[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Aug 31 22:44:11 UTC 2016
The branch, master has been updated
via 2de4aea s3-libads: Do not use deprecated krb5_change_password()
via e01587c s3-libads: Do not use deprecated krb5_get_init_creds_opt_init()
via 9d4f1b4 s3-libads: Support for MIT Kerberos ntstatus from init_creds
via 3cd4bc6 s3-libads: Use non-deprecated function to get the error
via e4f82de s4-heimdal: Export krb5_init_creds_* functions
via e135a13 s3-libads: Rename smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt()
via 381ebd4 krb5_wrap: Move unwrap_edata_ntstatus() and make it static
via 3a4eaa0 krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm()
via e00af44 krb5_wrap: Remove unused smb_krb5_parse_name_norealm()
via 907c0b9 krb5_wrap: Improve smb_krb5_unparse_name() documentation
via 591b867 krb5_wrap: Improve smb_krb5_parse_name() documentation
via 757e77b krb5_wrap: Document smb_krb5_cc_copy_creds()
via 0540cfd krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx()
via 3bc9b76 krb5_wrap: Improve krb5_warnx() documentation
via a5f1653 krb5_wrap: Improve smb_krb5_principal_set_type() documentation
via e77c5ac krb5_wrap: Improve smb_krb5_principal_get_type() documentation
via 1d8c1ca krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentation
via dbcba4c krb5_wrap: Document smb_get_krb5_error_message()
via 52c0133 krb5_wrap: Document smb_krb5_get_principal_from_service_hostname()
via 2454374 krb5_wrap: Rename kerberos_get_principal_from_service_hostname()
via a110ab8 krb5_wrap: Improve smb_krb5_principal_set_realm() documentation
via 8c3b703 krb5_wrap: Fix documentation of smb_krb5_principal_get_realm()
via e8c2525 krb5_wrap: Document smb_krb5_make_pac_checksum()
via 003358e krb5_wrap: Document smb_krb5_make_principal()
via aef6cb2 krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentation
via 2ac2975 krb5_wrap: Rename kerberos_kinit_s4u2_cc()
via 13da688 krb5_wrap: Document smb_krb5_kinit_password_ccache()
via 696cfcb krb5_wrap: Rename kerberos_kinit_password_cc()
via 294df2e krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentation
via 15c5dd7 krb5_wrap: Rename kerberos_kinit_keyblock_cc()
via c0e8616 krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()
via 466ebd4 waf: Check for the correct function name
via d62172b krb5_wrap: Document smb_krb5_keyblock_init_contents()
via 96d7c45 krb5_wrap: Document smb_krb5_kt_get_name()
via 6ddeb4a krb5_wrap: Rename smb_krb5_keytab_name()
via 1dba7d2 krb5_wrap: Document smb_krb5_kt_open()
via aa1cca9 krb5_wrap: Rename smb_krb5_open_keytab()
via 5e934aa krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative()
via 28a03a7 krb5_wrap: Document smb_krb5_kt_open_relative()
via 81da37e krb5_wrap: Rename smb_krb5_open_keytab_relative()
via 8abd9b5 krb5_wrap: Document smb_krb5_enctype_to_string()
via 6d063df krb5_wrap: Document smb_krb5_kt_free_entry()
via eefed8a krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry()
via d1de425 krb5_wrap: Rename smb_get_enctype_from_kt_entry()
via bff77af krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free()
via 4fae92d krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc()
via 167c1ce krb5_wrap: Remove unused handle_krberror_packet()
via a3852bc krb5_wrap: Remove unneded smb_krb5_free_error()
via c5fa646 krb5_wrap: Document smb_krb5_gen_netbios_krb5_address()
via 904e233 krb5_wrap: Document smb_krb5_free_addresses()
via 7aac543 krb5_wrap: Document smb_krb5_renew_ticket()
via e27c528 krb5_wrap: Remove redundant comment
via 884972f krb5_wrap: Move krb5_princ_component() to the top
via 1877950 krb5_wrap: Rename get_krb5_smb_session_key()
via be21e7f krb5_wrap: Move krb5_free_unparsed_name() to the top
via 7fe150c krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket()
via ec1e8d0 krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages
via 97249b7 krb5_wrap: Rename cli_krb5_get_ticket()
via 6cde974 krb5_wrap: Improve return value checks and debug messsages
via 86708aa krb5_wrap: Fix formatting issues in ads_krb5_mk_req()
via 0afc7d9 krb5_wrap: Use consistent naming for create_gss_checksum()
via 75f748f14e krb5_wrap: Use consistent naming for setup_auth_context()
via 83dbaea krb5_wrap: Move all ads function to the end
via dd05113 krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top
via 41172e2 krb5_wrap: Rename krb5_copy_data_contents()
via e8632e2 krb5_wrap: Rename kerberos_free_data_contents()
via 2622e16 krb5_wrap: Rename get_kerberos_allowed_etypes()
via 81917a1 krb5_wrap: Rename setup_kaddr()
from b722875 vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2de4aea7281eba66e654786de6f72d90ea8077c2
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 12:48:09 2016 +0200
