samba.git/source3/libads/sasl.c, branch talloc-2.3.0 Unnamed repository; edit this file 'description' to name the repository. libads: Add kerberos tracing 2018-12-19T20:49:29+00:00 Swen Schillig swen@linux.ibm.com 2018-12-05T10:16:42+00:00 3df7789e4b34f08b21d7d5d294831c795f0145d4 Replace kerberos context initialization from raw krb5_init_context() to smb_krb5_init_context_basic() which is adding common tracing as well. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> 
Replace kerberos context initialization from
raw krb5_init_context() to smb_krb5_init_context_basic()
which is adding common tracing as well.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
libads: abstract out SASL wrapping code 2017-05-17T21:02:09+00:00 Alexander Bokovoy ab@samba.org 2017-05-05T12:37:20+00:00 2dbaade13a3b5917e05a60b274827cdf38fd3ced Prepare for rebasing libads on top of libsmbldap. To make libads using 'struct smbldap_state' instead of direct LDAP structure, we need to abstract out libads logic from connection handling. SASL wrapping does not really depend on availability of LDAP handle and does not need direct access to ADS_STRUCT. As result, we'll be able to move SASL wrapping code under smbldap once the latter is able to pass settings that libads passes to the SASL wrapping. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Prepare for rebasing libads on top of libsmbldap.

To make libads using 'struct smbldap_state' instead of direct LDAP
structure, we need to abstract out libads logic from connection
handling. SASL wrapping does not really depend on availability of LDAP
handle and does not need direct access to ADS_STRUCT. As result, we'll
be able to move SASL wrapping code under smbldap once the latter is able
to pass settings that libads passes to the SASL wrapping.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libads: convert to use smb_gss_krb5_import_cred 2017-03-08T17:00:12+00:00 Alexander Bokovoy ab@samba.org 2017-03-03T14:57:50+00:00 520167992bd2477bc11920d2dc9ec87f2cb339c9 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
s3:libads: remove unused fallback to gss_acquire_cred() 2017-03-06T10:44:54+00:00 Stefan Metzmacher metze@samba.org 2017-03-03T11:56:24+00:00 bdce9f5fae979006fa97a398a5bc44eeb9e85875 Heimdal and all supported versions of MIT krb5 prove gss_krb5_import_cred(), so we don't need an #ifdef here. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 6 11:44:54 CET 2017 on sn-devel-144 
Heimdal and all supported versions of MIT krb5 prove gss_krb5_import_cred(),
so we don't need an #ifdef here.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar  6 11:44:54 CET 2017 on sn-devel-144
s3:libads: add more debugging to ads_sasl_spnego_bind() 2017-02-24T17:40:15+00:00 Stefan Metzmacher metze@samba.org 2017-02-23T10:54:21+00:00 ea0bc12ba52166032d5112ee22ab53d831c13e86 Any fallbacks to other authentication methods should be logged. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> 
Any fallbacks to other authentication methods should be logged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME" 2016-10-12T22:35:21+00:00 Stefan Metzmacher metze@samba.org 2016-10-10T15:07:12+00:00 a5f895a53016af71db53967062728fec5bc307ca Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144 
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144
s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME" 2016-10-12T18:54:09+00:00 Stefan Metzmacher metze@samba.org 2016-10-10T15:07:12+00:00 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> 
Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
libads: ensure the right ccache is used during spnego bind 2016-07-12T01:23:33+00:00 Stefan Metzmacher metze@samba.org 2016-07-06T10:44:11+00:00 a1743de74f09d5bf695f077f5127d02352a014e2 When doing spnego sasl bind: 1. Try working without kinit only if a password is not provided 2. When using kinit, ensure the KRB5CCNAME env var is set to a private memory ccache, so that the bind is on behalf of the requested user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144 
When doing spnego sasl bind:
1. Try working without kinit only if a password is not
   provided
2. When using kinit, ensure the KRB5CCNAME env var is set
   to a private memory ccache, so that the bind is on behalf
   of the requested user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144
libads: ensure the right ccache is used during gssapi bind 2016-07-11T21:46:17+00:00 Stefan Metzmacher metze@samba.org 2016-07-06T10:48:11+00:00 2672968851966e5c01e4fc4d906b45b5c047e655 When doing gssapi sasl bind: 1. Try working without kinit only if a password is not provided 2. When using kinit, ensure the KRB5CCNAME env var is set to a private memory ccache, so that the bind is on behalf of the requested user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> 
When doing gssapi sasl bind:
1. Try working without kinit only if a password is not
   provided
2. When using kinit, ensure the KRB5CCNAME env var is set
   to a private memory ccache, so that the bind is on behalf
   of the requested user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
s3-libads: fix a memory leak in ads_sasl_spnego_bind() 2016-07-05T18:55:08+00:00 Uri Simchoni uri@samba.org 2016-07-03T19:51:56+00:00 a646d9e796902dcb5246eb585433d4859796be2f BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006 Signed-off-by: Uri Simchoni <uri@samba.org> Signed-off-by: Richard Sharpe <rsharpe@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006

Signed-off-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>