Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
|
|
As per metze's suggestion, the "unused variables" warning is left in to remind
us to fix the #else part of the #if 1
(This used to be commit e9ef98b06466486d3b8a68a76a29728b9bffbe29)
|
|
in dssync tests.
(This used to be commit c7eae1c7842f9ff8b70cce9e5d6f3ebbbe78e83b)
|
|
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
|
|
(This used to be commit bad1891cae2c688b17a6a2b932e754f51291035c)
|
|
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
|
|
(This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc)
|
|
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
|
|
(This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6)
|
|
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
|
|
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
ts=4 lines that I accidently added earlier.
(This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
|
|
seen in particular on opi.
This looked like a Heimdal problem, but I think it was simply that we
didn't do a talloc_reference() to keep tabs on the memory we were
using, and in between obtaining the pointer and using it, it was
assigned to unrelated memory.
Andrew Bartlett
(This used to be commit a650ad8b37d58ba64458a33313714d1abfc4850b)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
end of teh buffer printing the error strings.
Andrew Bartlett
(This used to be commit 37e7070ca92e2f48fa02f7fd6736e5b26520f559)
|
|
This helps ensure that the kerberos code uses the right event context.
Andrew Bartlett
(This used to be commit cbdce358ae8f86c9b76a50537b931e56b07ee213)
|
|
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
|
|
incorrect.
Andrew Bartlett
(This used to be commit 9dc6f36e43170bc5bf4f94d893b5a3689460d237)
|
|
with krb5:set_dns_canonicalize=yes
needed for the drsuapi replication, but we should fix this with
a kdc locator plugin ...
metze
(This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
|
|
have the data for anything else.
Andrew Bartlett
(This used to be commit 9e0c0cd0ff678388436430bb1ba4eb7595cbefbd)
|
|
Andrew Bartlett
(This used to be commit bbde5b6a2f85f22110d6840857eaceb6b923c1b4)
|
|
metze
(This used to be commit 4e8f844be939a6e11a3bece4e7e66534fce00cc0)
|
|
to work better against w2k, so we don't get redirected from
1.2.840.113554.1.2.2 to 1.2.840.48018.1.2.2 by a w2k server, causing 2 additional
auth roundtrips.
metze
(This used to be commit fa5c942ee99d3b5779598aa75f71d0317ba3f622)
|
|
valrind issues on fort, because we won't hit NSS any more.
Andrew Bartlett
(This used to be commit 6f67fa01ab4f946c9a9aae0d4e8d028153873e04)
|
|
negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend
by some means or other.
Andrew Bartlett
(This used to be commit 476452e143f61a3878a3646864729daaddccdf68)
|
|
gsskrb5_set_default_realm(), which should fix mimir's issues.
Andrew Bartlett
(This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
|
|
(or something like that).
In any case, we need to stick with the initiator subkey for now, until
we figure out what Vista uses for the CIFS session key.
Andrew Bartlett
(This used to be commit b91a921e1393581ca0102ad1f49a1075acb91b4e)
|
|
favour of a more tasteful replacement.
Remove kerberos_verify.c, as we don't need that code any more.
Replace with code for using the new krb5_rd_req_ctx() borrowed from
Heimdal's accecpt_sec_context.c
Andrew Bartlett
(This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
|
|
Andrew Bartlett
(This used to be commit 247b9f1ca907cf921087e6840400ddf68289b8f2)
|
|
Larry told me that most context flags needed to be set to, otherwise
it wouldn't work.
This fixes DCE_STYLE against Win2k3 SP1. It seems they just tightened
up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in
the session setup too (being the wrong layer).
Andrew Bartlett
(This used to be commit b2b77f34a4d0cebb828cac7bf9a73826fecab5b6)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
Supply the correct OID to the error display functions.
Rework the session key functions.
Andrew Bartlett
(This used to be commit 363628c13f4e4a8904802dcf4d80e296ed2f9e02)
|
|
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
(This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
Andrew Bartlett
(This used to be commit 8ae880b5019ab275fe0eca48120ab9e0fcca6293)
|
|
(This used to be commit a2d614147663c4f9b80d6e383819e92ca45e013b)
|
|
to work (it broke it in the previous commit).
Andrew Bartlett
(This used to be commit e96638bc74f0752ce8af6626a04c92d48b917ffe)
|
|
and the maximum amount of user data that may be fitted into that.
This is used in the new SASL code, to correctly honour SASL buffer sizes.
Andrew Bartlett
(This used to be commit cbbe99d9c1f0262e67a495fb098cacc09fd78e05)
|
|
talloc_set_destructor() is type safe. The end result will be lots less
use of void*, and less calls to talloc_get_type()
(This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
|
|
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
(This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
Andrew Bartlett
(This used to be commit 8f96f524bfde99667410ec98087831b9c14c66e5)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit f4de155c94b89e586640d11992953a0d5fc0716d)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|