samba.git/source4/auth, branch talloc-2.3.1 Unnamed repository; edit this file 'description' to name the repository. auth: Simplify session generation 2019-11-06T20:36:34+00:00 Volker Lendecke vl@samba.org 2019-11-02T12:56:49+00:00 8ec9e97666653469e5bd56ef0576fb0af1406a82 We don't need to parse a text sid, we have those as binary available Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
We don't need to parse a text sid, we have those as binary available

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s4:auth: kinit_to_ccache() should always use the canonicalized principal 2019-09-24T18:30:37+00:00 Stefan Metzmacher metze@samba.org 2019-09-13T14:04:30+00:00 162b4199493c1f179e775a325a19ae7a136c418b We should always use krb5_get_init_creds_opt_set_canonicalize() and krb5_get_init_creds_opt_set_win2k() for heimdal and expect the client principal to be changed. There's no reason to have a different logic between MIT and Heimdal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
We should always use krb5_get_init_creds_opt_set_canonicalize()
and krb5_get_init_creds_opt_set_win2k() for heimdal
and expect the client principal to be changed.

There's no reason to have a different logic between MIT and Heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s4:auth: use the correct client realm in gensec_gssapi_update_internal() 2019-09-24T18:30:37+00:00 Stefan Metzmacher metze@samba.org 2019-09-17T06:05:09+00:00 db8fd3d6a315b140ebd6ccd0dcdfdcf27cd1bb38 The function gensec_gssapi_client_creds() may call kinit and gets a TGT for the user. The principal provided by the user may not be canonicalized. The user may use 'given.last@example.com' but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background. It means we should use client_realm = AD.EXAMPLE.PRIVATE instead of client_realm = EXAMPLE.COM BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> 
The function gensec_gssapi_client_creds() may call kinit and gets
a TGT for the user. The principal provided by the user may not
be canonicalized. The user may use 'given.last@example.com'
but that may be mapped to glast@AD.EXAMPLE.PRIVATE in the background.

It means we should use client_realm = AD.EXAMPLE.PRIVATE
instead of client_realm = EXAMPLE.COM

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
s4/auth/kerberos: clang: Fix Value stored to 'code' is never read 2019-07-24T04:19:27+00:00 Noel Power noel.power@suse.com 2019-07-05T10:41:19+00:00 6f733b5891db344ec9f3f996322213d8ac2075e5 Fixes: source4/auth/kerberos/kerberos_util.c:645:3: warning: Value stored to 'code' is never read <--[clang] code = 0; ^ ~ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Fixes:

source4/auth/kerberos/kerberos_util.c:645:3: warning: Value stored to 'code' is never read <--[clang]
                code = 0;
                ^      ~
1 warning generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
s4/auth/kerberos: clang: Fix 'value stored to 'ret' is never read ' 2019-07-24T04:19:27+00:00 Noel Power noel.power@suse.com 2019-07-05T10:24:53+00:00 765fc314e4aee455bae0f391a7d388584b48bb4a Fixes: source4/auth/kerberos/kerberos_pac.c:116:2: warning: Value stored to 'ret' is never read <--[clang] ret = smb_krb5_make_pac_checksum(mem_ctx, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Fixes:

source4/auth/kerberos/kerberos_pac.c:116:2: warning: Value stored to 'ret' is never read <--[clang]
        ret = smb_krb5_make_pac_checksum(mem_ctx,
        ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
s4/auth/py: avoid null deref with bad python arguments 2019-07-22T22:20:26+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2019-07-09T10:52:33+00:00 3d33e336267f54e1fe344bf1a83af88092c5ad43 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4/gensec/py: avoid null deref with bad python arguments 2019-07-22T22:20:26+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2019-07-09T10:52:19+00:00 936c96620743b75d3177b787cd50478d346c5870 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4/auth/pygensec: don't segfault when reporting bad types 2019-07-22T22:20:26+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2019-07-07T05:23:23+00:00 57fc8b6c5369d99b544ff0f43720b9670e018a2a Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4/auth/gensec: clang: Fix 'initialization value is never read' 2019-07-11T04:08:13+00:00 Noel Power noel.power@suse.com 2019-07-08T13:49:30+00:00 d6c67f7c886c67363c4c1ef139cc366aadf90142 Fixes: source4/auth/gensec/gensec_gssapi.c:431:11: warning: Value stored to 'nt_status' during its initialization is never read <--[clang] NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; ^~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Fixes:

source4/auth/gensec/gensec_gssapi.c:431:11: warning: Value stored to 'nt_status' during its initialization is never read <--[clang]
        NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
                 ^~~~~~~~~   ~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
py3: Remove duplicated PyUnicode_Check() after the py3 compat macros were removed 2019-06-24T18:48:53+00:00 Andrew Bartlett abartlet@samba.org 2019-06-15T11:14:49+00:00 4f32983ea8a24466165c043a73cb47b4073da15f This came about because in py2 we had to check for strings and unicode. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Mon Jun 24 18:48:53 UTC 2019 on sn-devel-184 
This came about because in py2 we had to check for strings and unicode.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jun 24 18:48:53 UTC 2019 on sn-devel-184