The branch, master has been updated via 2de4aea s3-libads: Do not use deprecated krb5_change_password() via e01587c s3-libads: Do not use deprecated krb5_get_init_creds_opt_init() via 9d4f1b4 s3-libads: Support for MIT Kerberos ntstatus from init_creds via 3cd4bc6 s3-libads: Use non-deprecated function to get the error via e4f82de s4-heimdal: Export krb5_init_creds_* functions via e135a13 s3-libads: Rename smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt() via 381ebd4 krb5_wrap: Move unwrap_edata_ntstatus() and make it static via 3a4eaa0 krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm() via e00af44 krb5_wrap: Remove unused smb_krb5_parse_name_norealm() via 907c0b9 krb5_wrap: Improve smb_krb5_unparse_name() documentation via 591b867 krb5_wrap: Improve smb_krb5_parse_name() documentation via 757e77b krb5_wrap: Document smb_krb5_cc_copy_creds() via 0540cfd krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx() via 3bc9b76 krb5_wrap: Improve krb5_warnx() documentation via a5f1653 krb5_wrap: Improve smb_krb5_principal_set_type() documentation via e77c5ac krb5_wrap: Improve smb_krb5_principal_get_type() documentation via 1d8c1ca krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentation via dbcba4c krb5_wrap: Document smb_get_krb5_error_message() via 52c0133 krb5_wrap: Document smb_krb5_get_principal_from_service_hostname() via 2454374 krb5_wrap: Rename kerberos_get_principal_from_service_hostname() via a110ab8 krb5_wrap: Improve smb_krb5_principal_set_realm() documentation via 8c3b703 krb5_wrap: Fix documentation of smb_krb5_principal_get_realm() via e8c2525 krb5_wrap: Document smb_krb5_make_pac_checksum() via 003358e krb5_wrap: Document smb_krb5_make_principal() via aef6cb2 krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentation via 2ac2975 krb5_wrap: Rename kerberos_kinit_s4u2_cc() via 13da688 krb5_wrap: Document smb_krb5_kinit_password_ccache() via 696cfcb krb5_wrap: Rename kerberos_kinit_password_cc() via 294df2e krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentation via 15c5dd7 krb5_wrap: Rename kerberos_kinit_keyblock_cc() via c0e8616 krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents() via 466ebd4 waf: Check for the correct function name via d62172b krb5_wrap: Document smb_krb5_keyblock_init_contents() via 96d7c45 krb5_wrap: Document smb_krb5_kt_get_name() via 6ddeb4a krb5_wrap: Rename smb_krb5_keytab_name() via 1dba7d2 krb5_wrap: Document smb_krb5_kt_open() via aa1cca9 krb5_wrap: Rename smb_krb5_open_keytab() via 5e934aa krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative() via 28a03a7 krb5_wrap: Document smb_krb5_kt_open_relative() via 81da37e krb5_wrap: Rename smb_krb5_open_keytab_relative() via 8abd9b5 krb5_wrap: Document smb_krb5_enctype_to_string() via 6d063df krb5_wrap: Document smb_krb5_kt_free_entry() via eefed8a krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry() via d1de425 krb5_wrap: Rename smb_get_enctype_from_kt_entry() via bff77af krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free() via 4fae92d krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc() via 167c1ce krb5_wrap: Remove unused handle_krberror_packet() via a3852bc krb5_wrap: Remove unneded smb_krb5_free_error() via c5fa646 krb5_wrap: Document smb_krb5_gen_netbios_krb5_address() via 904e233 krb5_wrap: Document smb_krb5_free_addresses() via 7aac543 krb5_wrap: Document smb_krb5_renew_ticket() via e27c528 krb5_wrap: Remove redundant comment via 884972f krb5_wrap: Move krb5_princ_component() to the top via 1877950 krb5_wrap: Rename get_krb5_smb_session_key() via be21e7f krb5_wrap: Move krb5_free_unparsed_name() to the top via 7fe150c krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket() via ec1e8d0 krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages via 97249b7 krb5_wrap: Rename cli_krb5_get_ticket() via 6cde974 krb5_wrap: Improve return value checks and debug messsages via 86708aa krb5_wrap: Fix formatting issues in ads_krb5_mk_req() via 0afc7d9 krb5_wrap: Use consistent naming for create_gss_checksum() via 75f748f14e krb5_wrap: Use consistent naming for setup_auth_context() via 83dbaea krb5_wrap: Move all ads function to the end via dd05113 krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top via 41172e2 krb5_wrap: Rename krb5_copy_data_contents() via e8632e2 krb5_wrap: Rename kerberos_free_data_contents() via 2622e16 krb5_wrap: Rename get_kerberos_allowed_etypes() via 81917a1 krb5_wrap: Rename setup_kaddr() from b722875 vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 2de4aea7281eba66e654786de6f72d90ea8077c2 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 12:48:09 2016 +0200 s3-libads: Do not use deprecated krb5_change_password() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Thu Sep 1 00:43:51 CEST 2016 on sn-devel-144 commit e01587c948ecb064002e89e961bbbec4d625d9dd Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 17:08:57 2016 +0200 s3-libads: Do not use deprecated krb5_get_init_creds_opt_init() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9d4f1b4d3119f0c655eff3619e675423ad8c21d8 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 12:38:46 2016 +0200 s3-libads: Support for MIT Kerberos ntstatus from init_creds Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3cd4bc6446d2cd234f814091ce936d716360a78a Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 12:33:39 2016 +0200 s3-libads: Use non-deprecated function to get the error krb5_get_init_creds_opt_get_error is deprecated. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e4f82de7716e91a1c512a8c37ca768b591029a4a Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 12:13:11 2016 +0200 s4-heimdal: Export krb5_init_creds_* functions The function krb5_get_init_creds_opt_get_error() is deprecated and krb5_init_creds_init() and krb5_init_creds_get_error() should be used now. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e135a13478408985f534e04585919d79c4aa391a Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:44:05 2016 +0200 s3-libads: Rename smb_krb5_get_ntstatus_from_krb5_error_init_creds_opt() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 381ebd4af5b21e5c76e5cd0916b195360a447756 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 25 17:07:01 2016 +0200 krb5_wrap: Move unwrap_edata_ntstatus() and make it static This also removes the asn1util dependency from krb5_wrap and moves it to libads which is the only user. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3a4eaa00b676204dda510d49ea38c8ef32bc9860 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 14:21:52 2016 +0200 krb5_wrap: Remove unused smb_krb5_principal_compare_any_realm() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e00af44f4483db91b6c27ba1a53e92a3788976ce Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 14:20:03 2016 +0200 krb5_wrap: Remove unused smb_krb5_parse_name_norealm() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 907c0b92b783a3516ad93fb6861abb3f9a0fe0ee Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 14:17:19 2016 +0200 krb5_wrap: Improve smb_krb5_unparse_name() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 591b8671464c4ee7bdc35fbd4fb51c5ed266af7b Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 14:13:43 2016 +0200 krb5_wrap: Improve smb_krb5_parse_name() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 757e77b7faef936ebfd365362d151dbba907c0c3 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 08:54:04 2016 +0200 krb5_wrap: Document smb_krb5_cc_copy_creds() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0540cfdd4c076efe016b7cba8e5edb6d6111abd7 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 08:50:26 2016 +0200 krb5_wrap: Use 'samba-kdc' for com_err whoami in krb5_warnx() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3bc9b764e29ad71aecc94369624e8907181f71c1 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 08:50:05 2016 +0200 krb5_wrap: Improve krb5_warnx() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a5f1653651fc58a3ab8f2442b60932b711d3a02e Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 08:44:27 2016 +0200 krb5_wrap: Improve smb_krb5_principal_set_type() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e77c5ac01959ed9bbb44e9d91bd42b8a212cc010 Author: Andreas Schneider <a...@samba.org> Date: Tue Aug 30 08:40:16 2016 +0200 krb5_wrap: Improve smb_krb5_principal_get_type() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1d8c1cac96f3490f6b2606f31b587163a89936e4 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 17:27:06 2016 +0200 krb5_wrap: Improve smb_krb5_get_allowed_weak_crypto() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit dbcba4c808b232a1046de4d27c7b5d97c642e1e5 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 17:24:41 2016 +0200 krb5_wrap: Document smb_get_krb5_error_message() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 52c0133b50463fe7ec035f45273465b27dbc454b Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 17:22:20 2016 +0200 krb5_wrap: Document