summaryrefslogtreecommitdiff
path: root/lib/krb5_wrap
Commit message (Collapse)AuthorAgeFilesLines
* krb5_wrap: ADDRTYPE_INET6 is available in all supported MIT versionsStefan Metzmacher2017-10-251-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org> (cherry picked from commit 96e471eecce91e6cd9b92d854a3c6ca10e0634f3)
* krb5_wrap: KRB5_ADDRESS_INET6 is not a define in HeimdalStefan Metzmacher2017-10-251-1/+1
| | | | | | | | | | | All supported versions of Heimal already have KRB5_ADDRESS_INET6, so there's no need for an explicit check. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org> (cherry picked from commit 70146841272bc87c335bd24b736ba2c62efdfe06)
* krb5_wrap: add smb_krb5_salt_principal2data()Stefan Metzmacher2017-07-132-1/+72
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit ec2da944d304852d76137e8f9d234462bc807c6b)
* krb5_wrap: add smb_krb5_salt_principal()Stefan Metzmacher2017-07-132-0/+126
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 5df46700cfb0a15fec2d366e12728cd497188741)
* krb5_wrap: Print a warning for an invalid keytab nameAndreas Schneider2017-03-231-0/+2
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> (cherry picked from commit a6a527e1e83a979ef035c49a087b5e79599c10a4)
* s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapperAlexander Bokovoy2017-03-231-3/+43
| | | | | | | | | | | | | | | | | | | | | | MIT krb5 1.9 version of gss_krb5_import_cred() may fail when importing credentials from a keytab without specifying actual principal. This was fixed in MIT krb5 1.9.2 (see commit 71c3be093db577aa52f6b9a9a3a9f442ca0d8f20 in MIT krb5-1.9 branch, git master's version is bd18687a705a8a6cdcb7c140764d1a7c6a3381b5). Move fallback code to the smb_gss_krb5_import_cred wrapper. We only expect this fallback to happen with krb5 GSSAPI mechanism, thus hard code use of krb5 mech when calling to gss_acquire_cred. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Mar 8 22:00:24 CET 2017 on sn-devel-144 (cherry picked from commit 57286d57732d49fdb8b8e21f584787cdbc917c32)
* lib/krb5_wrap: add smb_gss_krb5_import_cred wrapperAlexander Bokovoy2017-03-232-0/+134
| | | | | | | | | | | | | | | | | Wrap gss_krb5_import_cred() to allow re-implementing it with gss_acquire_cred_from() for newer MIT versions. gss_acquire_cred_from() works fine with GSSAPI interposer (GSS-proxy) while gss_krb5_import_cred() is not interposed yet. The wrapper has additional parameter, krb5_context handle, to facilitate with credentials cache name discovery. All our callers to gss_krb5_import_cred() already have krb5 context handy. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 0e6e8dd2600c699a7a02e3d11fed21b5bc49858d)
* krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname()Andreas Schneider2017-03-142-116/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 804e828d52ec922f3970e847652ab1ee5538b9b0)
* krb5_wrap: Make smb_krb5_get_realm_from_hostname() publicAndreas Schneider2017-03-142-7/+25
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 339a2ecb3f05d0c9e860a5dd59b8bdbc51d4ffa7)
* krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname()Andreas Schneider2017-03-141-2/+14
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit f0c4fcace586197d5c170f6a9dcc175df23e3802)
* krb5_wrap: Try to guess the correct realm from the service hostnameAndreas Schneider2017-03-141-0/+13
| | | | | | | | | | | | | | | | If we do not get a realm mapping from the krb5.conf or from the Kerberos library try to guess it from the service hostname. The guessing of the realm from the service hostname is already implemented in Heimdal. This makes the behavior of smb_krb5_get_realm_from_hostname() consistent with both MIT and Heimdal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 65228925ab3c4da4ae299f77cae219fc7d37cc68)
* krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()Andreas Schneider2017-03-141-1/+3
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 946f9dd1170be63b91e31ce825ea123f3c07329b)
* krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC keyStefan Metzmacher2017-02-251-0/+37
| | | | | | | | | | | | | | | Our own convert_string_talloc() function handles a wider range of unicode code points than the MIT krb5 or heimdal code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Feb 21 20:08:16 CET 2017 on sn-devel-144 (cherry picked from commit 10e1b92c288ae27f775debb16c3e122b6063fa21)
* lib: Use "all_zero" where appropriateVolker Lendecke2017-01-031-6/+2
| | | | | | | ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* krb5_wrap: fix smb_krb5_cc_copy_creds() for MIT krb5Stefan Metzmacher2016-12-241-0/+12
