git.samba.org - asn/samba.git/log

commit | commitdiff | tree

Andreas Schneider [Mon, 29 Apr 2024 14:18:57 +0000 (16:18 +0200)]

WIP s3: Enable IAKerb

commit | commitdiff | tree

Andreas Schneider [Thu, 25 Apr 2024 14:11:29 +0000 (16:11 +0200)]

WIP s3:gse: Implement support for IAKerb

commit | commitdiff | tree

Andreas Schneider [Thu, 25 Apr 2024 13:36:47 +0000 (15:36 +0200)]

auth:gensec: Add definitions for IAKerb

commit | commitdiff | tree

Andreas Schneider [Mon, 29 Apr 2024 07:36:01 +0000 (09:36 +0200)]

s3:gse: Send GSS_C_NO_BUFFER on the first pass

Documentation you find for gss_init_sec_context() states for
input_token:

    Specifies the token received from the context acceptor.
    GSS_C_NO_BUFFER should be specified if this is the first call to the
    gss_init_sec_context() routine.

Some of them also allow GSS_C_EMPTY_BUFFER to be passed. So better use
GSS_C_NO_BUFFER to be safe.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

commit | commitdiff | tree

Andreas Schneider [Fri, 26 Apr 2024 08:54:47 +0000 (10:54 +0200)]

s3:gse: Use smb_gss_mech_import_cred() in gse_init_server()

commit | commitdiff | tree

Andreas Schneider [Fri, 26 Apr 2024 08:49:33 +0000 (10:49 +0200)]

s3:gse: Pass down the mech to gse_context_init()

commit | commitdiff | tree

Andreas Schneider [Fri, 26 Apr 2024 08:40:13 +0000 (10:40 +0200)]

lib:krb5_wrap: Implement smb_gss_mech_import_cred()

commit | commitdiff | tree

Andreas Schneider [Thu, 25 Apr 2024 13:51:40 +0000 (15:51 +0200)]

s3:gse: Implement gensec_gse_security_by_oid()

commit | commitdiff | tree

Andreas Schneider [Thu, 25 Apr 2024 13:33:07 +0000 (15:33 +0200)]

auth:gensec: Rename GENSEC_GSSAPI to GENSEC_GSS_KRB5

commit | commitdiff | tree

Andreas Schneider [Thu, 25 Apr 2024 13:31:58 +0000 (15:31 +0200)]

s4:auth:gensec: Remove trailing spaces in gensec_gssapi.c

commit | commitdiff | tree

Stefan Metzmacher [Fri, 15 Mar 2024 22:28:26 +0000 (23:28 +0100)]

Revert "HACK source4/lib/tls/tls_tstream.c gnutls_alpn_set_protocols(GNUTLS_ALPN_MANDATORY)"

This reverts commit 15ad5fcfc2c93dd7b3f96ce32f7ad095233f4c20.

commit | commitdiff | tree

Stefan Metzmacher [Fri, 15 Mar 2024 22:28:07 +0000 (23:28 +0100)]

HACK source4/lib/tls/tls_tstream.c gnutls_alpn_set_protocols(GNUTLS_ALPN_MANDATORY)

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 15:57:07 +0000 (16:57 +0100)]

Revert "HACK simulate GNUTLS_FORCE_FIPS_MODE=1"

This reverts commit f01ebfb6674ed77557617841ad5b104d3685a255.

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 15:48:23 +0000 (16:48 +0100)]

HACK simulate GNUTLS_FORCE_FIPS_MODE=1

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 10:50:32 +0000 (11:50 +0100)]

Revert "HACK .gitlab-ci-main.yml only MIT fedora"

This reverts commit 8268cfb12e340d7b7d572f7de0f6eb86c177ba6a.

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 10:50:22 +0000 (11:50 +0100)]

Revert "HACK debug smb_krb5_cc_get_lifetime"

This reverts commit a495d388e6a2b25af5467f60bcb23b548cd790c1.