s3-libads: Do not use deprecated krb5_change_password()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 1 00:43:51 CEST 2016 on sn-devel-144
commit e01587c948ecb064002e89e961bbbec4d625d9dd
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 17:08:57 2016 +0200
s3-libads: Do not use deprecated krb5_get_init_creds_opt_init()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9d4f1b4d3119f0c655eff3619e675423ad8c21d8
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 12:38:46 2016 +0200
s3-libads: Support for MIT Kerberos ntstatus from init_creds
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3cd4bc6446d2cd234f814091ce936d716360a78a
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 12:33:39 2016 +0200
s3-libads: Use non-deprecated function to get the error
krb5_get_init_creds_opt_get_error is deprecated.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e4f82de7716e91a1c512a8c37ca768b591029a4a
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 12:13:11 2016 +0200
s4-heimdal: Export krb5_init_creds_* functions
The function krb5_get_init_creds_opt_get_error() is deprecated and
krb5_init_creds_init() and krb5_init_creds_get_error() should be used
now.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e135a13478408985f534e04585919d79c4aa391a
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:44:05 2016 +0200
s3-libads: Rename smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 381ebd4af5b21e5c76e5cd0916b195360a447756
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 25 17:07:01 2016 +0200
krb5_wrap: Move unwrap_edata_ntstatus() and make it static
This also removes the asn1util dependency from krb5_wrap and moves it to
libads which is the only user.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3a4eaa00b676204dda510d49ea38c8ef32bc9860
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 14:21:52 2016 +0200
krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e00af44f4483db91b6c27ba1a53e92a3788976ce
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 14:20:03 2016 +0200
krb5_wrap: Remove unused smb_krb5_parse_name_norealm()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 907c0b92b783a3516ad93fb6861abb3f9a0fe0ee
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 14:17:19 2016 +0200
krb5_wrap: Improve smb_krb5_unparse_name() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 591b8671464c4ee7bdc35fbd4fb51c5ed266af7b
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 14:13:43 2016 +0200
krb5_wrap: Improve smb_krb5_parse_name() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 757e77b7faef936ebfd365362d151dbba907c0c3
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 08:54:04 2016 +0200
krb5_wrap: Document smb_krb5_cc_copy_creds()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0540cfdd4c076efe016b7cba8e5edb6d6111abd7
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 08:50:26 2016 +0200
krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3bc9b764e29ad71aecc94369624e8907181f71c1
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 08:50:05 2016 +0200
krb5_wrap: Improve krb5_warnx() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a5f1653651fc58a3ab8f2442b60932b711d3a02e
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 08:44:27 2016 +0200
krb5_wrap: Improve smb_krb5_principal_set_type() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e77c5ac01959ed9bbb44e9d91bd42b8a212cc010
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 30 08:40:16 2016 +0200
krb5_wrap: Improve smb_krb5_principal_get_type() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1d8c1cac96f3490f6b2606f31b587163a89936e4
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 17:27:06 2016 +0200
krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dbcba4c808b232a1046de4d27c7b5d97c642e1e5
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 17:24:41 2016 +0200
krb5_wrap: Document smb_get_krb5_error_message()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 52c0133b50463fe7ec035f45273465b27dbc454b
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 17:22:20 2016 +0200
krb5_wrap: Document smb_krb5_get_principal_from_service_hostname()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 24543743094726acd89208d98d9f5ab96125bc75
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 17:19:14 2016 +0200
krb5_wrap: Rename kerberos_get_principal_from_service_hostname()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a110ab82deac6de194131f455719c21fba3aa3a8
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 17:14:17 2016 +0200
krb5_wrap: Improve smb_krb5_principal_set_realm() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8c3b703068dfe372443c5033f42ae5f216e1801a
