Age | Commit message (Collapse) | Author | Files | Lines |
|
If the caller wants to create a key with no salt we should
not use krb5_keyblock_init() (only used when using heimdal)
because it does sanity checks on the key length.
metze
(This used to be commit c83de77b750837a110611d7023c4cf71d2d0bab1)
|
|
Jeremy.
(This used to be commit 384052f546af8c1c6848c03cad4f2ba618ba7209)
|
|
Guenther
(This used to be commit c273ce8798062d1b55100411f3e92a01bdbf611c)
|
|
salting them.
Guenther
(This used to be commit 7c4da23be1105dc224033b21eb486e7fcdc7d9c5)
|
|
Guenther
(This used to be commit ec86852fc6ce2d88ad5835c8fcb337c68fd6f6bc)
|
|
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc562d86dcaa685419d0cb6ea276f100d)
|
|
Guenther
(This used to be commit 3b0135d57e1e70175a5eec49b603a2e5f700c770)
|
|
Guenther
(This used to be commit 507247dcbf0ef02825a6c5c5f313813714df2d99)
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jason,
Jason Haar wrote:
> Patched 3.0.28, compiled, installed and here's the log file.
>
> Hope it helps. BTW I don't think it matters, but this is on 32bit
> CentOS4.5 systems.
yes, it helps. Thanks for that.
Very interesting, there are two auth data structures where the first one
is a PAC and the second something unknown (yet).
Can you please try the attached fix ? It should make it work again.
Guenther
- --
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner@redhat.com
Samba Team gd@samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd
MPsZW4G31VOVu64SPjgnJiI=
=Co+H
-----END PGP SIGNATURE-----
(This used to be commit c9adc07ca2a3bb1e0ea98e3b4f68e1a87e5c0196)
|
|
No more temptations to use static length strings.
Jeremy.
(This used to be commit ec003f39369910dee852b7cafb883ddaa321c2de)
|
|
This is the last obvious change I can see. At
this point we can start claiming IPv6 support
(Hurrah !:-).
Jeremy.
(This used to be commit bda8c0bf571c994b524a9d67eebc422033d17094)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Guenther
(This used to be commit accb40446ad3f872c5167fc2306d892553293b7b)
|
|
Guenther
(This used to be commit b9d7a2962a472afb0c6b8e3ac5c2c819d4af2b39)
|
|
Guenther
(This used to be commit 19020d19dca7f34be92c8c2ec49ae7dbde60f8c1)
|
|
Thanks Volker for the pointer hint :)
Guenther
(This used to be commit eb1ec508ace3a5eeb53cf47be44047bd9228cd19)
|
|
Guenther
(This used to be commit 277e07c8553e2ed20bc95493cdc996be43feb6bd)
|
|
Guenther
(This used to be commit 0b9acc8610ae2ba9c42168e9ceb2e9ea8bc2f5bd)
|
|
the tgt
string ourselves.
Guenther
(This used to be commit 1e4a7af99303fb17ebca499ff7e0a017a2017754)
|
|
We were incorrectly using the renew_till timestamp instead of the renewed
ticket's endtime to calculate the next refreshing date.
Guenther
(This used to be commit aa3511a5b5e6a96a02110a7ad0ab1d43e6d25766)
|
|
(This used to be commit a66a04e9f11f6c4462f2b56b447bae4eca7b177c)
|
|
NTSTATUS
codes directly out of the krb5_error edata.
Guenther
(This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
|
|
Guenther
(This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
|
|
call as smb_krb5_locate_kdc to prevent incorrect linking
and crashes on Solaris.
Jeremy.
(This used to be commit 7d30737c8d851505e81a60443baf9a8c7e523472)
|
|
Jeremy.
(This used to be commit 1e32b44bfcf7676b3a9f208054fa853e7066eafc)
|
|
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to
a client when there's clock skew. Will help people
debug this. Prepare us for being able to return the
correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED"
error with associated krb5 clock skew error to allow
clients to re-sync time with us when we're eventually
able to be a KDC.
Jeremy.
(This used to be commit c426340fc79a6b446033433b8de599130adffe28)
|
|
calling convention in the latest MIT changes. Apparantly Heimdal
is also changing to this calling convention.
(This used to be commit c29c69d2df377fabb88a78e6f5237de106d5c2c5)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
Guenther
(This used to be commit ea38e1f8362d75e7ac058a7c4aa06f1ca92ec108)
|
|
as this is causing the WRONG_PASSWORD error in the SetUserInfo()
call during net ads join).
We are now back to always list RC4-HMAC first if supported by
the krb5 libraries.
(This used to be commit 4fb57bce87588ac4898588ea4988eadff3a7f435)
|
|
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca)
|
|
(This used to be commit f53983079bc285ad8ced8fc4dd40df66fad13718)
|
|
Guenther
(This used to be commit b076c39b6ac87a078feae30a4384c881c46e81ac)
|
|
metze
(This used to be commit a813c7595541e31dfa77915d80235de4402bfeca)
|
|
metze
(This used to be commit 785ab128c4d630819f141ede8bcf5fc0c705aebb)
|
|
x, so we can't get at them even if we wanted to.
Kerberos experts, please take a look to make sure I've done the
right thing!
(This used to be commit 9b8e179fcc1fb877e8601bfd242ee1fd615b554c)
|
|
metze
(This used to be commit d91041d4b6973fd9779d355cd6f9634e207b7653)
|
|
(This used to be commit 1a5874588686fb4ece9be70059ff75b975ed2bd5)
|
|
(This used to be commit 083ef11cc9be8f1299f233bde194173e092e2c3c)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Guenther
(This used to be commit 546710d58c07acdaa175caa48cec4d3f2bc657ad)
|
|
This patch is mainly based on the work of Todd Stecher
<tstecher@isilon.com> and has been reviewed by Jeremy.
I sucessfully tested and valgrinded it with MIT 1.4.3, 1.3.5, Heimdal
0.7.2 and 0.6.1rc3.
Guenther
(This used to be commit 535d03cbe8b021e9aa6d74b62d81b867c494c957)
|
|
* Fix the build without kerberos headers
* Fix memleak in the krb5_address handling
Guenther
(This used to be commit 10e42117559d4bc6a34e41a94914bf6c65c3477f)
|
|
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
|
|
Jeremy.
(This used to be commit bea87e2df45c67cc75d91bd3ed1acc4c64a1c8ea)
|
|
smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
(This used to be commit 37ab42afbc9a79cf5b04ce6a1bf4060e9c961199)
|
|
Guenther
(This used to be commit aae8f8ae7a79d06c74151186f3c2470bdec5687d)
|