Displaying 20 results from an estimated 21 matches for "krb5_error_code".
2013 Feb 27
1
configure with --with-ads failed get "krb5 libs don't have all features required for Active Directory support" error
...6-pc-linux-gnu LIBREPLACE_LOCATION_CHECKS: START LIBREPLACE_LOCATION_CHECKS: END LIBREPLACE_CC_CHECKS: START checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out ...
...
...
checking for krb5_addresses type... no checking for krb5_error_code krb5_enctype_to_string(krb5_context context, krb5_enctype enctype, char **str)... no checking for krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char *str, size_t len)... yes checking for krb5_principal_get_realm... no checking for krb5_princ_realm... yes checking for KRB5_PDU_NONE de...
2005 Jul 06
0
[PATCH] Simplify Kerberos credentials cache code
...h/auth-krb5.c,v
retrieving revision 1.25
diff -u -r1.25 auth-krb5.c
--- auth-krb5.c 11 Sep 2004 13:32:09 -0000 1.25
+++ auth-krb5.c 6 Jul 2005 10:31:51 -0000
@@ -67,9 +67,6 @@
#ifndef HEIMDAL
krb5_creds creds;
krb5_principal server;
- char ccname[40];
- int tmpfd;
- mode_t old_umask;
#endif
krb5_error_code problem;
krb5_ccache ccache = NULL;
@@ -146,28 +143,7 @@
goto out;
}
- snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid());
-
- old_umask = umask(0177);
- tmpfd = mkstemp(ccname + strlen("FILE:"));
- umask(old_umask);
- if (tmpfd == -1) {
- logit(&qu...
2003 Oct 16
0
Samba 3.0.0 CVS 3.0.1pre2: "libads/kerberos_verify.c", line 77: improper member use: keyblock
...lib -R/usr/local/kerberos/lib -R/usr/local/Be
rkeleyDB.4.1/lib -R/usr/local/openssl/lib'\"
I get the following error trying to compile libads/kerberos_verify.c
"libads/kerberos_verify.c", line 77: improper member use: keyblock
The relevant code below looks okay to me
static krb5_error_code create_keytab(krb5_context context,
krb5_principal host_princ,
char *host_princ_s,
krb5_data password,
krb5_enctype *enctypes,...
2010 Apr 19
1
Samba4 segfault
..._kdc_as_rep ()
#4 0x00000000005922ec in kdc_as_req ()
#5 0x000000000059258e in krb5_kdc_process_krb5_request ()
#6 0x00000000005fc1dc in kdc_process ()
#7 0x00000000005fc4bb in kdc_tcp_call_loop ()
...
Looking at the code, the error is quite easy to find:
source4/kdc/wdc-samba4.c: krb5_error_code samba_wdc_get_pac()
calls
1.) source4/kdc/pac-glue.c: samba_kdc_get_pac_blob()
/* The user account may be set not to want the PAC */
...
*_pac_blob = NULL;
and then calls
2. source4/kdc/pac-glue.c: samba_make_krb5_pac()
which tries to use uninitalized "pac_blob" an...
2013 Feb 27
1
回复: configure with --with-ads failed get "krb5 libs don't have allfeatures required for Active Directory support" error
...gt; LIBREPLACE_LOCATION_CHECKS: END
> LIBREPLACE_CC_CHECKS: START
> checking for gcc... gcc
> checking whether the C compiler works... yes
> checking for C compiler default output file name... a.out
> ...
> ...
> ...
> checking for krb5_addresses type... no
> checking for krb5_error_code krb5_enctype_to_string(krb5_context context, krb5_enctype enctype, char **str)... no
> checking for krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char *str, size_t len)... yes
> checking for krb5_principal_get_realm... no
> checking for krb5_princ_realm... yes
> checking...