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 10:50:22 +0000 (11:50 +0100)]

Revert "DEBUG python/samba/tests/krb5/test_smb.py"

This reverts commit 3e463b6d3f7bac78c83015c211422e17c441693c.

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 10:44:57 +0000 (11:44 +0100)]

DEBUG python/samba/tests/krb5/test_smb.py

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 10:44:29 +0000 (11:44 +0100)]

HACK debug smb_krb5_cc_get_lifetime

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 09:25:31 +0000 (10:25 +0100)]

HACK .gitlab-ci-main.yml only MIT fedora

commit | commitdiff | tree

Stefan Metzmacher [Thu, 7 Mar 2024 16:06:53 +0000 (17:06 +0100)]

Revert "TODO cli_session_creds_init use_global_krb5_ccache"

This reverts commit 1e82da22c043fe960a0a2d3028fd67fdcfb4d4cc.

commit | commitdiff | tree

Stefan Metzmacher [Thu, 7 Mar 2024 15:43:43 +0000 (16:43 +0100)]

TODO cli_session_creds_init use_global_krb5_ccache

commit | commitdiff | tree

Stefan Metzmacher [Fri, 1 Mar 2024 15:17:51 +0000 (16:17 +0100)]

Revert "TODO split KERB_AP_OPTIONS_CBT"

This reverts commit a659c0807ec02ff97588c1c5cd838d39cb2f8707.

commit | commitdiff | tree

Stefan Metzmacher [Mon, 12 Feb 2024 08:19:10 +0000 (09:19 +0100)]

Revert "third_party/heimdal/lib/asn1/krb5.asn1 fix KRB5-AUTHDATA-KERB-LOCAL KRB5-AUTHDATA-TOKEN-RESTRICTIONS"

This reverts commit b38fa8a12c33f2e9937b3b16b56fd6ea17e632bf.

commit | commitdiff | tree

Stefan Metzmacher [Mon, 12 Feb 2024 08:19:10 +0000 (09:19 +0100)]

Revert "source3/librpc/crypto/gse.c authenticator-ad-types 141, 142, 143, 144"

This reverts commit 45bdf4e51a1105243e8544f415503fd260ac6eb6.

commit | commitdiff | tree

Stefan Metzmacher [Mon, 12 Feb 2024 08:19:10 +0000 (09:19 +0100)]

Revert "source4/auth/gensec/gensec_gssapi.c authenticator-ad-types 141, 142, 143, 144"

This reverts commit fbe7878b1149322f1f445eaaa80bb984622f69dd.

commit | commitdiff | tree

Stefan Metzmacher [Mon, 12 Feb 2024 08:19:10 +0000 (09:19 +0100)]

Revert "third_party/heimdal/lib/asn1/krb5.asn1 gss_set_name_attribute("ticket-authz-data")"

This reverts commit bad3caa5f38938261746f45e4e21493b400e0364.

commit | commitdiff | tree

Stefan Metzmacher [Mon, 12 Feb 2024 08:19:10 +0000 (09:19 +0100)]

Revert "SPLIT GENSEC_FEATURE_UNVERIFIED_TARGET_NAME"

This reverts commit c77664e055ff3fe68c3136850a97ac65b244298b.

commit | commitdiff | tree

Stefan Metzmacher [Wed, 7 Feb 2024 16:32:59 +0000 (17:32 +0100)]

SPLIT GENSEC_FEATURE_UNVERIFIED_TARGET_NAME

commit | commitdiff | tree

Stefan Metzmacher [Wed, 7 Feb 2024 16:19:08 +0000 (17:19 +0100)]

third_party/heimdal/lib/asn1/krb5.asn1 gss_set_name_attribute("ticket-authz-data")

commit | commitdiff | tree

Stefan Metzmacher [Wed, 31 Jan 2024 15:14:03 +0000 (16:14 +0100)]

source4/auth/gensec/gensec_gssapi.c authenticator-ad-types 141, 142, 143, 144

commit | commitdiff | tree

Stefan Metzmacher [Wed, 31 Jan 2024 15:14:03 +0000 (16:14 +0100)]