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 17:11:32 2016 +0200
krb5_wrap: Fix documentation of smb_krb5_principal_get_realm()
Create a valid doxygen documentation.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e8c2525e5578172d8f1fd1e86c571ed491fd2c11
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 17:09:02 2016 +0200
krb5_wrap: Document smb_krb5_make_pac_checksum()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 003358e868fa2751db153b78685242c931e54a49
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 12:10:48 2016 +0200
krb5_wrap: Document smb_krb5_make_principal()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aef6cb2b816e8fe4b1c4e6899cb6790b21cb93e2
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 12:04:43 2016 +0200
krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2ac297562fe5c4a49db45b26bee602f42477d10a
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:59:18 2016 +0200
krb5_wrap: Rename kerberos_kinit_s4u2_cc()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 13da6880471ac15187cf4fbacb57c429fceeb4e8
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:53:06 2016 +0200
krb5_wrap: Document smb_krb5_kinit_password_ccache()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 696cfcb3c0e4c44ab894b78d3337fe5d28e254bd
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:47:11 2016 +0200
krb5_wrap: Rename kerberos_kinit_password_cc()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 294df2e52c37ae4be1f8995db90d930f29a4713c
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:41:04 2016 +0200
krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentation
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 15c5dd700cba24b97ab8ab96710c068335e1edb1
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:33:24 2016 +0200
krb5_wrap: Rename kerberos_kinit_keyblock_cc()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c0e861666911d84f2d78cdab370077d9ac192005
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:29:34 2016 +0200
krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 466ebd4911dceac66ce379f6bd7e59881d0325f5
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:22:29 2016 +0200
waf: Check for the correct function name
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d62172b48e16edd8cb758858bde67113eeb67285
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:21:07 2016 +0200
krb5_wrap: Document smb_krb5_keyblock_init_contents()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 96d7c4543477a99b76d251ddd0a5dad3725f272d
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:10:30 2016 +0200
krb5_wrap: Document smb_krb5_kt_get_name()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6ddeb4aa424568343059f32b4774704daec66eed
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:07:48 2016 +0200
krb5_wrap: Rename smb_krb5_keytab_name()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1dba7d295697dd7e315d390c2661e680b3d0cc01
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:05:19 2016 +0200
krb5_wrap: Document smb_krb5_kt_open()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aa1cca9f2713f210065a6a6c2f5a300a2d741082
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 11:03:51 2016 +0200
krb5_wrap: Rename smb_krb5_open_keytab()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5e934aad486f6c09cd78b67785016f505215a9c3
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 10:58:43 2016 +0200
krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 28a03a72a62936b37fc9c9f9cea0cb15635e7a43
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 10:46:26 2016 +0200
krb5_wrap: Document smb_krb5_kt_open_relative()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 81da37eb90421e9355660de1ce6d53c4d6e6dfc6
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 10:42:57 2016 +0200
krb5_wrap: Rename smb_krb5_open_keytab_relative()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8abd9b5f079a87a368372bd5e8092830734059f7
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:32:25 2016 +0200
krb5_wrap: Document smb_krb5_enctype_to_string()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6d063dffb57d8607d1ac5b6ff8220ab451e18ec4
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:29:57 2016 +0200
krb5_wrap: Document smb_krb5_kt_free_entry()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit eefed8a62948971386ab83ac0987982c72e116dc
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:27:55 2016 +0200
krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d1de4253854414185845fd9819161bc2ad2ed4d8
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:17:37 2016 +0200
