[PATCH] remove ads_verify_ticket(), consolidate server-side krb5 authentication codepaths
Andrew Bartlett
abartlet at samba.org
Mon Mar 12 06:49:56 MDT 2012
The patches in s3-auth-for-merge in my git tree represent one
of the last steps in the great journey to consistently handle kerberos
authentication in the source3 parts of our tree.
https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-auth-for-merge
This removes the last two callers to ads_verify_ticket(), and in then
removes the support code that is no longer called. Some of our most
delicate interactions with the krb5 libs are now no longer required, and
have been removed.
ntlm_auth has also been reworked to use the same handling loop for
gss-spengo and squid-2.5-ntlmssp. Tests for both have been added to
ensure the interface remains unchanged.
b/source3/Makefile.in | 7
b/source3/auth/auth_generic.c | 7
b/source3/configure.in | 56 -
b/source3/include/krb5_protos.h | 16
b/source3/include/proto.h | 1
b/source3/libads/authdata.c | 187 ++++-
b/source3/libads/kerberos_proto.h | 12
b/source3/librpc/crypto/gse.c | 4
b/source3/libsmb/auth_generic.c | 2
b/source3/libsmb/clikrb5.c | 295 -------
b/source3/libsmb/clispnego.c | 44 -
b/source3/selftest/tests.py | 5
b/source3/utils/ntlm_auth.c | 1122 ++++++++++++++----------------
b/source3/wscript | 23
b/source3/wscript_build | 5
b/source4/heimdal_build/wscript_configure | 2
b/wintest/test-s3.py | 3
source3/libads/kerberos_verify.c | 776 --------------------
18 files changed, 730 insertions(+), 1837 deletions(-)
These changes are currently being further tested in wintest and a private autobuild.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list