summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19662: windows 2003 kdc's only rewrite the realm to the full form,Stefan Metzmacher1-27/+1
when the client is using the netbios domain name as realm. we should match this and not rewrite the principal. This matches what windows give: metze@SERNOX:~/prefix/lorikeet-heimdal/bin> ./kinit administrator@SERNOXDOM4 administrator@SERNOXDOM4's Password: metze@SERNOX:~/prefix/lorikeet-heimdal/bin> ./klist Credentials cache: FILE:/tmp/krb5cc_10000 Principal: administrator@SERNOXDOM4.MX.BASE Issued Expires Principal Nov 11 13:37:52 Nov 11 23:37:52 krbtgt/SERNOXDOM4@SERNOXDOM4.MX.BASE Note: I need to disable the principal checks in heimdal's _krb5_extract_ticket() for the kinit to work. Any ideas how to change heimdal to support this. For the service principal we should use the realm and principal in req->kdc_rep.enc_part instead of the unencrypted req->kdc.ticket.sname and req->kdc.ticket.realm to have a trusted value. I'm not sure what we can do with the client realm... metze (This used to be commit cfee02143f06ed6ff5832e95fa69634f5dd883da)
2007-10-10r19661: - add resolve stage to dcerpc connects over tcpStefan Metzmacher1-19/+44
- remove ipv6 support untill the resolve layer can give ipv6 addresses metze (This used to be commit 1e518c3e675e6952044bc0fdf2537be432c0c56f)
2007-10-10r19660: Forgot to tell gsskrb5 not to canonicalize hostnames. Shoudl fixAndrew Bartlett1-0/+8
valrind issues on fort, because we won't hit NSS any more. Andrew Bartlett (This used to be commit 6f67fa01ab4f946c9a9aae0d4e8d028153873e04)
2007-10-10r19650: Allow Samba to use Heimdal's SPNEGO code. Currently this can onlyAndrew Bartlett4-14/+65
negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend by some means or other. Andrew Bartlett (This used to be commit 476452e143f61a3878a3646864729daaddccdf68)
2007-10-10r19649: Fix indentation.Andrew Bartlett1-65/+65
Andrew Bartlett (This used to be commit ffce0087759d45a8dff8647feffa3bedbf42023b)
2007-10-10r19645: don't pass NULL as mem_ctx...Stefan Metzmacher6-33/+38
metze (This used to be commit 643a38bc30a0df1582035b8d264e0dbbc2d2e152)
2007-10-10r19644: Merge up to current lorikeet-heimdal, incling addingAndrew Bartlett11-73/+199
gsskrb5_set_default_realm(), which should fix mimir's issues. Andrew Bartlett (This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
2007-10-10r19643: make process_model thread compile againStefan Metzmacher1-7/+0
metze (This used to be commit f02f7ed19db2be8e23b1a5850082c9f9da35c028)
2007-10-10r19642: convert host.c to new composite apiStefan Metzmacher1-35/+26
metze (This used to be commit a5d36a6ddefb8c24e748b839391241da41e31440)
2007-10-10r19641: ldap_delete() is only allowed as user, we need to give credentials ↵Stefan Metzmacher1-0/+2
to the ildap backend metze (This used to be commit a996d2633600d32b2c2c04edebd0b901c627f00b)
2007-10-10r19640: add some commentsRafal Szczesniak1-8/+57
rafal (This used to be commit 1ea37bf3b32a7f534b3ae1918fc6336ef062f8ab)
2007-10-10r19639: convert nbtlist.c to new composite apiStefan Metzmacher1-55/+44
metze (This used to be commit 800999733eb2f35486a62fb8fa9d179c8ca312fa)
2007-10-10r19638: convert resolve.c to the new composite apiStefan Metzmacher1-23/+19
metze (This used to be commit 617f9c70c1b61e0fd4338048bbd94e7a4722ad9d)
2007-10-10r19637: Leave --realm option only, as abartlet suggested.Rafal Szczesniak1-2/+2
rafal (This used to be commit 73e3f7efa71ca07a42215b044cd9a20762cf2694)
2007-10-10r19636: Add URLs to ldb and talloc pkg-config files.Jelmer Vernooij3-2/+4
Always build and install .pc files as they make sense for static libs as well. (This used to be commit 82cb91e2dd50899050066cccee82cb5be52ec3fe)