2003 Oct 30
1
Patch to make sshd work on multihomed systems
...h-krb5.c Thu Oct 30 15:02:44 2003
@@ -34,6 +34,7 @@
#include "ssh1.h"
#include "packet.h"
#include "xmalloc.h"
+#include "canohost.h"
#include "log.h"
#include "servconf.h"
#include "uidswap.h"
@@ -71,12 +72,23 @@
#endif
krb5_error_code problem;
krb5_ccache ccache = NULL;
+ char localname[MAXHOSTNAMELEN];
+ char *socketname;
if (authctxt->pw == NULL)
return (0);
temporarily_use_uid(authctxt->pw);
+ socketname = get_local_name(packet_get_connection_in());
+ if (socketname) {
+ strlcpy(localname, socketname, MAXHO...
2006 Jul 13
2
Kerberos Keytab Code Update in 3.0.23
First thing - I'd like to say a big "THANK YOU" to the developers.
I just upgraded to samba-3.0.23 and I've noticed an alarming issue with
respect to my configuration.
I've been using the built-in keytab management and it looks like the updated
code no longer creates the userPrincipal in Active Directory.
Whether this is an issue for others or not, it would be nice to have
2003 Aug 08
1
Help request: merging OpenBSD Kerberos change into Portable.
...nBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $");
+RCSID("$OpenBSD: auth-krb5.c,v 1.11 2003/07/16 15:02:06 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -208,6 +208,7 @@ int
auth_krb5_password(Authctxt *authctxt, const char *password)
{
krb5_error_code problem;
+ krb5_ccache ccache = NULL;
if (authctxt->pw == NULL)
return (0);
@@ -223,30 +224,46 @@ auth_krb5_password(Authctxt *authctxt, c
if (problem)
goto out;
- problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops,
- &authctxt->krb5_fwd_ccache);
+ proble...
2004 Dec 23
0
Is there a fix available for CAN-2003-0190(with test program)
...Thanks & regards,
Senthil Kumar.
Test Program:
/* Senthil test program for Kerberos */
/* To compile cc -o check_valid Test_krb5.c -lkrb5 */
/* To run ./check_valid <username> <kerberos passwd> */
#include <stdio.h>
#include <krb5.h>
int main(int argc,char **argv)
{
krb5_error_code problem;
krb5_context context=NULL;
krb5_principal client = NULL;
krb5_creds creds;
char *str=argv[1];
char *mypassword=NULL;
if (context == NULL)
{
problem = krb5_init_context(&context);
if(problem)
{
printf("\nproblem in initialization and krb5_init_cont...
2017 Feb 10
2
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
On Thu, 2017-02-09 at 14:45 -0600, Chad William Seys wrote:
> Hi Jeff,
> Could you look at the following mailing list posting?
>
> https://lists.samba.org/archive/samba/2017-February/206468.html
>
> It looks like cifs.upcall has changed its behavior. As described in
> that post, I can mount with root / kerberos, but then cannot access with
> another user who has
2017 Feb 11
2
[RFC][cifs-utils PATCH] cifs.upcall: allow scraping of KRB5CCNAME out of initiating task's /proc/<pid>/environ file
...yslog(LOG_DEBUG, "%s: cachename = %s\n",
+ __func__, cachename);
+ break;
+ }
+ buflen -= (len + 1);
+ pos += (len + 1);
+ }
+ free(buf);
+out_close:
+ close(fd);
+ return cachename;
+}
+
static krb5_ccache
-get_default_cc(void)
+get_existing_cc(const char *env_cachename)
{
krb5_error_code ret;
krb5_ccache cc;
+ char *cachename;
+
+ if (env_cachename) {
+ if (setenv(ENV_NAME, env_cachename, 1))
+ syslog(LOG_DEBUG, "%s: failed to setenv %d\n", __func__, errno);
+ }
ret = krb5_cc_default(context, &cc);
if (ret) {
@@ -166,6 +282,14 @@ get_default_cc(void)
ret...
2017 Feb 10
5
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
...found.
Signed-off-by: Jeff Layton <jlayton at samba.org>
---
cifs.upcall.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/cifs.upcall.c b/cifs.upcall.c
index 8f146c92b4a5..dd0843e358b1 100644
--- a/cifs.upcall.c
+++ b/cifs.upcall.c
@@ -159,6 +159,7 @@ get_default_cc(void)
{
krb5_error_code ret;
krb5_ccache cc;
+ char *cachename;
ret = krb5_cc_default(context, &cc);
if (ret) {
@@ -166,6 +167,14 @@ get_default_cc(void)
return NULL;
}
+ ret = krb5_cc_get_full_name(context, cc, &cachename);
+ if (ret) {
+ syslog(LOG_DEBUG, "%s: krb5_cc_get_full_name failed: %...
