summaryrefslogtreecommitdiff
path: root/lib/krb5_wrap/krb5_samba.h
Commit message (Collapse)AuthorAgeFilesLines
* krb5: Detect support for krb5_const_pac typeJoseph Sutton2022-11-081-1/+12
| | | | | | | | | | | We can't unconditionally assume (as we did in third_party/heimdal_build/wscript_configure) that Heimdal has this type, since we may have an older system Heimdal that lacks it. We must also check whether krb5_pac_get_buffer() is usable with krb5_const_pac, and declare krb5_const_pac as a non-const typedef if not. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: add explicit keep_old_kvno/enctype_only args to ↵Stefan Metzmacher2022-10-271-0/+2
| | | | | | | smb_krb5_kt_seek_and_delete_old_entries() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/krb5_wrap: remove unused keep_old_entries argument from ↵Stefan Metzmacher2022-10-271-2/+1
| | | | | | | smb_krb5_kt_seek_and_delete_old_entries() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/krb5_wrap: remove unused keep_old_entries argument from ↵Stefan Metzmacher2022-10-271-2/+1
| | | | | | | smb_krb5_kt_add_entry() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* krb5: Add compatability for krb5_const_pac typeJoseph Sutton2022-10-211-0/+4
| | | | | | | | This allows this type to be used in Samba in the future for both Kerberos implementations Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* lib:krb5_wrap: Add helper functions to make krb5_data structureJoseph Sutton2022-10-051-0/+5
| | | | | | | These will be used in following commits. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string()Joseph Sutton2022-06-141-2/+2
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib:krb5_wrap: Implement smb_krb5_principal_is_tgs()Andreas Schneider2022-03-171-0/+3
| | | | | | | | This will be used later and allows to remove static implementations. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
* krb5-mit: Enable S4U client support for MIT buildIsaac Boukris2022-03-041-2/+0
| | | | | | Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Allow special chars like "@" in samAccountName when generating the saltAndrew Bartlett2021-10-201-3/+10
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 20 12:54:54 UTC 2021 on sn-devel-184
* krb5_wrap: remove unused codePavel Filipenský2021-07-271-10/+0
| | | | | | | | | Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Jul 27 10:09:03 UTC 2021 on sn-devel-184
* lib:krb5_wrap: Check the format string of krb5_warnx()Andreas Schneider2021-02-011-1/+2
| | | | | | | error: format string is not a string literal [-Werror,-Wformat-nonliteral] Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* krb5_wrap: move source3/libads/krb5_errs.c to lib/krb5_wrap/krb5_errs.cStefan Metzmacher2020-02-101-0/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib/krb5_wrap: Remove unused smb_krb5_get_allowed_weak_crypto()Andrew Bartlett2019-12-111-2/+0
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Wed Dec 11 22:18:47 UTC 2019 on sn-devel-184
* Add MIT kerberos tracing capabilitySwen Schillig2018-12-191-0/+2
| | | | | | | | | | | | | HEIMDAL kerberos offers already tracing via a logging facility through smb_krb5_init_context(). MIT kerberos offers to register a callback via krb5_set_trace_callback with which tracing information can be routed to a common logging facility. This is now integrated into smb_krb5_init_context_basic() offering the same functionality for both kerberos fragrances. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* krb5_samba: Fix checking for config.h #define in krb5_samba.hAndreas Schneider2018-12-161-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()Volker Lendecke2018-11-281-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Give krb5_errs.c its own headerVolker Lendecke2018-11-271-3/+0
| | | | | | | | The protos were declared in lib/krb5_wrap but the functions are not available there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* krb5-samba: interdomain trust uses different salt principalAlexander Bokovoy2018-09-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where DOMAIN is the sAMAccountName without the dollar sign ($) The salt principal for the BLA$ user object was generated wrong. dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010 trustDirection: 3 trustPartner: bla.base trustPosixOffset: -2147483648 trustType: 2 trustAttributes: 8 flatName: BLA dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base userAccountControl: 2080 primaryGroupID: 513 objectSid: S-1-5-21-278041429-3399921908-1452754838-1597 accountExpires: 9223372036854775807 sAMAccountName: BLA$ sAMAccountType: 805306370 pwdLastSet: 131485652467995000 The salt stored by Windows in the package_PrimaryKerberosBlob (within supplementalCredentials) seems to be 'W4EDOM-L4.BASEkrbtgtBLA' for the above trust and Samba stores 'W4EDOM-L4.BASEBLA$'. While the salt used when building the keys from trustAuthOutgoing/trustAuthIncoming is 'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144