2007-10-10r19635: It appears that under CFX, different keys are used in each directionAndrew Bartlett1-3/+3
(or something like that). In any case, we need to stick with the initiator subkey for now, until we figure out what Vista uses for the CIFS session key. Andrew Bartlett (This used to be commit b91a921e1393581ca0102ad1f49a1075acb91b4e)
2007-10-10r19634: Only use --allow-undef-shlib for modules.Jelmer Vernooij2-2/+7
(This used to be commit e8f2a086be2a0553467738df711b1450ba559848)
2007-10-10r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in ↵Andrew Bartlett25-359/+655
favour of a more tasteful replacement. Remove kerberos_verify.c, as we don't need that code any more. Replace with code for using the new krb5_rd_req_ctx() borrowed from Heimdal's accecpt_sec_context.c Andrew Bartlett (This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
2007-10-10r19632: This got missed in the heimdal merge. Without this, we don't keep theAndrew Bartlett1-1/+1
full database name. The existing code (needed for when we use the HDB as a keytab, such as for the kpasswd service) only works for HDB keytabs not prefixed with a type. Andrew Bartlett (This used to be commit 12dc157daea4a20200f910d8e71c49670e35ef50)
2007-10-10r19631: Re-enable shared libraries, but don't use -rpath-link unlessJelmer Vernooij2-5/+7
shared libraries are actually used. (This used to be commit 93e4f093b946cbb1b6deca82efdf0d5f033128b8)
2007-10-10r19630: Support specifying the realm name from command line.Rafal Szczesniak1-0/+6
Useful when testing calls against windows servers with krb auth. rafal (This used to be commit 0725e2ddebde9c170340d0284a1573222caa2159)
2007-10-10r19629: No need to special case use of DCE_STYLE sign and seal away any more...Andrew Bartlett1-9/+0
Andrew Bartlett (This used to be commit 247b9f1ca907cf921087e6840400ddf68289b8f2)
2007-10-10r19628: This hint via Love at the IETF meeting:Andrew Bartlett1-0/+3
Larry told me that most context flags needed to be set to, otherwise it wouldn't work. This fixes DCE_STYLE against Win2k3 SP1. It seems they just tightened up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in the session setup too (being the wrong layer). Andrew Bartlett (This used to be commit b2b77f34a4d0cebb828cac7bf9a73826fecab5b6)
2007-10-10r19625: not all linkers like -Wl,rpath-link, so don't use it till we have ↵Stefan Metzmacher1-5/+2
configure checks and working shared libraries metze (This used to be commit 25376f748c6f2da48a8bf7e0aa0d59befb9db4f3)
2007-10-10r19624: we have timegm in libreplace so heimdal should not replace itStefan Metzmacher1-0/+4
metze (This used to be commit b6d1fd1b24d09049fcd432a804ad905e89fcc224)
2007-10-10r19623: disable building of shared libs until we have fixed them,Stefan Metzmacher1-0/+4
they all have unresolved symbols and are useless and produce noise in the build-farm metze (This used to be commit 3f8b776f630488aaec9f0ffcc099b01dcab02f3f)
2007-10-10r19622: - remove unused varStefan Metzmacher1-2/+2
- fix default for enable-dso to no metze (This used to be commit 47b113e5dbd33ab91246029af9293809824c5395)
2007-10-10r19621: move enable-dso to check_ld.m4 again and add some checks and ↵Stefan Metzmacher2-11/+18
generate more output metze (This used to be commit a07b11924c16d51cda484d417d9e1201278b03cb)
2007-10-10r19620: Remove old (outdated) files.Jelmer Vernooij31-695/+0
(This used to be commit 3bec179de6208d396b65a2cbe98efcbd7d99e242)
2007-10-10r19619: Add pointer to (up-to-date) packaging from the Debian Samba ↵Jelmer Vernooij1-0/+30
packaging repository. (This used to be commit 75162a873c7116eb0b0c8b70c8d335e5069e51be)
2007-10-10r19618: pass -D_SAMBA_HOSTCC_ when using the hostcompilerStefan Metzmacher2-4/+6
