Age | Commit message (Collapse) | Author | Files | Lines |
|
The key may change because we switch from initiator to acceptor
subkey.
metze
(This used to be commit 66244092a457b2cde6339cb31dcfa73b122ba9b5)
|
|
metze
(This used to be commit 9246924effd4d0b08ca1ef87e45ad510020df93e)
|
|
metze
(This used to be commit f4f4bb7fe977301e468ab164ba750b69d9a92306)
|
|
metze
(This used to be commit daa986d1d04e59550bb5d33b5075daa414d087ba)
|
|
metze
(This used to be commit fcabe24f96c9677146ca754a502f336c23050339)
|
|
This is needed to get the correct key, when aes keys are used.
metze
(This used to be commit 7587a7d8b65f27a5865d6873f63a450488da02c9)
|
|
This only works for sign/verify_packet() yet,
seal/unseal_packet() doesn't work yet...
metze
(This used to be commit c62e5d23a69789d23516a6d150fd3b756e270998)
|
|
metze
(This used to be commit 49e01d00bded74190c8e3049ac5883fe211e86fd)
|
|
metze
(This used to be commit dc2847c0acb0adaede4db72a7517046b93221162)
|
|
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
|
|
(This used to be commit 4d7fc946b2ec50e774689c9036423b6feef99b8e)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
(This used to be commit c5a95bbe0ce55c29e135a9c6058bf192ec3bb546)
|
|
-fvisibility=hidden. Not doing this causes failures on Mac OS X.
(This used to be commit da1a9438bd89569077ef1eaa9dc977b5f9d62836)
|
|
(This used to be commit 1b947fe0e6e16318e5a8127bb4932d6b5d20bcf6)
|
|
As per metze's suggestion, the "unused variables" warning is left in to remind
us to fix the #else part of the #if 1
(This used to be commit e9ef98b06466486d3b8a68a76a29728b9bffbe29)
|
|
in dssync tests.
(This used to be commit c7eae1c7842f9ff8b70cce9e5d6f3ebbbe78e83b)
|
|
(This used to be commit b9e3a4862e267be39d603fed8207a237c3d72081)
|
|
(This used to be commit bad1891cae2c688b17a6a2b932e754f51291035c)
|
|
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
|
|
(This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc)
|
|
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
|
|
(This used to be commit 4b46888bd0195ab12190f76868719fc018baafd6)
|
|
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
|
|
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
ts=4 lines that I accidently added earlier.
(This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
|
|
seen in particular on opi.
This looked like a Heimdal problem, but I think it was simply that we
didn't do a talloc_reference() to keep tabs on the memory we were
using, and in between obtaining the pointer and using it, it was
assigned to unrelated memory.
Andrew Bartlett
(This used to be commit a650ad8b37d58ba64458a33313714d1abfc4850b)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
end of teh buffer printing the error strings.
Andrew Bartlett
(This used to be commit 37e7070ca92e2f48fa02f7fd6736e5b26520f559)
|
|
This helps ensure that the kerberos code uses the right event context.
Andrew Bartlett
(This used to be commit cbdce358ae8f86c9b76a50537b931e56b07ee213)
|
|
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
|
|
incorrect.
Andrew Bartlett
(This used to be commit 9dc6f36e43170bc5bf4f94d893b5a3689460d237)
|
|
with krb5:set_dns_canonicalize=yes
needed for the drsuapi replication, but we should fix this with
a kdc locator plugin ...
metze
(This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
|
|
have the data for anything else.
Andrew Bartlett
(This used to be commit 9e0c0cd0ff678388436430bb1ba4eb7595cbefbd)
|
|
Andrew Bartlett
(This used to be commit bbde5b6a2f85f22110d6840857eaceb6b923c1b4)
|
|
metze
(This used to be commit 4e8f844be939a6e11a3bece4e7e66534fce00cc0)
|
|
to work better against w2k, so we don't get redirected from
1.2.840.113554.1.2.2 to 1.2.840.48018.1.2.2 by a w2k server, causing 2 additional
auth roundtrips.
metze
(This used to be commit fa5c942ee99d3b5779598aa75f71d0317ba3f622)
|
|
valrind issues on fort, because we won't hit NSS any more.
Andrew Bartlett
(This used to be commit 6f67fa01ab4f946c9a9aae0d4e8d028153873e04)
|
|
negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend
by some means or other.
Andrew Bartlett
(This used to be commit 476452e143f61a3878a3646864729daaddccdf68)
|
|
gsskrb5_set_default_realm(), which should fix mimir's issues.
Andrew Bartlett
(This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
|
|
(or something like that).
In any case, we need to stick with the initiator subkey for now, until
we figure out what Vista uses for the CIFS session key.
Andrew Bartlett
(This used to be commit b91a921e1393581ca0102ad1f49a1075acb91b4e)
|
|
favour of a more tasteful replacement.
Remove kerberos_verify.c, as we don't need that code any more.
Replace with code for using the new krb5_rd_req_ctx() borrowed from
Heimdal's accecpt_sec_context.c
Andrew Bartlett
(This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
|
|
Andrew Bartlett
(This used to be commit 247b9f1ca907cf921087e6840400ddf68289b8f2)
|
|
Larry told me that most context flags needed to be set to, otherwise
it wouldn't work.
This fixes DCE_STYLE against Win2k3 SP1. It seems they just tightened
up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in
the session setup too (being the wrong layer).
Andrew Bartlett
(This used to be commit b2b77f34a4d0cebb828cac7bf9a73826fecab5b6)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
Supply the correct OID to the error display functions.
Rework the session key functions.
Andrew Bartlett
(This used to be commit 363628c13f4e4a8904802dcf4d80e296ed2f9e02)
|
|
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
(This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
|