krb5_wrap: Rename smb_get_enctype_from_kt_entry()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bff77afd320d0cbdf0bd416bf2e78887cd58bf47
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:13:51 2016 +0200
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free()
Call the Kerberos function directly.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4fae92dcad3b1f01d2e5a55704043ac05344e406
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:12:38 2016 +0200
krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc()
Call the Kerberos function directly.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 167c1ce3312bd94def0aefb2955ee6b6d67e9827
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:11:17 2016 +0200
krb5_wrap: Remove unused handle_krberror_packet()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a3852bc0b96aa440d7095f50715ea10b5d4a54cc
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 09:09:18 2016 +0200
krb5_wrap: Remove unneded smb_krb5_free_error()
krb5_free_error() is availalbe in MIT and Heimdal. Both implementations
free the contents and the pointer. krb5_free_data_contents() is Heimdal
only. Which function you need to call depends.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c5fa646b533cbb6ec238ce297ee9d1636b0afab3
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 08:57:47 2016 +0200
krb5_wrap: Document smb_krb5_gen_netbios_krb5_address()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 904e2337263458b744cab948d8c1a65595019413
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 08:53:56 2016 +0200
krb5_wrap: Document smb_krb5_free_addresses()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7aac5434eeb6ed08fc173675acf0129e3c1bf037
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 08:50:28 2016 +0200
krb5_wrap: Document smb_krb5_renew_ticket()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e27c5288b33eedc82f444853a44886569f88f5ef
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 08:36:59 2016 +0200
krb5_wrap: Remove redundant comment
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 884972fee3eef8b5e7a75a8f2160a7c1278d299c
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 29 08:35:54 2016 +0200
krb5_wrap: Move krb5_princ_component() to the top
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1877950250f3548bf4154e2413419960de3a4045
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 17:07:18 2016 +0200
krb5_wrap: Rename get_krb5_smb_session_key()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit be21e7f2038320a8a13b69e07af98eba112648d4
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:54:12 2016 +0200
krb5_wrap: Move krb5_free_unparsed_name() to the top
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7fe150cbb2e914bb0a9f6fc99ea6fb90195ed01f
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:51:38 2016 +0200
krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ec1e8d0ec992221aa3a3d92eddde12651afa42f8
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:50:59 2016 +0200
krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 97249b7cd09892b4d2df7821a23dd8aad09ea3ad
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:38:53 2016 +0200
krb5_wrap: Rename cli_krb5_get_ticket()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6cde974c131db9d6f1011482030a3a1236b00929
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:33:39 2016 +0200
krb5_wrap: Improve return value checks and debug messsages
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 86708aab1a17afb1f36621625717758e276c7ac8
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:32:26 2016 +0200
krb5_wrap: Fix formatting issues in ads_krb5_mk_req()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0afc7d98d80a559d6ea34de9a6c58da8838275dc
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:21:56 2016 +0200
krb5_wrap: Use consistent naming for create_gss_checksum()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 75f748f14e273b97458653e6f76b55894f640014
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:21:01 2016 +0200
krb5_wrap: Use consistent naming for setup_auth_context()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 83dbaea978b905ef06fa8bf6a01992c25526aeab
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 16:19:42 2016 +0200
krb5_wrap: Move all ads function to the end
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dd05113ed1df7522ec411ead15cf71d0b060cb23
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 12:37:45 2016 +0200
krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 41172e27556f7fdd5519e19ff86a659aba446bd2
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 11:57:30 2016 +0200
krb5_wrap: Rename krb5_copy_data_contents()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e8632e2af50588dd47dc00fb72e85a398c844622