smb_krb5_get_principal_from_service_hostname() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 24543743094726acd89208d98d9f5ab96125bc75 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 17:19:14 2016 +0200 krb5_wrap: Rename kerberos_get_principal_from_service_hostname() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a110ab82deac6de194131f455719c21fba3aa3a8 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 17:14:17 2016 +0200 krb5_wrap: Improve smb_krb5_principal_set_realm() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8c3b703068dfe372443c5033f42ae5f216e1801a Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 17:11:32 2016 +0200 krb5_wrap: Fix documentation of smb_krb5_principal_get_realm() Create a valid doxygen documentation. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e8c2525e5578172d8f1fd1e86c571ed491fd2c11 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 17:09:02 2016 +0200 krb5_wrap: Document smb_krb5_make_pac_checksum() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 003358e868fa2751db153b78685242c931e54a49 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 12:10:48 2016 +0200 krb5_wrap: Document smb_krb5_make_principal() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit aef6cb2b816e8fe4b1c4e6899cb6790b21cb93e2 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 12:04:43 2016 +0200 krb5_wrap: Improve smb_krb5_kinit_s4u2_ccache() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2ac297562fe5c4a49db45b26bee602f42477d10a Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:59:18 2016 +0200 krb5_wrap: Rename kerberos_kinit_s4u2_cc() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 13da6880471ac15187cf4fbacb57c429fceeb4e8 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:53:06 2016 +0200 krb5_wrap: Document smb_krb5_kinit_password_ccache() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 696cfcb3c0e4c44ab894b78d3337fe5d28e254bd Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:47:11 2016 +0200 krb5_wrap: Rename kerberos_kinit_password_cc() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 294df2e52c37ae4be1f8995db90d930f29a4713c Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:41:04 2016 +0200 krb5_wrap: Improve smb_krb5_kinit_keyblock_cache() documentation Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 15c5dd700cba24b97ab8ab96710c068335e1edb1 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:33:24 2016 +0200 krb5_wrap: Rename kerberos_kinit_keyblock_cc() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c0e861666911d84f2d78cdab370077d9ac192005 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:29:34 2016 +0200 krb5_wrap: Add MIT implmentation of smb_krb5_keyblock_init_contents() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 466ebd4911dceac66ce379f6bd7e59881d0325f5 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:22:29 2016 +0200 waf: Check for the correct function name Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d62172b48e16edd8cb758858bde67113eeb67285 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:21:07 2016 +0200 krb5_wrap: Document smb_krb5_keyblock_init_contents() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 96d7c4543477a99b76d251ddd0a5dad3725f272d Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:10:30 2016 +0200 krb5_wrap: Document smb_krb5_kt_get_name() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6ddeb4aa424568343059f32b4774704daec66eed Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:07:48 2016 +0200 krb5_wrap: Rename smb_krb5_keytab_name() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1dba7d295697dd7e315d390c2661e680b3d0cc01 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:05:19 2016 +0200 krb5_wrap: Document smb_krb5_kt_open() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit aa1cca9f2713f210065a6a6c2f5a300a2d741082 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 11:03:51 2016 +0200 krb5_wrap: Rename smb_krb5_open_keytab() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5e934aad486f6c09cd78b67785016f505215a9c3 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 10:58:43 2016 +0200 krb5_wrap: Fix whitespace issues in smb_krb5_kt_open_relative() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 28a03a72a62936b37fc9c9f9cea0cb15635e7a43 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 10:46:26 2016 +0200 krb5_wrap: Document smb_krb5_kt_open_relative() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 81da37eb90421e9355660de1ce6d53c4d6e6dfc6 