source3/librpc/crypto/gse.c authenticator-ad-types 141, 142, 143, 144

commit | commitdiff | tree

Stefan Metzmacher [Wed, 31 Jan 2024 15:52:54 +0000 (16:52 +0100)]

third_party/heimdal/lib/asn1/krb5.asn1 fix KRB5-AUTHDATA-KERB-LOCAL KRB5-AUTHDATA-TOKEN-RESTRICTIONS

commit | commitdiff | tree

Stefan Metzmacher [Tue, 30 Jan 2024 15:39:15 +0000 (16:39 +0100)]

TODO split KERB_AP_OPTIONS_CBT

commit | commitdiff | tree

Stefan Metzmacher [Thu, 15 Feb 2024 17:55:52 +0000 (18:55 +0100)]

Revert "debug dcname winbind"

This reverts commit c1bfbc7ba752d27989239e36a070e4689e0a8f7c.

commit | commitdiff | tree

Stefan Metzmacher [Thu, 15 Feb 2024 17:55:52 +0000 (18:55 +0100)]

Revert "debug source4/rpc_server/netlogon/dcerpc_netlogon.c dsname"

This reverts commit 3d3400c2820f59bc054d828009a017c7c77e6466.

commit | commitdiff | tree

Stefan Metzmacher [Wed, 14 Feb 2024 11:37:18 +0000 (12:37 +0100)]

debug source4/rpc_server/netlogon/dcerpc_netlogon.c dsname

commit | commitdiff | tree

Stefan Metzmacher [Wed, 14 Feb 2024 11:35:57 +0000 (12:35 +0100)]

debug dcname winbind

commit | commitdiff | tree

Stefan Metzmacher [Fri, 5 Apr 2024 14:32:32 +0000 (16:32 +0200)]

Revert "selftest ldaps ad_member_idmap_ad"

This reverts commit 43d1232223f8c419ff7dece8491ffc3d297596b3.

commit | commitdiff | tree

Stefan Metzmacher [Wed, 14 Feb 2024 11:36:33 +0000 (12:36 +0100)]

selftest ldaps ad_member_idmap_ad

commit | commitdiff | tree

Stefan Metzmacher [Tue, 6 Feb 2024 20:09:58 +0000 (21:09 +0100)]

source4/dsdb/repl/drepl_out_helpers.c always go via dreplsrv_out_drsuapi_send() https://bugzilla.samba.org/show_bug.cgi?id=15573

to call dreplsrv_op_pull_source_get_changes_trigger

commit | commitdiff | tree

Stefan Metzmacher [Thu, 14 Apr 2022 10:48:54 +0000 (12:48 +0200)]

TODO: docs-xml/smbdotconf/security/clientusedefaultkrb5ccache.xml

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Mar 2022 11:30:39 +0000 (12:30 +0100)]

source3/script/tests/test_smbclient_krb5.sh STEP3

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Mar 2022 11:30:28 +0000 (12:30 +0100)]

source3/script/tests/test_smbclient_krb5.sh STEP2

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Mar 2022 11:29:58 +0000 (12:29 +0100)]

source3/script/tests/test_smbclient_krb5.sh STEP 1

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 12:20:19 +0000 (13:20 +0100)]

HACK testprogs/blackbox/test_kinit.sh force fail

commit | commitdiff | tree

Stefan Metzmacher [Fri, 8 Mar 2024 12:03:05 +0000 (13:03 +0100)]

testprogs/blackbox/test_kinit.sh also test --use-default-krb5-ccache

commit | commitdiff | tree

Stefan Metzmacher [Sat, 9 Mar 2024 10:05:16 +0000 (11:05 +0100)]

sq docs-xml/build/DTD/samba.entities

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Mar 2022 13:08:11 +0000 (14:08 +0100)]

sq fix python/samba/getopt.py

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Mar 2022 13:08:11 +0000 (14:08 +0100)]

fix python/samba/getopt.py

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Mar 2022 10:39:56 +0000 (11:39 +0100)]

