Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
|
|
All the callers just want the PAC_LOGON_INFO, so search for that in
ads_verify_ticket(), and don't bother the callers with the rest of the
PAC.
This change makes sense on it's own (removing boilerplate wrappers
that just confuse the code), but it also makes it much easier to
implement a matching ads_verify_ticket() function in Samba4 for the
s3compat proposal.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This fixes bug #7290
Thanks to Mohan <mohann@silver-peak.com> for the bug report.
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
ntlmssp_state
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
Andrew Bartlett
|
|
Andrew Bartlett
|
|
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
|
|
Thanks to Shibu Piriyath <shibunair80@ymail.com> for spotting the issue.
|
|
Guenther
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
domain when krb5 auth is enabled
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
|
|
This is particuarly in the netlogon client (but not server at this
stage)
|
|
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
|
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
This was marked as a resource leak. This change makes the code a bit clearer
that we always free error_string.
|
|
|
|
|
|
|
|
This fixes bug #5865
|
|
|
|
(This used to be commit 18bf2b2028e64403a79b7cc06d3185a3e526d97d)
|
|
This fixes bug #4235.
Patch from Pawel Worach <pawel.worach@gmail.com> with some linebreaks
added by me.
Also fix one BH message that the original patch didn't fix.
(This used to be commit 098380760d20bad2a45c3b12ab2a5e4d2b856175)
|
|
To not conflict with WBFLAG_PAM_INFO3_TEXT.
This should fix pam_winbind.
metze
(This used to be commit 1b8ed6c0ffb2548442bb7e9d848117ce9b1c65c0)
|
|
Guenther
(This used to be commit ea609d1b0e82d7c366dd73013228003136264b64)
|
|
(This used to be commit cf671ca35bff09af56c67e789a86a3b86093b5fb)
|
|
(This used to be commit 97768628f5ec533818b7f5165e92c156d668b79b)
|
|
(This used to be commit af438426222f4990f3e4103babbbb5de03ade93d)
|
|
Now rewriting the helpers one after the other can start.
(This used to be commit 2479a0c3adf46b2d0a9b109ce689c93296f16a62)
|
|
(This used to be commit f8243d1913cd19401ce6a13f53c6b84a36fc9dd6)
|
|
This ports over my changes from Samba4
(This used to be commit 4a475baf26ba9f99bc05f13dd2745494174a00c1)
|
|
(This used to be commit ab0ee6e9a6a9eee317228f0c2bde254ad9a59b85)
|
|
ads_verify_ticket as it's always derefed.
Jeremy.
(This used to be commit 0599d57efff0f417f75510e8b08c3cb7b4bcfcd8)
|
|
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
(This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
|
|
Jeremy.
(This used to be commit 041163551194102ca67fef52c57d87020a1d09bc)
|
|
Jeremy.
(This used to be commit 6f9c2910bdda605f90967e0aa6a84b8094f3a197)
|
|
(This used to be commit 5f205ab48d8ac3b7af573ea0be1ce095ab835448)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
init_request => winbindd_init_request
free_response => winbindd_free_response
read_reply => winbindd_read_reply
write_sock => winbind_write_sock
read_sock => winbind_read_sock
close_sock => winbind_close_sock(void)
metze
(This used to be commit 8a95d7a7edcfa5e45bccc6eda5c45d9c308cb95d)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
when verifying a ticket from winbindd_pam.c.
I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.
There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator. Checked against MIT 1.5.1. Have not
researched how Heimdal does it.
My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
|