* krb5_wrap: add smb_krb5_salt_principal2data()Stefan Metzmacher2017-06-271-0/+4
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* krb5_wrap: add smb_krb5_salt_principal()Stefan Metzmacher2017-06-271-0/+6
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib/krb5_samba: remove some dead prototypesGünther Deschner2017-05-101-2/+0
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname()Andreas Schneider2017-03-101-5/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* krb5_wrap: Make smb_krb5_get_realm_from_hostname() publicAndreas Schneider2017-03-101-0/+4
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* krb5_wrap: Fix smb_krb5_mk_error() with MIT KerberosAndreas Schneider2016-09-111-0/+2
| | | | | | | The server principal is required, so if not set create an obscure one. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* krb5_wrap: Move unwrap_edata_ntstatus() and make it staticAndreas Schneider2016-08-311-5/+0
| | | | | | | | This also removes the asn1util dependency from krb5_wrap and moves it to libads which is the only user. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm()Andreas Schneider2016-08-311-3/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unused smb_krb5_parse_name_norealm()Andreas Schneider2016-08-311-3/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_get_principal_from_service_hostname()Andreas Schneider2016-08-311-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_kinit_s4u2_cc()Andreas Schneider2016-08-311-10/+10
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_kinit_password_cc()Andreas Schneider2016-08-311-8/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_kinit_keyblock_cc()Andreas Schneider2016-08-311-7/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename smb_krb5_keytab_name()Andreas Schneider2016-08-311-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename smb_krb5_open_keytab()Andreas Schneider2016-08-311-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename smb_krb5_open_keytab_relative()Andreas Schneider2016-08-311-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename smb_get_enctype_from_kt_entry()Andreas Schneider2016-08-311-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free()Andreas Schneider2016-08-311-2/+0
| | | | | | | Call the Kerberos function directly. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc()Andreas Schneider2016-08-311-2/+0
| | | | | | | Call the Kerberos function directly. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unused handle_krberror_packet()Andreas Schneider2016-08-311-3/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unneded smb_krb5_free_error()Andreas Schneider2016-08-311-1/+1
| | | | | | | | | krb5_free_error() is availalbe in MIT and Heimdal. Both implementations free the contents and the pointer. krb5_free_data_contents() is Heimdal only. Which function you need to call depends. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename get_krb5_smb_session_key()Andreas Schneider2016-08-311-4/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename cli_krb5_get_ticket()Andreas Schneider2016-08-311-6/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename krb5_copy_data_contents()Andreas Schneider2016-08-311-3/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_free_data_contents()Andreas Schneider2016-08-311-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename get_kerberos_allowed_etypes()Andreas Schneider2016-08-311-1/+3
| | | | | | | Use consistent naming. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename setup_kaddr()Andreas Schneider2016-08-311-1/+2
| | | | | | | | Use a better and consistent name and switch the arguments to reflect the name. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Wrap krb5_cc_copy_creds and krb5_cc_copy_cacheAlexander Bokovoy2016-07-251-0/+3
| | | | | | | | | | | Heimdal and MIT Kerberos have different API to copy credentials from a ccache. Wrap it via lib/krb5_wrap/. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Jul 25 21:27:58 CEST 2016 on sn-devel-144
* s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.Günther Deschner2016-07-231-0/+8
| | | | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144
* krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*Stefan Metzmacher2016-07-201-0/+11
| | | | | | | | MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128, while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* krb5_wrap: Add smb_krb5_mk_error()Andreas Schneider2016-06-181-0/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status