metze (This used to be commit 846553085e57bda44fda2a541bf00517d3586e8c)
2007-10-10r19616: the heimdal spnego mech doesn't seem to use roken.h and isn't portableStefan Metzmacher2-12/+2
(it doesn't compile on suse 10.1 because gethostname() isn't found, unistd.h isn't included...) as we don't need the spnego mech, disable it till it gets fixed in heimdal metze (This used to be commit 0a52e11a9c34281c9ea284e007086b2ae6fce6c7)
2007-10-10r19615: include roken.h.in as this still includes the ifdef's we need in samba4Stefan Metzmacher3-277/+709
this should fix the portability of samba4 metze (This used to be commit 497543a17eaea16c3c7f379ed238e573427e28da)
2007-10-10r19614: fix compiler warningsStefan Metzmacher1-0/+2
metze (This used to be commit 1ca8651a59e95eeca2942e5e66c2141e3f65dd9f)
2007-10-10r19613: remove diff between samba4 and lorikeetStefan Metzmacher1-0/+2
metze (This used to be commit bec1783c4c8ebba76c5467982c96e823491ce023)
2007-10-10r19612: fix the build with auto dependenciesStefan Metzmacher1-3/+0
the samba4 heimdal copy should do not need to use socket_wrapper metze (This used to be commit 704fe739406fb5eae38f4be9602b77be5ea1dff1)
2007-10-10r19611: we have heimdal 0.8pre currentlyStefan Metzmacher1-1/+1
metze (This used to be commit df4c2b9c7966f861adf5324714c712bbb5af3daa)
2007-10-10r19610: fix the buildStefan Metzmacher2-1/+3
metze (This used to be commit 59fe6cfaba2eb39cb5ff33110e830c4c9b21fb95)
2007-10-10r19609: fix uninitialized perl variabel, we need AC_SUBST() for all ↵Stefan Metzmacher2-18/+22
configure vars we want to use in perl... metze (This used to be commit 2b021e2d8cff1a097068810d379fc0dca6869654)
2007-10-10r19608: - basics comes in with $(ALL_PREDEP)Stefan Metzmacher1-3/+3
(this fixes the auto dependency build) metze (This used to be commit 0798e678e742afc78c9a1d278322094ff1761dfa)
2007-10-10r19607: - remove mech_switch.h from objectfile listStefan Metzmacher1-40/+39
(fix the build the auto dependencies) - add tabs metze (This used to be commit 03afa231ff8df98d3a0a01568a4c27370402ef16)
2007-10-10r19606: Remove generated filesAndrew Bartlett3-463/+0
Andrew Bartlett (This used to be commit 7b7e1fe15358d9ed1893305fbf8a1010293ed772)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett264-10833/+25771
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r19603: Make it easier to control the debug level of smbd.Andrew Bartlett1-0/+8
Ensure that we don't accept kerberos logins without a PAC (to ensure we actually produce a PAC in the KDC) Andrew Bartlett (This used to be commit 5fda92783f3d53e4a832dbbea678b5bd16f315fd)
2007-10-10r19600: Add two more headers (fixes installation)Jelmer Vernooij1-0/+2
(This used to be commit c3be4a980ce6cb82c2a6a442065a028a3c23a7f3)
2007-10-10r19599: Fix --includedir.Jelmer Vernooij2-2/+2
(This used to be commit 0da2bbcf766dc25805ad583fae185045bb390a5f)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett76-65/+163
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19597: Ahead of the merge to current lorikeet-heimdal:Andrew Bartlett1-59/+67
Supply the correct OID to the error display functions. Rework the session key functions. Andrew Bartlett (This used to be commit 363628c13f4e4a8904802dcf4d80e296ed2f9e02)
2007-10-10r19596: add basics to 'all' - hopefully fixes the build on some hostsJelmer Vernooij1-1/+1
(This used to be commit b0f00ff72354cc34ad59470e13d5ab472416cc6c)
2007-10-10r19595: Seperate debug messages between database failure and simple lack ofAndrew Bartlett1-2/+9
records. Andrew Bartlett (This used to be commit 163f75372792b0afa72f48d64d78d82b72d8eda5)
generated by cgit (git 2.34.1) at 2024-11-04 17:40:15 +0000