| | | | | | | | | | krb5_cc_copy_creds() expects an already initialized output cache. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Dec 24 21:04:23 CET 2016 on sn-devel-144
* krb5_wrap: Remove incorrect absolute path checks in smb_krb5_kt_open_relative()Andreas Schneider2016-12-161-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* krb5_wrap: More checks for absolute path in smb_krb5_kt_open()Andreas Schneider2016-12-161-4/+21
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* krb5_wrap: Fix smb_krb5_mk_error() with MIT KerberosAndreas Schneider2016-09-112-9/+45
| | | | | | | The server principal is required, so if not set create an obscure one. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Revert "krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()"Andreas Schneider2016-09-091-16/+0
| | | | | | | | | | This reverts commit c0e861666911d84f2d78cdab370077d9ac192005. The krb5_init_keyblock function from MIT allocates the key but we operate only on the contents. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* krb5_wrap: Remove extra parentheses causing compile errorAnoop C S2016-09-011-3/+3
| | | | | | | | | Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Sep 1 21:02:54 CEST 2016 on sn-devel-144
* krb5_wrap: Move unwrap_edata_ntstatus() and make it staticAndreas Schneider2016-08-313-54/+1
| | | | | | | | This also removes the asn1util dependency from krb5_wrap and moves it to libads which is the only user. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm()Andreas Schneider2016-08-312-10/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Remove unused smb_krb5_parse_name_norealm()Andreas Schneider2016-08-312-15/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_unparse_name() documentationAndreas Schneider2016-08-311-5/+20
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_parse_name() documentationAndreas Schneider2016-08-311-6/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_cc_copy_creds()Andreas Schneider2016-08-311-0/+11
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx()Andreas Schneider2016-08-311-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve krb5_warnx() documentationAndreas Schneider2016-08-311-9/+13
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_principal_set_type() documentationAndreas Schneider2016-08-311-7/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_principal_get_type() documentationAndreas Schneider2016-08-311-7/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentationAndreas Schneider2016-08-311-9/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_get_krb5_error_message()Andreas Schneider2016-08-311-0/+14
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_get_principal_from_service_hostname()Andreas Schneider2016-08-311-0/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_get_principal_from_service_hostname()Andreas Schneider2016-08-312-4/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_principal_set_realm() documentationAndreas Schneider2016-08-311-8/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Fix documentation of smb_krb5_principal_get_realm()Andreas Schneider2016-08-311-8/+6
| | | | | | | Create a valid doxygen documentation. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_make_pac_checksum()Andreas Schneider2016-08-311-0/+23
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_make_principal()Andreas Schneider2016-08-311-0/+16
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentationAndreas Schneider2016-08-311-13/+30
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_kinit_s4u2_cc()Andreas Schneider2016-08-312-20/+20
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_kinit_password_ccache()Andreas Schneider2016-08-311-0/+23
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_kinit_password_cc()Andreas Schneider2016-08-312-17/+18
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentationAndreas Schneider2016-08-311-13/+25
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename kerberos_kinit_keyblock_cc()Andreas Schneider2016-08-312-14/+16
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()Andreas Schneider2016-08-311-0/+16
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_keyblock_init_contents()Andreas Schneider2016-08-311-0/+21
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_kt_get_name()Andreas Schneider2016-08-311-0/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename smb_krb5_keytab_name()Andreas Schneider2016-08-312-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Document smb_krb5_kt_open()Andreas Schneider2016-08-311-0/+18
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename smb_krb5_open_keytab()Andreas Schneider2016-08-312-9/+9
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status