summaryrefslogtreecommitdiff
path: root/lib/krb5_wrap
Commit message (Collapse)AuthorAgeFilesLines
* lib: util: asn1 fixes - check all returns.Jeremy Allison2014-09-261-11/+15
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
* Remove custom password change code in libadsSimo Sorce2014-09-011-1/+0
| | | | | | | | | Use standard libkrb5 calls instead. Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* krb5_wrap: Use com_err in krb5_warnx.Andreas Schneider2014-08-081-2/+5
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: make sure smb_krb5_principal_get_realm returns a malloced string.Günther Deschner2014-08-081-3/+5
| | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: provide krb5_warnx() replacement.Günther Deschner2014-08-082-0/+27
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 8 08:30:50 CEST 2014 on sn-devel-104
* lib/krb5_wrap: use krb5_copy_data_contents in smb_krb5_principal_set_realm.Günther Deschner2014-08-081-5/+5
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: provide CKSUMTYPE_HMAC_MD5 type matching MIT.Günther Deschner2014-08-081-0/+6
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: define KRB5_PW_SALT if it is not already there.Günther Deschner2014-08-081-0/+4
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: add smb_krb5_principal_get_type().Günther Deschner2014-08-082-0/+23
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: add smb_krb5_principal_set_realm().Günther Deschner2014-08-082-0/+48
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: use const principal in smb_krb5_principal_get_realm().Günther Deschner2014-08-082-2/+2
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: add krb5_copy_data_contents.Günther Deschner2014-08-082-0/+37
| | | | | | | | | | | This reuses krb5_data_copy() if available, choosed not to call it krb5_data_copy as that is easily mixed up with krb5_copy_data (which allocs the krb5_data pointer). Thanks Simo for proposing the better name. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: add smb_krb5_principal_get_comp_string().Günther Deschner2014-08-082-0/+42
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: move krb5_princ_size replacement code to ↵Günther Deschner2014-08-081-0/+8
| | | | | | | | | lib/krb5_wrap/krb5_samba.c. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/krb5_wrap: add smb_krb5_get_allowed_weak_crypto().Günther Deschner2014-08-082-0/+55
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org>
* lib/krb5_wrap: remove unused create_kerberos_key_from_string_direct().Günther Deschner2014-08-082-54/+0
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org>
* lib/krb5_wrap: add smb_krb5_create_key_from_string().Günther Deschner2014-08-082-0/+79
| | | | | | | | | | | This function can take either a calculated salt or a principal and calculate the salt on its own. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org>
* lib/krb5_wrap: add smb_krb5_get_pw_salt().Günther Deschner2014-08-082-0/+45
| | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Andreas Schneider <asn@samba.org>
* krb5_wrap: Move function declaration outside the function.Andreas Schneider2013-12-061-8/+9
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* krb5wrap: Move mask to the right position.Andreas Schneider2013-06-121-1/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Make sure to set umask() before calling mkstemp().Andreas Schneider2013-03-061-0/+4
| | | | | | | Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
* krb5_wrap: Make sure we don't dereference a NULL pointer.Andreas Schneider2013-03-051-1/+3
| | | | Reviewed-by: David Disseldorp <ddiss@samba.org>
* krb5_wrap: Remove dead code in smb_krb5_renew_ticket().Andreas Schneider2012-12-211-7/+2
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* lib/krb5_wrap: request enc_types in the correct order (bug #9272)Stefan Metzmacher2012-11-011-6/+6
| | | | | | | | | aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96 should have a higher priority than arcfour-hmac-md5, otherwise the KDC still gives us arcfour-hmac-md5 session keys. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3-krb5: use and request AES keys in kerberos operations.Günther Deschner2012-10-021-0/+6
| | | | Guenther
* lib/krb5_wrap: when deleting default realm, pass char*, not char**Alexander Bokovoy2012-09-121-1/+1
| | | | | Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 10:33:37 CEST 2012 on sn-devel-104
* lib/krb4_wrap: Add const to kt_copy_one_principalAndrew Bartlett2012-08-292-2/+2
|
* libkrb5: Fix build with MIT Kerberos.Andreas Schneider2012-08-291-6/+6
| | | | | Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
* lib/krb5_wrap: Move enctype conversion functions into a simple helper fileAndrew Bartlett2012-08-284-36/+109
|
* lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrapAndrew Bartlett2012-08-282-0/+23
|
* lib/krb5_wrap: Bring list of all enc types into krb5_wrapAndrew Bartlett2012-08-282-0/+16
|
* lib/krb5_wrap: Remove unused smb_krb5_get_credsAndrew Bartlett2012-06-032-125/+0
| | | | | | | | | | | | | | | | | | | | | | Found by callcatcher This has been unsused since commit 61f0b247633501d6bf4103ca8345048e537c043d Author: Günther Deschner <gd@samba.org> Date: Thu Nov 12 15:42:03 2009 +0100 s3-kerberos: remove smb_krb5_get_tkt_from_creds(). Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Jun 3 13:04:06 CEST 2012 on sn-devel-104
* waf: check for krb5_create_checksum and krb5_creds.flags for some Heimdal ↵Alexander Bokovoy2012-06-011-0/+4
| | | | | | | | | versions Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Fri Jun 1 11:23:21 CEST 2012 on sn-devel-104
* lib/krb5_wrap: Move krb5_princ_size helper to source4 as it is only used thereAndrew Bartlett2012-05-301-8/+0
| | | | | | | | | | This is also where the related krb5_princ_component is declared. Also fix the configure check to use the correct name This helps the autoconf build on Heimdal. Andrew Bartlett
* krb5samba: Add smb_gss_oid_equal wrapper.Andreas Schneider2012-05-233-2/+89
| | | | Signed-off-by: Andreas Schneider <asn@samba.org>
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-3/+7
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* lib/krb5_wrap: implement krb5_cc_get_lifetime for MIT KerberosAlexander Bokovoy2012-05-231-19/+22
| | | | | | | In case krb5_cc_get_lifetime is not available, iterate over existing tickets in the keytab, find the one marked as TKT_FLAG_INITIAL, and use its lifetime. This is how it is implemented in Heimdal and how it was suggested to be done by MIT Kerberos developers.
* gensec_gssapi: Make it possible to build with MIT krb5Simo Sorce2012-05-231-0/+3
| | | | | | | | | | We need to ifdef out some minor things here because there is no available API to set these options in MIT. The realm and canonicalize options should be not interesting in the client case. Same for the send_to_kdc hacks. Also the OLD DES3 enctype is not at all interesting. I am not aware that Windows will ever use DES3 and no modern implementation relies on that enctype anymore as it has been fully deprecated long ago, so we can simply ignore it.
* krb5samba: Add smb_krb5_make_pac_checksum.Andreas Schneider2012-05-082-0/+83
| | | | | | | Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue May 8 08:30:52 CEST 2012 on sn-devel-104
* krb5samba: Add krb5_free_checksum_contents wrapperSimo Sorce2012-05-082-0/+14
|
* krb5samba: Add a smb_krb5_cc_get_lifetime() function.Andreas Schneider2012-05-042-0/+59
| | | | Signed-off-by: Simo Sorce <idra@samba.org>
* krb5samba: Add compat function for krb5_kt_compareSimo Sorce2012-05-042-0/+39
|
* krb5samba: Add compat krb5_make_principal for MIT buildSimo Sorce2012-05-042-0/+45
|
* krb5samba: Add compat code to initialize keyblock contentsSimo Sorce2012-05-042-0/+27
|
* Move keytab_copy to krb5samba libSimo Sorce2012-05-043-1/+241
| | | | | This is a helper fucntion that uses purely krb5 code, so it belongs to krb5samba which is the krb5 wrapper for samba.
* Split normal kinit from s4u2 flavored kinitSimo Sorce2012-05-042-31/+71
| | | | | | | This makes it simpler to slowly integrate MIT support and also amkes it somewhat clearer what operation is really requested. The 24u2 part is really only used by the cifs proxy code so we can temporarily disable it in the MIT build w/o major consequences.
* Move kerberos_kinit_password_cc to krb5samba libSimo Sorce2012-05-042-0/+405
|
* Move kerberos_kinit_keyblock_cc to krb5samba libSimo Sorce2012-05-042-0/+98
| | | | | Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not available.
* krb5samba: Remove unnecessary include fileSimo Sorce2012-05-041-1/+0
|
* Fix krb5_samba.c buildSimo Sorce2012-05-041-0/+4
|
View Lorry Controller Status