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 26 11:51:52 2016 +0200
krb5_wrap: Rename kerberos_free_data_contents()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2622e16d7685c48daa17408f4db74df8577b193a
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 25 17:02:59 2016 +0200
krb5_wrap: Rename get_kerberos_allowed_etypes()
Use consistent naming.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 81917a1162b168b2cd7a07706262cff3d9624e6a
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 25 16:59:18 2016 +0200
krb5_wrap: Rename setup_kaddr()
Use a better and consistent name and switch the arguments to reflect the
name.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials_krb5.c | 2 +-
lib/krb5_wrap/krb5_samba.c | 4377 +++++++++++++-----------
lib/krb5_wrap/krb5_samba.h | 127 +-
lib/krb5_wrap/wscript_build | 2 +-
source3/libads/authdata.c | 18 +-
source3/libads/kerberos.c | 131 +-
source3/libads/kerberos_keytab.c | 18 +-
source3/libads/krb5_setpw.c | 47 +-
source3/libnet/libnet_keytab.c | 10 +-
source3/librpc/crypto/gse.c | 9 +-
source3/librpc/crypto/gse_krb5.c | 13 +-
source3/libsmb/cliconnect.c | 7 +-
source3/wscript_build | 2 +-
source4/auth/gensec/gensec_krb5.c | 28 +-
source4/auth/kerberos/kerberos_pac.c | 8 +-
source4/auth/kerberos/kerberos_util.c | 41 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +-
source4/heimdal/lib/krb5/version-script.map | 3 +
source4/kdc/db-glue.c | 22 +-
source4/kdc/kdc-server.c | 2 +-
source4/kdc/kpasswd-heimdal.c | 2 +-
source4/kdc/ktutil.c | 4 +-
source4/kdc/pac-glue.c | 74 +-
source4/kdc/sdb.c | 2 +-
source4/kdc/sdb_to_hdb.c | 8 +-
source4/kdc/wdc-samba4.c | 8 +-
source4/libnet/libnet_export_keytab.c | 8 +-
source4/torture/ndr/krb5pac.c | 2 +-
source4/torture/rpc/lsa.c | 8 +-
wscript_configure_system_mitkrb5 | 2 +-
30 files changed, 2672 insertions(+), 2315 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 82b6de9..36c8a32 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -611,7 +611,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
* and used for the AS-REQ, so it wasn't possible to disable the usage
* of AES keys.
*/
- min_stat = get_kerberos_allowed_etypes(ccache->smb_krb5_context->krb5_context,
+ min_stat = smb_krb5_get_allowed_etypes(ccache->smb_krb5_context->krb5_context,
&etypes);
if (min_stat == 0) {
OM_uint32 num_ktypes;
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 2943b33..24d64cc 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -23,7 +23,6 @@
#include "includes.h"
#include "system/filesys.h"
#include "krb5_samba.h"
-#include "lib/util/asn1.h"
#ifdef HAVE_COM_ERR_H
#include <com_err.h>
@@ -63,6 +62,10 @@ krb5_error_code krb5_auth_con_set_req_cksumtype(
#define SMB_STRDUP(s) strdup(s)
#endif
+/**********************************************************
+ * MISSING FUNCTIONS
+ **********************************************************/
+
#if !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES)
#if defined(HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES)
@@ -92,9 +95,58 @@ krb5_error_code krb5_auth_con_set_req_cksumtype(
#endif /* HAVE_KRB5_SET_DEFAULT_TGS_KTYPES */
+
+#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
+krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
+ krb5_auth_context auth_context,
+ krb5_keyblock *keyblock)
+{
+ return krb5_auth_con_setkey(context, auth_context, keyblock);
+}
+#endif
+
+#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
+void krb5_free_unparsed_name(krb5_context context, char *val)
+{
+ SAFE_FREE(val);
+}
+#endif
+
+#if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING) && !defined(HAVE_KRB5_PRINC_COMPONENT)
+const krb5_data *krb5_princ_component(krb5_context context,
+ krb5_principal principal, int i);
+
+const krb5_data *krb5_princ_component(krb5_context context,
+ krb5_principal principal, int i)
+{
+ static krb5_data kdata;
+
+ kdata.data = discard_const_p(char, krb5_principal_get_comp_string(context, principal, i));
+ kdata.length = strlen((const char *)kdata.data);
+ return &kdata;
+}
+#endif
+
+
+/**********************************************************
+ * WRAPPING FUNCTIONS
+ **********************************************************/
+
#if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS)
/* HEIMDAL */
- bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr)
+
+/**
+ * @brief Stores the address of a 'struct sockaddr_storage' a krb5_address
+ *
+ * @param[in] paddr A pointer to a 'struct sockaddr_storage to extract the
+ * address from.
+ *
+ * @param[out] pkaddr A Kerberos address to store tha address in.
+ *
+ * @return True on success, false if an error occured.
