CEST 2012 on sn-devel-104
* lib/replace: split out GSSAPI from lib/replace/system/kerberos.h into ↵Alexander Bokovoy2012-04-251-1/+0
| | | | | | | | | | | | | | lib/replace/system/gssapi.h With waf build include directories are defined by dependencies specified to subsystems. Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds when there are no system-wide gssapi/gssapi.h available. Split out GSSAPI header includes in a separate replacement header and use that explicitly where needed. Autobuild-User: Alexander Bokovoy <ab@samba.org> Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
* Make krb5 wrapper library common so they can be used all overSimo Sorce2012-04-231-2/+47
|
* auth-krb: Move pac related util functions in a single place.Simo Sorce2012-04-121-0/+1
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Make functions static.Simo Sorce2012-04-121-1/+0
| | | | | | | The remaining gssapi_parse functions were used exclusively in gensec_krb5. Move them there and make them static. Signed-off-by: Andreas Schneider <asn@samba.org>
* auth-krb: Use simpler method to extract keytype.Simo Sorce2012-04-121-19/+12
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key typeAndrew Bartlett2012-03-081-4/+23
| | | | | | | | | | The key type OID is optional, but we require that information to determine if we should use NEW_SPNEGO. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Mar 8 11:53:57 CET 2012 on sn-devel-104
* auth/kerberos: Ensure we do not print invalid memory in failure caseAndrew Bartlett2012-03-081-4/+1
| | | | | | This codeblock may not have any set->elements, so we should not print them. Copy&paste in the original code. Andrew Bartlett
* auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett2012-02-171-0/+113
| | | | | | | | | gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
* auth/kerberos/gssapi_pac: fix compiler warningsStefan Metzmacher2011-06-151-6/+5
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jun 15 19:06:24 CEST 2011 on sn-devel-104
* Fix Samba3 on OpenIndiana.Gordon Ross2011-05-071-0/+24
| | | | | | | | | | | I'd like Samba to use the native OpenLDAP and MIT Kerberos libs. Attached are some patches to do that. (relative to git master) It does not build for me without these. (OpenIndiana is an off-shoot of OpenSolaris See http://www.openindiana.org) Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat May 7 02:20:14 CEST 2011 on sn-devel-104
* auth/kerberos Add check for gss_inquire_sec_context_by_oidAndrew Bartlett2011-04-271-4/+10
| | | | | | | | | Not all kerberos distributions have this function. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Apr 27 07:39:08 CEST 2011 on sn-devel-104
* auth/kerberos: Create common helper to get the verified PAC from GSSAPIAndrew Bartlett2011-04-271-0/+123
This only works for Heimdal and MIT Krb5 1.8, other versions will get an ACCESS_DEINED error. We no longer manually verify any details of the PAC in Samba for GSSAPI logins, as we never had the information to do it properly, and it is better to have the GSSAPI library handle it. Andrew Bartlett
View Lorry Controller Status