Age | Commit message (Collapse) | Author | Files | Lines |
|
This fixes bug #8628.
Each time we do a client connection. Each time we call to function to
get the service ticket from the cache we duplicate it. So with each
connection we end up with one or three duplicated tickets.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Thu Dec 15 19:30:42 CET 2011 on sn-devel-104
|
|
krb5_get_default_in_tkt_etypes() requires a 3rd argument
if KRB5_PDU_NONE is available.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jul 14 21:21:13 CEST 2011 on sn-devel-104
|
|
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
|
|
|
|
|
|
These functions are required to get the krb5 PAC parsing and
verfication in common.
Andrew Bartlett
|
|
This requires a small rework of the build system to ensure that the
correct #define statements are made in both the s3 and top level
builds. We now define the various HAVE_ macros in config.h at all
times, using heimdal_build/wscript_configure when that is in use.
Andrew Bartlett
|
|
We might find a better name for it and merge other namequery related things as
well here...
Guenther
|
|
Guenther
|
|
checksum (bug #7883)
This fixes SMB session setups with kerberos against some closed
source SMB servers.
The new behavior matches heimdal and mit.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 23 09:38:43 CET 2010 on sn-devel-104
|
|
Both allocated blobs are freed in their routines
|
|
The idea of this patch is: Don't support a mix of different kerberos
features.
Either we should prepare a GSSAPI (8003) checksum and mark the request as
such, or we should use the old behaviour (a normal kerberos checksum of 0 data).
Sending the GSSAPI checksum data, but without marking it as GSSAPI broke
Samba4, and seems well outside the expected behaviour, even if Windows accepts it.
Andrew Bartlett
|
|
Guenther
|
|
Modern Kerberos implementations have either defines or enums for these
key types, which makes doing #ifdef difficult. This shows up in files
such as libnet_samsync_keytab.c, the bulk of which is not compiled on
current Fedora 12, for example.
The downside is that this makes Samba unconditionally depend on the
arcfour-hmac-md5 encryption type at build time. We will no longer
support libraries that only support the DES based encryption types.
However, the single-DES types that are supported in common with AD are
already painfully weak - so much so that they are disabled by default
in modern Kerberos libraries.
If not found, ADS support will not be compiled in.
This means that our 'net ads join' will no longer set the
ACB_USE_DES_KEY_ONLY flag, and we will always try to use
arcfour-hmac-md5.
A future improvement would be to remove the use of the DES encryption
types totally, but this would require that any ACB_USE_DES_KEY_ONLY
flag be removed from existing joins.
Andrew Bartlett
Signed-off-by: Simo Sorce <idra@samba.org>
|
|
Guenther
|
|
Server
Correctly calculate the gssapi channel binding checkum.
Jeremy
Signed off by: simo <idra@samba.org>
|
|
|
|
|
|
|
|
|
|
Guenther
|
|
Guenther
|
|
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
|
|
Heimdal changed the KRB5_DEPRECATED define (which now may not take an identifier
for activation) in new releases (like 1.3.1).
Guenther
|
|
Guenther
|
|
Guenther
|
|
This reverts commit 17ef153b68795fec681f9ce17c198236aba2b1c2.
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
impersonation.
Guenther
|
|
Guenther
|
|
Karmic has MIT krb5 1.7-beta3, which has the symbol
krb5_auth_con_set_req_cksumtype but no prototype for it.
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531635
|
|
so we at least know when we're using a long-lived context.
Jeremy.
|
|
Both functions exist in MIT Kerberos >= 1.7, but only
krb5_free_keytab_entry_contents has a prototype.
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
<gmachin@sandia.gov>.
Jeremy.
|
|
|
|
Guenther
|
|
Guenther
|
|
|
|
Jeremy.
(This used to be commit a59bd0e4854117a8646f4d388a0f7285362d5ba2)
|
|
Jeremy, please check!
(This used to be commit 6579005e6490f1a99b3860627ba51decaeb864bd)
|
|
Guenther
(This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22)
|
|
Guenther
(This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600)
|
|
(This used to be commit 16ee95494ba495c5f5ff8779206f380db1067b2d)
|
|
Guenther
(This used to be commit 85021d6a459c957cc276a93c3515029244f52677)
|
|
before we compile the new code.
Jeremy.
(This used to be commit 7686752c5b015b15a6729631ba4aeedd25ebc659)
|
|
krb5_auth_con_set_req_cksumtype().
Jeremy.
(This used to be commit 8598e7b06ec57ca6fcde863270e6bb0e2de9993e)
|