+ */
+bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
+ krb5_address *pkaddr)
{
memset(pkaddr, '\0', sizeof(krb5_address));
#if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6)
@@ -115,7 +167,19 @@ krb5_error_code krb5_auth_con_set_req_cksumtype(
}
#elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS)
/* MIT */
-bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr)
+
+/**
+ * @brief Stores the address of a 'struct sockaddr_storage' a krb5_address
+ *
+ * @param[in] paddr A pointer to a 'struct sockaddr_storage to extract the
+ * address from.
+ *
+ * @param[in] pkaddr A Kerberos address to store tha address in.
+ *
+ * @return True on success, false if an error occured.
+ */
+bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
+ krb5_address *pkaddr)
{
memset(pkaddr, '\0', sizeof(krb5_address));
#if defined(HAVE_IPV6) && defined(ADDRTYPE_INET6)
@@ -253,7 +317,7 @@ int smb_krb5_create_key_from_string(krb5_context context,
* @param host_princ The krb5_principal to create the salt for
* @param psalt A pointer to a krb5_data struct
*
-* caller has to free the contents of psalt with kerberos_free_data_contents
+* caller has to free the contents of psalt with smb_krb5_free_data_contents
* when function has succeeded
*
* @return krb5_error_code, returns 0 on success, error code otherwise
@@ -288,13 +352,27 @@ int smb_krb5_get_pw_salt(krb5_context context,
#endif
#if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES)
- krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
+/**
+ * @brief Get a list of encryption types allowed for session keys
+ *
+ * @param[in] context The library context
+ *
+ * @param[in] enctypes An allocated, zero-terminated list of encryption types
+ *
+ * This function returns an allocated list of encryption types allowed for
+ * session keys.
+ *
+ * Use free() to free the enctypes when it is no longer needed.
+ *
+ * @retval 0 Success; otherwise - Kerberos error codes
+ */
+krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context,
krb5_enctype **enctypes)
{
return krb5_get_permitted_enctypes(context, enctypes);
}
#elif defined(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES)
- krb5_error_code get_kerberos_allowed_etypes(krb5_context context,
+krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context,
krb5_enctype **enctypes)
{
#ifdef HAVE_KRB5_PDU_NONE_DECL
@@ -307,185 +385,23 @@ int smb_krb5_get_pw_salt(krb5_context context,
#error UNKNOWN_GET_ENCTYPES_FUNCTIONS
#endif
-#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
- krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
- krb5_auth_context auth_context,
- krb5_keyblock *keyblock)
-{
- return krb5_auth_con_setkey(context, auth_context, keyblock);
-}
-#endif
-
-bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
- DATA_BLOB *edata,
- DATA_BLOB *edata_out)
-{
- DATA_BLOB edata_contents;
- ASN1_DATA *data;
- int edata_type;
-
- if (!edata->length) {
- return false;
- }
-
- data = asn1_init(mem_ctx);
- if (data == NULL) {
- return false;
- }
-
- if (!asn1_load(data, *edata)) goto err;
- if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err;
- if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err;
- if (!asn1_read_Integer(data, &edata_type)) goto err;
-
- if (edata_type != KRB5_PADATA_PW_SALT) {
- DEBUG(0,("edata is not of required type %d but of type %d\n",
- KRB5_PADATA_PW_SALT, edata_type));
- goto err;
- }
-
- if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err;
- if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto err;
- if (!asn1_end_tag(data)) goto err;
- if (!asn1_end_tag(data)) goto err;
- if (!asn1_end_tag(data)) goto err;
- asn1_free(data);
-
- *edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length);
-
- data_blob_free(&edata_contents);
-
- return true;
-
- err:
-
- asn1_free(data);
- return false;
-}
-
-
-static bool ads_cleanup_expired_creds(krb5_context context,
- krb5_ccache ccache,
- krb5_creds *credsp)
-{
- krb5_error_code retval;
- const char *cc_type = krb5_cc_get_type(context, ccache);
-
- DEBUG(3, ("ads_cleanup_expired_creds: Ticket in ccache[%s:%s] expiration %s\n",
- cc_type, krb5_cc_get_name(context, ccache),
- http_timestring(talloc_tos(), credsp->times.endtime)));
-
- /* we will probably need new tickets if the current ones
- will expire within 10 seconds.