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 10:42:57 2016 +0200 krb5_wrap: Rename smb_krb5_open_keytab_relative() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8abd9b5f079a87a368372bd5e8092830734059f7 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:32:25 2016 +0200 krb5_wrap: Document smb_krb5_enctype_to_string() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6d063dffb57d8607d1ac5b6ff8220ab451e18ec4 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:29:57 2016 +0200 krb5_wrap: Document smb_krb5_kt_free_entry() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit eefed8a62948971386ab83ac0987982c72e116dc Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:27:55 2016 +0200 krb5_wrap: Document smb_krb5_kt_get_enctype_from_entry() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d1de4253854414185845fd9819161bc2ad2ed4d8 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:17:37 2016 +0200 krb5_wrap: Rename smb_get_enctype_from_kt_entry() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit bff77afd320d0cbdf0bd416bf2e78887cd58bf47 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:13:51 2016 +0200 krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_free() Call the Kerberos function directly. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4fae92dcad3b1f01d2e5a55704043ac05344e406 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:12:38 2016 +0200 krb5_wrap: Remove unneeded smb_krb5_get_init_creds_opt_alloc() Call the Kerberos function directly. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 167c1ce3312bd94def0aefb2955ee6b6d67e9827 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:11:17 2016 +0200 krb5_wrap: Remove unused handle_krberror_packet() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a3852bc0b96aa440d7095f50715ea10b5d4a54cc Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 09:09:18 2016 +0200 krb5_wrap: Remove unneded smb_krb5_free_error() krb5_free_error() is availalbe in MIT and Heimdal. Both implementations free the contents and the pointer. krb5_free_data_contents() is Heimdal only. Which function you need to call depends. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c5fa646b533cbb6ec238ce297ee9d1636b0afab3 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 08:57:47 2016 +0200 krb5_wrap: Document smb_krb5_gen_netbios_krb5_address() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 904e2337263458b744cab948d8c1a65595019413 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 08:53:56 2016 +0200 krb5_wrap: Document smb_krb5_free_addresses() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7aac5434eeb6ed08fc173675acf0129e3c1bf037 Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 08:50:28 2016 +0200 krb5_wrap: Document smb_krb5_renew_ticket() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e27c5288b33eedc82f444853a44886569f88f5ef Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 08:36:59 2016 +0200 krb5_wrap: Remove redundant comment Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 884972fee3eef8b5e7a75a8f2160a7c1278d299c Author: Andreas Schneider <a...@samba.org> Date: Mon Aug 29 08:35:54 2016 +0200 krb5_wrap: Move krb5_princ_component() to the top Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1877950250f3548bf4154e2413419960de3a4045 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 17:07:18 2016 +0200 krb5_wrap: Rename get_krb5_smb_session_key() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit be21e7f2038320a8a13b69e07af98eba112648d4 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:54:12 2016 +0200 krb5_wrap: Move krb5_free_unparsed_name() to the top Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7fe150cbb2e914bb0a9f6fc99ea6fb90195ed01f Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:51:38 2016 +0200 krb5_wrap: Cleanup some code in ads_krb5_cli_get_ticket() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ec1e8d0ec992221aa3a3d92eddde12651afa42f8 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:50:59 2016 +0200 krb5_wrap: Fix ads_krb5_cli_get_ticket() return checks and debug messages Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 97249b7cd09892b4d2df7821a23dd8aad09ea3ad Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:38:53 2016 +0200 krb5_wrap: Rename cli_krb5_get_ticket() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6cde974c131db9d6f1011482030a3a1236b00929 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:33:39 2016 +0200 krb5_wrap: Improve return value checks