samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2007-10-10	r7968: Pull the PAC from within GSSAPI, rather than only when using our own	Andrew Bartlett	1	-19/+61
	'mock GSSAPI'. Many thanks to Luke Howard for the work he has done on Heimdal for XAD, to provide the right API hooks in GSSAPI. Next step is to verify the signatures, and to build the PAC for the KDC end. Andrew Bartlett (This used to be commit 2e82743c98e563e97c5a215d09efa0121854d0f7)
2007-10-10	r7843: Use the new Heimdal gsskrb_acquire_creds API. This has the right	Andrew Bartlett	1	-31/+25
	lifetime constraints, and works with the in-memory keytab. Move initialize_krb5_error_table() into our kerberos startup code, rather than in the GSSAPI code explitly. (Hmm, we probably don't need this at all..) Andrew Bartlett (This used to be commit bedf92da5c81066405c87c9e588842d3ca5ba945)
2007-10-10	r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytab	Andrew Bartlett	1	-3/+56
	support in Heimdal. This removes the 'ext_keytab' step from my Samba4/WinXP client howto. In doing this work, I realised that the replay cache in Heimdal is currently a no-op, so I have removed the calls to it, and therefore the mutex calls from passdb/secrets.c. This patch also includes a replacement 'magic' mechanism detection, that does not issue extra error messages from deep inside the GSSAPI code. Andrew Bartlett (This used to be commit c19d5706f4fa760415b727b970bc99e7f1abd064)
2007-10-10	r7270: A big revamp to the way we handle kerberos errors in Samba4. We now	Andrew Bartlett	1	-28/+9
	fill in the function pointers to handle the logging, and catch all the kerberos warnings. (Currently at level 3). To avoid a memory leak, this requries a new function: krb5_freelog(), which I've added to lorikeet/heimdal. This also required a revamp to how we handle the krb5_context, so as to make it easier to handle with talloc destructors. Andrew Bartlett (This used to be commit 63272794c41231b335b73e7ccf349282f295c4d2)
2007-10-10	r7218: Don't use an uninitialised variable in an error message.	Andrew Bartlett	1	-2/+1
	Andrew Bartlett (This used to be commit 1f68cf7d0eb5de18da7f9d14c729caf314740601)
2007-10-10	r6882: Put in configure tests and #ifdef to keep Samba building on older ↵	Andrew Bartlett	1	-0/+2
	Heimdal. Andrew Bartlett (This used to be commit f2e926192595c74bd9cc8a3343e0fcf27a1de38b)
2007-10-10	r6803: Try to bring in the correct GSSAPI headers for the krb5 mech. This	Andrew Bartlett	1	-8/+10
	should allow us to ditch the local static storage for OIDs, as well as fix the build on non-heimdal platforms. Andrew Bartlett (This used to be commit a7e2ecfac9aaacd673e3583b62139e4f4e114429)
2007-10-10	r6800: A big GENSEC update:	Andrew Bartlett	1	-107/+154
	Finally remove the distinction between 'krb5' and 'ms_krb5'. We now don't do kerberos stuff twice on failure. The solution to this is slightly more general than perhaps was really required (as this is a special case), but it works, and I'm happy with the cleanup I achived in the process. All modules have been updated to supply a NULL-terminated list of OIDs. In that process, SPNEGO code has been generalised, as I realised that two of the functions should have been identical in behaviour. Over in the actual modules, I have worked to remove the 'kinit' code from gensec_krb5, and placed it in kerberos/kerberos_util.c. The GSSAPI module has been extended to use this, so no longer requires a manual kinit at the command line. It will soon loose the requirement for a on-disk keytab too. The general kerberos code has also been updated to move from error_message() to our routine which gets the Heimdal error string (which may be much more useful) when available. Andrew Bartlett (This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
2007-10-10	r6767: Fix compiler warning.	Tim Potter	1	-0/+1
	(This used to be commit 45a0692be10a03032f9a4e26da3de08696c03464)
2007-10-10	r6740: make gensec_gssapi.c compile again	Andrew Tridgell	1	-1/+1
	(This used to be commit 6d15e9511115cc30ee213ec91320a2dccde15b8f)
2007-10-10	r6737: Explain these error returns a bit better.	Andrew Bartlett	1	-2/+5
	Andrew Bartlett (This used to be commit 77d054c65aeecfc0d1156d750f7b8025cb154d3a)
2007-10-10	r6733: GSS_C_DCE_STYLE is not available for most builds	Stefan Metzmacher	1	-0/+5
	metze (This used to be commit 3536029e8fb1da1ca689e0b7aa1f3edfb7967790)
2007-10-10	r6730: register gensec_krb5 also with the drcrpc auth type	Stefan Metzmacher	1	-0/+1
	metze (This used to be commit 491d7804f5f5bdfb43ae09b81c2cbc34fab2246d)
2007-10-10	r6728: Microsoft relies very strongly on getting the OIDs it expects, so we	Andrew Bartlett	1	-1/+31
	must register the 'MS' OID for the domain join to progress. Andrew Bartlett (This used to be commit c8fbda6bfd96d5d57cd52bc15d8695547effe2e3)
2007-10-10	r6727: One more step down the long march to the 'Kerberos domain join'.	Andrew Bartlett	1	-6/+344
	This patch allows a suitably patched Heimdal GSSAPI library (detected in configure) to supply to us the session keys, and further compleats the gensec_gssapi module. This is tested for CIFS, but fails for LDAP at this point (that is what I'll work on next). We currently fill out the 'session info' from the SAM, like gensec_krb5 does, but both will need to use the PAC extraction functions in the near future. Andrew Bartlett (This used to be commit 937ee361615a487af9e0279145e75b6c27720a6b)
2007-10-10	r6113: Move GENSEC and the kerberos code out of libcli/auth, and into	Andrew Bartlett	1	-0/+376
	auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)