- */
- if (credsp->times.endtime >= (time(NULL) + 10))
- return false;
-
- /* heimdal won't remove creds from a file ccache, and
- perhaps we shouldn't anyway, since internally we
- use memory ccaches, and a FILE one probably means that
- we're using creds obtained outside of our exectuable
- */
- if (strequal(cc_type, "FILE")) {
- DEBUG(5, ("ads_cleanup_expired_creds: We do not remove creds from a %s ccache\n", cc_type));
- return false;
- }
-
- retval = krb5_cc_remove_cred(context, ccache, 0, credsp);
- if (retval) {
- DEBUG(1, ("ads_cleanup_expired_creds: krb5_cc_remove_cred failed, err %s\n",
- error_message(retval)));
- /* If we have an error in this, we want to display it,
- but continue as though we deleted it */
- }
- return true;
-}
-
-/* Allocate and setup the auth context into the state we need. */
-
-static krb5_error_code setup_auth_context(krb5_context context,
- krb5_auth_context *auth_context)
-{
- krb5_error_code retval;
-
- retval = krb5_auth_con_init(context, auth_context );
- if (retval) {
- DEBUG(1,("krb5_auth_con_init failed (%s)\n",
- error_message(retval)));
- return retval;
- }
-
- /* Ensure this is an addressless ticket. */
- retval = krb5_auth_con_setaddrs(context, *auth_context, NULL, NULL);
- if (retval) {
- DEBUG(1,("krb5_auth_con_setaddrs failed (%s)\n",
- error_message(retval)));
- }
-
- return retval;
-}
-
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
-static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */
- uint32_t gss_flags)
-{
- unsigned int orig_length = in_data->length;
- unsigned int base_cksum_size = GSSAPI_CHECKSUM_SIZE;
- char *gss_cksum = NULL;
-
- if (orig_length) {
- /* Extra length field for delgated ticket. */
- base_cksum_size += 4;
- }
-
- if ((unsigned int)base_cksum_size + orig_length <
- (unsigned int)base_cksum_size) {
- return EINVAL;
- }
-
- gss_cksum = (char *)SMB_MALLOC(base_cksum_size + orig_length);
- if (gss_cksum == NULL) {
- return ENOMEM;
- }
-
- memset(gss_cksum, '\0', base_cksum_size + orig_length);
- SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH);
-
- /*
- * GSS_C_NO_CHANNEL_BINDINGS means 16 zero bytes.
- * This matches the behavior of heimdal and mit.
- *
- * And it is needed to work against some closed source
- * SMB servers.
- *
- * See bug #7883
- */
- memset(&gss_cksum[4], 0x00, GSSAPI_BNDLENGTH);
-
- SIVAL(gss_cksum, 20, gss_flags);
-
- if (orig_length) {
- SSVAL(gss_cksum, 24, 1); /* The Delegation Option identifier */
- SSVAL(gss_cksum, 26, orig_length);
- /* Copy the kerberos KRB_CRED data */
- memcpy(gss_cksum + 28, in_data->data, orig_length);
- free(in_data->data);
- in_data->data = NULL;
- in_data->length = 0;
- }
- in_data->data = gss_cksum;
- in_data->length = base_cksum_size + orig_length;
- return 0;
-}
-#endif
-
-/**************************************************************
- krb5_parse_name that takes a UNIX charset.
-**************************************************************/
+/**
+ * @brief Convert a string principal name to a Kerberos principal.
+ *
+ * @param[in] context The library context
+ *
+ * @param[in] name The principal as a unix charset string.
+ *
+ * @param[out] principal The newly allocated principal.
+ *
+ * Use krb5_free_principal() to free a principal when it is no longer needed.
+ *
+ * @return 0 on success, a Kerberos error code otherwise.
+ */
krb5_error_code smb_krb5_parse_name(krb5_context context,
- const char *name, /* in unix charset */
- krb5_principal *principal)
+ const char *name,
+ krb5_principal *principal)
{
krb5_error_code ret;
char *utf8_name;
@@ -502,18 +418,26 @@ krb5_error_code smb_krb5_parse_name(krb5_context context,
return ret;
}
-#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME)
-void krb5_free_unparsed_name(krb5_context context, char *val)
-{
- SAFE_FREE(val);
-}
-#endif
-
-/**************************************************************
- krb5_parse_name that returns a UNIX charset name. Must
- be freed with talloc_free() call.