and debug messsages Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 86708aab1a17afb1f36621625717758e276c7ac8 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:32:26 2016 +0200 krb5_wrap: Fix formatting issues in ads_krb5_mk_req() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0afc7d98d80a559d6ea34de9a6c58da8838275dc Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:21:56 2016 +0200 krb5_wrap: Use consistent naming for create_gss_checksum() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 75f748f14e273b97458653e6f76b55894f640014 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:21:01 2016 +0200 krb5_wrap: Use consistent naming for setup_auth_context() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 83dbaea978b905ef06fa8bf6a01992c25526aeab Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 16:19:42 2016 +0200 krb5_wrap: Move all ads function to the end Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit dd05113ed1df7522ec411ead15cf71d0b060cb23 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 12:37:45 2016 +0200 krb5_wrap: Move krb5_auth_con_setuseruserkey() to the top Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 41172e27556f7fdd5519e19ff86a659aba446bd2 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 11:57:30 2016 +0200 krb5_wrap: Rename krb5_copy_data_contents() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e8632e2af50588dd47dc00fb72e85a398c844622 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 26 11:51:52 2016 +0200 krb5_wrap: Rename kerberos_free_data_contents() Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2622e16d7685c48daa17408f4db74df8577b193a Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 25 17:02:59 2016 +0200 krb5_wrap: Rename get_kerberos_allowed_etypes() Use consistent naming. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 81917a1162b168b2cd7a07706262cff3d9624e6a Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 25 16:59:18 2016 +0200 krb5_wrap: Rename setup_kaddr() Use a better and consistent name and switch the arguments to reflect the name. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/credentials/credentials_krb5.c | 2 +- lib/krb5_wrap/krb5_samba.c | 4377 +++++++++++++----------- lib/krb5_wrap/krb5_samba.h | 127 +- lib/krb5_wrap/wscript_build | 2 +- source3/libads/authdata.c | 18 +- source3/libads/kerberos.c | 131 +- source3/libads/kerberos_keytab.c | 18 +- source3/libads/krb5_setpw.c | 47 +- source3/libnet/libnet_keytab.c | 10 +- source3/librpc/crypto/gse.c | 9 +- source3/librpc/crypto/gse_krb5.c | 13 +- source3/libsmb/cliconnect.c | 7 +- source3/wscript_build | 2 +- source4/auth/gensec/gensec_krb5.c | 28 +- source4/auth/kerberos/kerberos_pac.c | 8 +- source4/auth/kerberos/kerberos_util.c | 41 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 2 +- source4/heimdal/lib/krb5/version-script.map | 3 + source4/kdc/db-glue.c | 22 +- source4/kdc/kdc-server.c | 2 +- source4/kdc/kpasswd-heimdal.c | 2 +- source4/kdc/ktutil.c | 4 +- source4/kdc/pac-glue.c | 74 +- source4/kdc/sdb.c | 2 +- source4/kdc/sdb_to_hdb.c | 8 +- source4/kdc/wdc-samba4.c | 8 +- source4/libnet/libnet_export_keytab.c | 8 +- source4/torture/ndr/krb5pac.c | 2 +- source4/torture/rpc/lsa.c | 8 +- wscript_configure_system_mitkrb5 | 2 +- 30 files changed, 2672 insertions(+), 2315 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index 82b6de9..36c8a32 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -611,7 +611,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, * and used for the AS-REQ, so it wasn't possible to disable the usage * of AES keys. */ - min_stat = get_kerberos_allowed_etypes(ccache->smb_krb5_context->krb5_context, + min_stat = smb_krb5_get_allowed_etypes(ccache->smb_krb5_context->krb5_context, &etypes); if (min_stat == 0) { OM_uint32 num_ktypes; diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 2943b33..24d64cc 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -23,7 +23,6 @@ #include "includes.h" #include "system/filesys.h" #include "krb5_samba.h" -#include "lib/util/asn1.h" #ifdef HAVE_COM_ERR_H #include <com_err.h> @@ -63,6 +62,10 @@ krb5_error_code krb5_auth_con_set_req_cksumtype( #define SMB_STRDUP(s) strdup(s) #endif +/********************************************************** + * MISSING FUNCTIONS + **********************************************************/ + #if !defined(HAVE_KRB5_SET_DEFAULT_TGS_KTYPES) #if defined(HAVE_KRB5_SET_DEFAULT_TGS_ENCTYPES) @@ -92,9 +95,58 @@ krb5_error_code krb5_auth_con_set_req_cksumtype( #endif /* HAVE_KRB5_SET_DEFAULT_TGS_KTYPES */ + +#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) +krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, + krb5_auth_context auth_context, + krb5_keyblock *keyblock) +{ + return krb5_auth_con_setkey(context, auth_context, keyblock); +} +#endif + +#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME) +void krb5_free_unparsed_name(krb5_context context, char *val) +{ + SAFE_FREE(val); +} +#endif + +#if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING) && !defined(HAVE_KRB5_PRINC_COMPONENT) +const krb5_data *krb5_princ_component(krb5_context context, + krb5_principal principal, int i); + +const krb5_data *krb5_princ_component(krb5_context context, + krb5_principal principal, int i) +{ + static krb5_data kdata; + + kdata.data = discard_const_p(char, krb5_principal_get_comp_string(context, principal, i)); + kdata.length = strlen((const char *)kdata.data); + return &kdata; +} +#endif + + +/********************************************************** + * WRAPPING FUNCTIONS + **********************************************************/ + #if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS) /* HEIMDAL */ - bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr) + +/** + * @brief Stores the address of a 'struct sockaddr_storage' a krb5_address + * + * @param[in] paddr A pointer to a 'struct sockaddr_storage to extract the + * address from. + * + * @param[out] pkaddr A Kerberos address to store tha address in. + * + * @return True on success, false if an error occured. + */ +bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr, + krb5_address *pkaddr) { memset(pkaddr, '\0', sizeof(krb5_address)); #if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6) @@ -115,7 +167,19 @@ krb5_error_code krb5_auth_con_set_req_cksumtype( } #elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ -bool setup_kaddr( krb5_address *pkaddr, struct sockaddr_storage *paddr) + +/** + * @brief Stores the address of a 'struct sockaddr_storage' a krb5_address + * + * @param[in] paddr A pointer to a 'struct sockaddr_storage to extract the + * address from. + * + * @param[in] pkaddr A Kerberos address to store tha address in. + * + * @return True on success, false if an error occured. + */ +bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr, + krb5_address *pkaddr) { memset(pkaddr, '\0', sizeof(krb5_address)); #if defined(HAVE_IPV6) && defined(ADDRTYPE_INET6) @@ -253,7 +317,7 @@ int smb_krb5_create_key_from_string(krb5_context context, * @param host_princ The krb5_principal to create the salt for * @param psalt A pointer to a krb5_data struct * -* caller has to free the contents of psalt with kerberos_free_data_contents +* caller has to free the contents of psalt with smb_krb5_free_data_contents * when function has succeeded * * @return krb5_error_code, returns 0 on success, error code otherwise @@ -288,13 +352,27 @@ int smb_krb5_get_pw_salt(krb5_context context, #endif #if defined(HAVE_KRB5_GET_PERMITTED_ENCTYPES) - krb5_error_code get_kerberos_allowed_etypes(krb5_context context, +/** + * @brief Get a list of encryption types allowed for session keys + * + * @param[in] context The library context + * + * @param[in] enctypes An allocated, zero-terminated list of encryption types + * + * This function returns an allocated list of encryption types allowed for + * session keys. + * + * Use free() to free the enctypes when it is no longer needed. + * + * @retval 0 Success; otherwise - Kerberos error codes + */ +krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context, krb5_enctype **enctypes) { return krb5_get_permitted_enctypes(context, enctypes); } #elif defined(HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES) - krb5_error_code get_kerberos_allowed_etypes(krb5_context context, +krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context, krb5_enctype **enctypes) { #ifdef HAVE_KRB5_PDU_NONE_DECL @@ -307,185 +385,23 @@ int smb_krb5_get_pw_salt(krb5_context context, #error UNKNOWN_GET_ENCTYPES_FUNCTIONS #endif -#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) - krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, - krb5_auth_context auth_context, - krb5_keyblock *keyblock) -{ - return krb5_auth_con_setkey(context, auth_context, keyblock); -} -#endif - -bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx, - DATA_BLOB *edata, - DATA_BLOB *edata_out) -{ - DATA_BLOB edata_contents; - ASN1_DATA *data; - int edata_type; - - if (!edata->length) { - return