summaryrefslogtreecommitdiff
path: root/source3/libads/authdata.c
AgeCommit message (Collapse)AuthorFilesLines
2024-05-14s3:gse: Implement gensec_gse_security_by_oid()Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-05-07s3:libads: use smb_krb5_cc_new_unique_memory() in kerberos_return_pac()Stefan Metzmacher1-4/+29
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23s3:libads: remove unused include of gensec_internal.hStefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-25libsmb: Make libsmb/clispnego.c static to libads/Volker Lendecke1-0/+43
It's only called there. The "+" part of this patch might not conform to README.Coding because it's a literal cut&paste. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-07-13s3:libads: Fix code spellingAndreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2022-02-23s3:libads: Return canonical principal and realm from kerberos_return_pac()Samuel Cabrero1-1/+21
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2022-02-23s3:libads: Fix memory leak in kerberos_return_pac() error pathSamuel Cabrero1-3/+8
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-10krb5_wrap: move source3/libads/krb5_errs.c to lib/krb5_wrap/krb5_errs.cStefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-02-10s3:libads: make use auth4_context_{for,get}_PAC_DATA_CTR() in ↵Stefan Metzmacher1-68/+2
kerberos_return_pac() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2019-09-24s3:libads: let kerberos_kinit_password_ext() return the canonicalized ↵Stefan Metzmacher1-0/+1
principal/realm BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2018-11-27libads: Give krb5_errs.c its own headerVolker Lendecke1-0/+1
The protos were declared in lib/krb5_wrap but the functions are not available there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-29auth: Add logging of service authorizationAndrew Bartlett1-0/+3
In ntlm_auth.c and authdata.c, the session info will be incomplete Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2016-08-31krb5_wrap: Rename cli_krb5_get_ticket()Andreas Schneider1-9/+9
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-04-18libads: Fix CID 1272956 Fixing wrong if conditionAnoop C S1-1/+1
Signed-off-by: Anoop C S <achiraya@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 18 01:33:04 CEST 2015 on sn-devel-104
2015-01-07s3-libads: Fix a possible segfault in kerberos_fetch_pac().Andreas Schneider1-13/+13
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11037 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-27auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-12s3-kerberos: let kerberos_return_pac() return a PAC container.Günther Deschner1-8/+21
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-12s3-kerberos: return a full PAC in kerberos_return_pac().Günther Deschner1-11/+17
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-03-12s3-libads: pass down local_service to kerberos_return_pac().Günther Deschner1-5/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-10auth/gensec: treat struct gensec_security_ops as const if possible.Stefan Metzmacher1-5/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10auth/gensec: introduce gensec_internal.hStefan Metzmacher1-0/+1
We should treat most gensec related structures private. It's a long way, but this is a start. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-07-06auth: Common function for retrieving PAC_LOGIN_INFO from PACChristof Schmitt1-26/+3
Several functions use the same logic as kerberos_pac_logon_info. Move kerberos_pac_logon_info to common code and reuse it to remove the code duplication. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-06-27s3-param: Rename loadparm_s3_context -> loadparm_s3_helpersAndrew Bartlett1-1/+1
This helps clarify the role of this structure and wrapper function. The purpose here is to provide helper functions to the lib/param loadparm_context that point back at the s3 lp_ functions. This allows a struct loadparm_context to be passed to any point in the code, and always refer to the correct loadparm system. If this has not been set, the variables loaded in the lib/param code will be returned. As requested by Michael Adam. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 27 17:11:16 CEST 2012 on sn-devel-104
2012-04-24s3: Attempt to fix the build without kerberosVolker Lendecke1-1/+2
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce1-0/+1
2012-04-03s3-libads: Rework kerberos_return_pac() to use GENSEC for the server-sideAndrew Bartlett1-22/+167
This removes the last user of ads_verify_ticket(), and means that we only have one code path to verify an incoming krb5 (GSSAPI) ticket. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-06-09s3-param Remove special case for global_myname(), rename to lp_netbios_name()Andrew Bartlett1-1/+1
There is no reason this can't be a normal constant string in the loadparm system, now that we have lp_set_cmdline() to handle overrides correctly. Andrew Bartlett
2011-04-20libcli/auth Move PAC parsing and verification in common.Andrew Bartlett1-317/+0
This uses the source3 PAC code (originally from Samba4) with some small changes to restore functionality needed by the torture tests, and to have a common API. Andrew Bartlett
2010-08-30s3-krb: Reformat and add doxygen comment to decode_pac_data()Simo Sorce1-63/+91
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-20s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce1-1/+2
2010-06-03s3: remove authdata.hGünther Deschner1-1/+0
Guenther
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-13/+7
2010-05-11s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATAAndrew Bartlett1-116/+6
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-04s3: Fix a memleak in check_pac_checksumVolker Lendecke1-2/+8
2009-11-27s3-kerberos: do not include authdata headers before including krb5 headers.Günther Deschner1-0/+1
Guenther
2009-11-27s3-kerberos: only use krb5 headers where required.Günther Deschner1-0/+1
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther
2009-11-12Remove unused variable warning.Jeremy Allison1-1/+0
Jeremy.
2009-11-12s3-kerberos: remove smb_krb5_get_tkt_from_creds().Günther Deschner1-60/+4
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther
2009-11-06s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs.Günther Deschner1-1/+1
Guenther
2009-11-06s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket().Günther Deschner1-1/+2
Guenther
2009-11-06s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls.Günther Deschner1-1/+25
Guenther
2009-11-06s3-kerberos: add smb_krb5_get_tkt_from_creds().Günther Deschner1-0/+40
Guenther
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett1-1/+1
Signed-off-by: Günther Deschner <gd@samba.org>
2008-10-20s3-build: no need to duplicate generated ndr_ prototypes.Günther Deschner1-0/+1
Guenther
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-2/+2
2008-09-23s3: use samba4 prototype for ndr_push/pull_struct_blob.Günther Deschner1-7/+7
Guenther
2008-02-27Add my copyright.Günther Deschner1-1/+1
Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97)
2008-02-17Some more cleanup in authdata.c.Günther Deschner1-621/+7
Guenther (This used to be commit 5483f5fb44bb2138a1348c05845a2b8f3588697a)
2008-02-17Align our krb5 PAC decoding routines to the samba4 ones.Günther Deschner1-234/+224
(while keeping all the trans krb5 lib support) Guenther (This used to be commit c06e507737bb07ff995876e49341de3f60b0da35)
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 19:41:52 +0000