-**************************************************************/
-
+/**
+ * @brief Convert a Kerberos principal structure to a string representation.
+ *
+ * The resulting string representation will be a unix charset name and is
+ * talloc'ed.
+ *
+ * @param[in] mem_ctx The talloc context to allocate memory on.
+ *
+ * @param[in] context The library context.
+ *
+ * @param[in] principal The principal.
+ *
+ * @param[out] unix_name A string representation of the princpial name as with
+ * unix charset.
+ *
+ * Use talloc_free() to free the string representation if it is no longer
+ * needed.
+ *
+ * @return 0 on success, a Kerberos error code otherwise.
+ */
krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_const_principal principal,
@@ -537,1709 +461,1524 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
return 0;
}
-krb5_error_code smb_krb5_parse_name_norealm(krb5_context context,
- const char *name,
- krb5_principal *principal)
+/**
+ * @brief Free the contents of a krb5_data structure and zero the data field.
+ *
+ * @param[in] context The krb5 context
+ *
+ * @param[in] pdata The data structure to free contents of
+ *
+ * This function frees the contents, not the structure itself.
+ */
+void smb_krb5_free_data_contents(krb5_context context, krb5_data *pdata)
{
- /* we are cheating here because parse_name will in fact set the realm.
- * We don't care as the only caller of smb_krb5_parse_name_norealm
- * ignores the realm anyway when calling
- * smb_krb5_principal_compare_any_realm later - Guenther */
-
- return smb_krb5_parse_name(context, name, principal);
+#if defined(HAVE_KRB5_FREE_DATA_CONTENTS)
+ if (pdata->data) {
+ krb5_free_data_contents(context, pdata);
+ }
+#elif defined(HAVE_KRB5_DATA_FREE)
+ krb5_data_free(context, pdata);
+#else
+ SAFE_FREE(pdata->data);
+#endif
}
-bool smb_krb5_principal_compare_any_realm(krb5_context context,
- krb5_const_principal princ1,
- krb5_const_principal princ2)
+/*
+ * @brief copy a buffer into a krb5_data struct
+ *
+ * @param[in] p The krb5_data
+ * @param[in] data The data to copy
+ * @param[in] length The length of the data to copy
+ * @return krb5_error_code
+ *
+ * Caller has to free krb5_data with smb_krb5_free_data_contents().
+ */
+krb5_error_code smb_krb5_copy_data_contents(krb5_data *p,
+ const void *data,
+ size_t len)
{
- return krb5_principal_compare_any_realm(context, princ1, princ2);
+#if defined(HAVE_KRB5_DATA_COPY)
+ return krb5_data_copy(p, data, len);
+#else
+ if (len) {
+ p->data = malloc(len);
+ if (p->data == NULL) {
+ return ENOMEM;
+ }
+ memmove(p->data, data, len);
+ } else {
+ p->data = NULL;
+ }
+ p->length = len;
+ p->magic = KV5M_DATA;
+ return 0;
+#endif
}
-/*
- we can't use krb5_mk_req because w2k wants the service to be in a particular format
-*/
-static krb5_error_code ads_krb5_mk_req(krb5_context context,
- krb5_auth_context *auth_context,
- const krb5_flags ap_req_options,
- const char *principal,
- krb5_ccache ccache,
- krb5_data *outbuf,
- time_t *expire_time,
- const char *impersonate_princ_s)
+bool smb_krb5_get_smb_session_key(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_auth_context auth_context,
+ DATA_BLOB *session_key,
+ bool remote)
{
- krb5_error_code retval;
- krb5_principal server;
- krb5_principal impersonate_princ = NULL;
- krb5_creds * credsp;
- krb5_creds creds;
- krb5_data in_data;
- bool creds_ready = false;
- int i = 0, maxtries = 3;
-
- ZERO_STRUCT(in_data);
-
- retval = smb_krb5_parse_name(context, principal, &server);
- if (retval) {
- DEBUG(1,("ads_krb5_mk_req: Failed to parse principal %s\n", principal));
- return retval;
- }
--
Samba Shared Repository
More information about the samba-cvs
mailing list