false; - } - - data = asn1_init(mem_ctx); - if (data == NULL) { - return false; - } - - if (!asn1_load(data, *edata)) goto err; - if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err; - if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err; - if (!asn1_read_Integer(data, &edata_type)) goto err; - - if (edata_type != KRB5_PADATA_PW_SALT) { - DEBUG(0,("edata is not of required type %d but of type %d\n", - KRB5_PADATA_PW_SALT, edata_type)); - goto err; - } - - if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err; - if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto err; - if (!asn1_end_tag(data)) goto err; - if (!asn1_end_tag(data)) goto err; - if (!asn1_end_tag(data)) goto err; - asn1_free(data); - - *edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length); - - data_blob_free(&edata_contents); - - return true; - - err: - - asn1_free(data); - return false; -} - - -static bool ads_cleanup_expired_creds(krb5_context context, - krb5_ccache ccache, - krb5_creds *credsp) -{ - krb5_error_code retval; - const char *cc_type = krb5_cc_get_type(context, ccache); - - DEBUG(3, ("ads_cleanup_expired_creds: Ticket in ccache[%s:%s] expiration %s\n", - cc_type, krb5_cc_get_name(context, ccache), - http_timestring(talloc_tos(), credsp->times.endtime))); - - /* we will probably need new tickets if the current ones - will expire within 10 seconds. - */ - if (credsp->times.endtime >= (time(NULL) + 10)) - return false; - - /* heimdal won't remove creds from a file ccache, and - perhaps we shouldn't anyway, since internally we - use memory ccaches, and a FILE one probably means that - we're using creds obtained outside of our exectuable - */ - if (strequal(cc_type, "FILE")) { - DEBUG(5, ("ads_cleanup_expired_creds: We do not remove creds from a %s ccache\n", cc_type)); - return false; - } - - retval = krb5_cc_remove_cred(context, ccache, 0, credsp); - if (retval) { - DEBUG(1, ("ads_cleanup_expired_creds: krb5_cc_remove_cred failed, err %s\n", - error_message(retval))); - /* If we have an error in this, we want to display it, - but continue as though we deleted it */ - } - return true; -} - -/* Allocate and setup the auth context into the state we need. */ - -static krb5_error_code setup_auth_context(krb5_context context, - krb5_auth_context *auth_context) -{ - krb5_error_code retval; - - retval = krb5_auth_con_init(context, auth_context ); - if (retval) { - DEBUG(1,("krb5_auth_con_init failed (%s)\n", - error_message(retval))); - return retval; - } - - /* Ensure this is an addressless ticket. */ - retval = krb5_auth_con_setaddrs(context, *auth_context, NULL, NULL); - if (retval) { - DEBUG(1,("krb5_auth_con_setaddrs failed (%s)\n", - error_message(retval))); - } - - return retval; -} - -#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) -static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */ - uint32_t gss_flags) -{ - unsigned int orig_length = in_data->length; - unsigned int base_cksum_size = GSSAPI_CHECKSUM_SIZE; - char *gss_cksum = NULL; - - if (orig_length) { - /* Extra length field for delgated ticket. */ - base_cksum_size += 4; - } - - if ((unsigned int)base_cksum_size + orig_length < - (unsigned int)base_cksum_size) { - return EINVAL; - } - - gss_cksum = (char *)SMB_MALLOC(base_cksum_size + orig_length); - if (gss_cksum == NULL) { - return ENOMEM; - } - - memset(gss_cksum, '\0', base_cksum_size + orig_length); - SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH); - - /* - * GSS_C_NO_CHANNEL_BINDINGS means 16 zero bytes. - * This matches the behavior of heimdal and mit. - * - * And it is needed to work against some closed source - * SMB servers. - * - * See bug #7883 - */ - memset(&gss_cksum[4], 0x00, GSSAPI_BNDLENGTH); - - SIVAL(gss_cksum, 20, gss_flags); - - if (orig_length) { - SSVAL(gss_cksum, 24, 1); /* The Delegation Option identifier */ - SSVAL(gss_cksum, 26, orig_length); - /* Copy the kerberos KRB_CRED data */ - memcpy(gss_cksum + 28, in_data->data, orig_length); - free(in_data->data); - in_data->data = NULL; - in_data->length = 0; - } - in_data->data = gss_cksum; - in_data->length = base_cksum_size + orig_length; - return 0; -} -#endif - -/************************************************************** - krb5_parse_name that takes a UNIX charset. -**************************************************************/ +/** + * @brief Convert a string principal name to a Kerberos principal. + * + * @param[in] context The library context + * + * @param[in] name The principal as a unix