TODO-SPLIT add --use-default-krb5-ccache to select the default ccache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>

commit | commitdiff | tree

Stefan Metzmacher [Thu, 7 Mar 2024 13:59:09 +0000 (14:59 +0100)]

Revert "lib/cmdline/cmdline.c --use-krb5-ccache= needs to export KRB5CCNAME"

This reverts commit e8d407360d1ac2cf835c6321bb94e55c4a5bb150.

commit | commitdiff | tree

Stefan Metzmacher [Wed, 16 Mar 2022 11:42:56 +0000 (12:42 +0100)]

lib/cmdline/cmdline.c --use-krb5-ccache= needs to export KRB5CCNAME

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 15:54:45 +0000 (16:54 +0100)]

testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh sq s3:libads: let ads_sasl_spnego_bind() really use spnego to negotiate krb5/ntlmssp

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 15:53:44 +0000 (16:53 +0100)]

testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh better names

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 14:41:00 +0000 (15:41 +0100)]

sq lib/addns/dnsgss.c GENSEC_UPDATE_IS_NTERROR

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 16:56:56 +0000 (17:56 +0100)]

sq source3/utils/net_rpc.c !c->explicit_credentials => NET_FLAGS_ANONYMOUS

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 16:56:33 +0000 (17:56 +0100)]

source3/utils/net.c cli_credentials_get_principal_obtained => c->explicit_credentials

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 09:49:55 +0000 (10:49 +0100)]

python/samba/tests/ntlm_auth.py fix test_ntlmssp_gss_spnego_cached_creds

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 09:16:36 +0000 (10:16 +0100)]

move ads_simple_creds up

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 09:15:29 +0000 (10:15 +0100)]

sq remove ads_legacy_creds source3/libads/ads_proto.h

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 08:27:13 +0000 (09:27 +0100)]

sq ads_connect_simple_anon

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 08:26:11 +0000 (09:26 +0100)]

sq ads_connect_cldap_only

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 08:25:03 +0000 (09:25 +0100)]

remove ads_connect_no_bind

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 08:24:18 +0000 (09:24 +0100)]

no ADS_AUTH_CLDAP_ONLY

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 08:23:04 +0000 (09:23 +0100)]

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 08:13:44 +0000 (09:13 +0100)]

commit | commitdiff | tree

Stefan Metzmacher [Wed, 13 Mar 2024 08:09:33 +0000 (09:09 +0100)]

fix ADS_AUTH_GENERATE_KRB5_CONFIG recursion

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 14:17:26 +0000 (15:17 +0100)]

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 14:13:33 +0000 (15:13 +0100)]

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 14:11:08 +0000 (15:11 +0100)]

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 14:09:37 +0000 (15:09 +0100)]

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 13:55:54 +0000 (14:55 +0100)]

sq sq s3:net_ads: make use of ads_connect_creds() in ads_startup_int() AND ads_connect_no_bind OK!

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 13:45:57 +0000 (14:45 +0100)]

sq ads_connect_creds => ads_connect_internal

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 13:22:14 +0000 (14:22 +0100)]

sq ads_connect_creds ADS_AUTH_NO_BIND no asserted creds OK!

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 13:16:37 +0000 (14:16 +0100)]

sq s3:net_ads: make use of ads_connect_creds() in ads_startup_int()

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 13:11:31 +0000 (14:11 +0100)]

sq ads_connect_machine ok?

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 13:10:01 +0000 (14:10 +0100)]

sq ads_connect_anon() ok?

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 12:59:06 +0000 (13:59 +0100)]

sq ADS_AUTH_GENERATE_KRB5_CONFIG ok?

commit | commitdiff | tree

Stefan Metzmacher [Tue, 12 Mar 2024 12:57:52 +0000 (13:57 +0100)]

commit | commitdiff | tree