2002 Jul 31
2
privsep+kerb5+ssh1
....4p1/auth-krb5.c.krb Sun Jun 9 21:41:48 2002
+++ openssh-3.4p1/auth-krb5.c Tue Jul 23 15:15:43 2002
@@ -73,18 +73,17 @@
* from the ticket
*/
int
-auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client)
+auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
{
krb5_error_code problem;
krb5_principal server;
- krb5_data reply;
krb5_ticket *ticket;
int fd, ret;
ret = 0;
server = NULL;
ticket = NULL;
- reply.length = 0;
+ reply->length = 0;
problem = krb5_init(authctxt);
if (problem)
@@ -131,7 +130,7 @@
/* if client wants mutual auth */
problem...
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert
2017 Feb 10
0
cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
...- ENV_PREFIX_LEN);
+ syslog(LOG_DEBUG, "%s: cachename = %s\n", __func__, cachename);
+ break;
+ }
+ buflen -= (len + 1);
+ pos += (len + 1);
+ }
+ free(buf);
+out_close:
+ close(fd);
+ return cachename;
+}
+
static krb5_ccache
-get_default_cc(void)
+get_existing_cc(pid_t pid)
{
krb5_error_code ret;
krb5_ccache cc;
- char *cachename;
+ char *cachename = NULL;
+
+ cachename = get_cachename_from_process_env(pid);
+ if (cachename) {
+ if (setenv(ENV_NAME, cachename, 1))
+ syslog(LOG_DEBUG, "%s: failed to setenv %d\n", __func__, errno);
+ free(cachename);
+ }
ret = krb5_cc...
2017 Feb 14
3
[PATCH v2 0/2] cifs.upcall: allow cifs.upcall to grab $KRB5CCNAME from initiating process
Small respin of the patches that I posted a few days ago. The main
difference is the reordering of the series to make it do the group
and grouplist manipulation first, and then the patch that makes
it grab the KRB5CCNAME from the initiating process.
I think the code is sound, my main question is whether we really
need the command-line switch for this. Should this just be the
default mode of
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is
the one that should have been sent. Relabeled as v4 for clarity.
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop
2003 Aug 10
9
updated gssapi diff
...g.h"
+#include "servconf.h"
+
+#include "ssh-gss.h"
+
+extern ServerOptions options;
+
+#include <krb5.h>
+
+static krb5_context krb_context = NULL;
+
+/* Initialise the krb5 library, for the stuff that GSSAPI won't do */
+
+static int
+ssh_gssapi_krb5_init()
+{
+ krb5_error_code problem;
+
+ if (krb_context != NULL)
+ return 1;
+
+ problem = krb5_init_context(&krb_context);
+ if (problem) {
+ logit("Cannot initialize krb5 context");
+ return 0;
+ }
+ krb5_init_ets(krb_context);
+
+ return 1;
+}
+
+/* Check if this user is OK to login. This only works with...
2014 Jul 15
3
GSSAPI
If I am trying to build OpenSSH 6.6 with Kerberos GSSAPI support, do I still need to get Simon Wilkinson's patches?
---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |
2010 Feb 04
3
3.3 and 3.4 compile failure on dbwrap
...b5_keytab_entry... no
checking for magic in krb5_address... yes
checking for WRFILE: keytab support... yes
checking for krb5_princ_realm returns krb5_realm or krb5_data... no
checking for krb5_addresses type... no
checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal... yes
checking for krb5_error_code krb5_enctype_to_string(krb5_context context,
krb5_enctype enctype, char **str)... no
checking for krb5_error_code krb5_enctype_to_string(krb5_enctype enctype,
char *str, size_t len)... yes
checking for krb5_principal_get_realm... no
checking for krb5_princ_realm... yes
checking whether Active Dir...