charset string. + * + * @param[out] principal The newly allocated principal. + * + * Use krb5_free_principal() to free a principal when it is no longer needed. + * + * @return 0 on success, a Kerberos error code otherwise. + */ krb5_error_code smb_krb5_parse_name(krb5_context context, - const char *name, /* in unix charset */ - krb5_principal *principal) + const char *name, + krb5_principal *principal) { krb5_error_code ret; char *utf8_name; @@ -502,18 +418,26 @@ krb5_error_code smb_krb5_parse_name(krb5_context context, return ret; } -#if !defined(HAVE_KRB5_FREE_UNPARSED_NAME) -void krb5_free_unparsed_name(krb5_context context, char *val) -{ - SAFE_FREE(val); -} -#endif - -/************************************************************** - krb5_parse_name that returns a UNIX charset name. Must - be freed with talloc_free() call. -**************************************************************/ - +/** + * @brief Convert a Kerberos principal structure to a string representation. + * + * The resulting string representation will be a unix charset name and is + * talloc'ed. + * + * @param[in] mem_ctx The talloc context to allocate memory on. + * + * @param[in] context The library context. + * + * @param[in] principal The principal. + * + * @param[out] unix_name A string representation of the princpial name as with + * unix charset. + * + * Use talloc_free() to free the string representation if it is no longer + * needed. + * + * @return 0 on success, a Kerberos error code otherwise. + */ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, krb5_context context, krb5_const_principal principal, @@ -537,1709 +461,1524 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx, return 0; } -krb5_error_code smb_krb5_parse_name_norealm(krb5_context context, - const char *name, - krb5_principal *principal) +/** + * @brief Free the contents of a krb5_data structure and zero the data field. + * + * @param[in] context The krb5 context + * + * @param[in] pdata The data structure to free contents of + * + * This function frees the contents, not the structure itself. + */ +void smb_krb5_free_data_contents(krb5_context context, krb5_data *pdata) { - /* we are cheating here because parse_name will in fact set the realm. - * We don't care as the only caller of smb_krb5_parse_name_norealm - * ignores the realm anyway when calling - * smb_krb5_principal_compare_any_realm later - Guenther */ - - return smb_krb5_parse_name(context, name, principal); +#if defined(HAVE_KRB5_FREE_DATA_CONTENTS) + if (pdata->data) { + krb5_free_data_contents(context, pdata); + } +#elif defined(HAVE_KRB5_DATA_FREE) + krb5_data_free(context, pdata); +#else + SAFE_FREE(pdata->data); +#endif } -bool smb_krb5_principal_compare_any_realm(krb5_context context, - krb5_const_principal princ1, - krb5_const_principal princ2) +/* + * @brief copy a buffer into a krb5_data struct + * + * @param[in] p The krb5_data + * @param[in] data The data to copy + * @param[in] length The length of the data to copy + * @return krb5_error_code + * + * Caller has to free krb5_data with smb_krb5_free_data_contents(). + */ +krb5_error_code smb_krb5_copy_data_contents(krb5_data *p, + const void *data, + size_t len) { - return krb5_principal_compare_any_realm(context, princ1, princ2); +#if defined(HAVE_KRB5_DATA_COPY) + return krb5_data_copy(p, data, len); +#else + if (len) { + p->data = malloc(len); + if (p->data == NULL) { + return ENOMEM; + } + memmove(p->data, data, len); + } else { + p->data = NULL; + } + p->length = len; + p->magic = KV5M_DATA; + return 0; +#endif } -/* - we can't use krb5_mk_req because w2k wants the service to be in a particular format -*/ -static krb5_error_code ads_krb5_mk_req(krb5_context context, - krb5_auth_context *auth_context, - const krb5_flags ap_req_options, - const char *principal, - krb5_ccache ccache, - krb5_data *outbuf, - time_t *expire_time, - const char *impersonate_princ_s) +bool smb_krb5_get_smb_session_key(TALLOC_CTX *mem_ctx, + krb5_context context, + krb5_auth_context auth_context, + DATA_BLOB *session_key, + bool remote) { - krb5_error_code retval; - krb5_principal server; - krb5_principal impersonate_princ = NULL; - krb5_creds * credsp; - krb5_creds creds; - krb5_data in_data; - bool creds_ready = false; - int i = 0, maxtries = 3; - - ZERO_STRUCT(in_data); - - retval = smb_krb5_parse_name(context, principal, &server); - if (retval) { - DEBUG(1,("ads_krb5_mk_req: Failed to parse principal %s\n", principal)); - return retval; - } -- Samba Shared Repository