Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 2f4aa95f8d414262eb4d78060ee3a97a85ec5182)
|
|
metze
(This used to be commit 9e93e6f5fb654e4162bbc039306a4b79003e22d7)
|
|
(This used to be commit 180925659fad50ff82693284587ae4e735458c6b)
|
|
talloc_set_destructor() is type safe. The end result will be lots less
use of void*, and less calls to talloc_get_type()
(This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
|
|
the original, rather than equivilant, enum type.
Andrew Bartlett
(This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23)
|
|
Andrew Bartlett
(This used to be commit 7003c3e8dee2d2bfc391875d90eb747616cb361a)
|
|
in pkg-config files for now as
they break external projects.
(This used to be commit f919fd6655f00361691e676d260bd40e0b8ddcc7)
|
|
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
|
|
-lsocket on SUN
boxes.
(This used to be commit c95ad11307dc89384c10bd5919817bf12d9c1ed9)
|
|
(This used to be commit 76c5f377204ad158b03641258a4645a9d487fee8)
|
|
This is in preperation for making TLS a socket library.
Andrew Bartlett
(This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
|
|
(This used to be commit f0afe9e2ff16515df1b3226b479b19ea3e9c3d0c)
|
|
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
with local
(empty) libpopt.a overriding global one
(This used to be commit 2f06305e53478e5030c24550954f221a9a97c83f)
|
|
(This used to be commit 13d0cec018185d768b762ff3afc0224f307b8112)
|
|
get the build on IRIX a bit further.
(This used to be commit 47d1baf0cf719dbb1113a79bba50d4075eb06411)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
|
|
(This used to be commit 03da4fbcdd66982de8eb376f9f00da97d730c97f)
|
|
Andrew Bartlett
(This used to be commit d1ca106f05ad71b8aa514bf87a4267d61d9dcbf8)
|
|
try and find the real solution.
Andrew Bartlett
(This used to be commit a512d5dd258797cdb41018923502cb4998f1edfe)
|
|
Andrew Bartlett
(This used to be commit 2ab71ed51868da123131d8bdaa7c30ab61ae280f)
|
|
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
|
|
assumptions
about the data type being known.
(This used to be commit 991bec80e4f20c9fac9ab5c45b0fdf6d048cda66)
|
|
(This used to be commit aac1b99b362993352d80692afa55c38fc851c016)
|
|
We do need the gsskrb5_get_initiator_subkey() routine. But we should
ensure that we do always get a valid key, to prevent any segfaults.
Without this code, we get a different session key compared with
Win2k3, and so kerberised smb signing fails.
Andrew Bartlett
(This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
|
|
case) as the keytab.
This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).
Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
|
|
- fix compilation of auth/kerberos/krb5_init_context.c on AIX
metze
(This used to be commit 0e1ad08a8515056f4ed0923889bef04d85b84964)
|
|
gsskrb5_get_initiator_subkey() routine is bougs. We can indeed use
gss_krb5_get_subkey().
This is fortunate, as there was a segfault bug in 'initiator' version.
Andrew Bartlett
(This used to be commit ec11870ca1f9231dd3eeae792fc3268b31477e11)
|
|
Andrew Bartlett
(This used to be commit 37f342b01095787d4a63a419c6ab3657680c2637)
|
|
Andrew Bartlett
(This used to be commit 8f70d6270a788494dd07430f778ee90a51551e66)
|
|
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
|
|
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
|
|
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
|
|
commits some of these that I know to be correct in the kerberos area.
Andrew Bartlett
(This used to be commit 6787b3737c27f5136152b007b0ee2ae314efac3c)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
Andrew Bartlett
(This used to be commit 31046cd22b45de6c62c9f122a81cfc898e818308)
|
|
This extracts a remote windows domain into a keytab, suitable for use
in ethereal for kerberos decryption.
For the moment, like net samdump and net samsync, the 'password
server' smb.conf option must be set to the binding string for the
server. eg:
password server = ncacn_np:mypdc
Andrew Bartlett
(This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
|
|
NT_STATUS_CONNECTION_REFUSED when a KDC is not listening)
(This used to be commit 0f85fc204c6018f8403c2e8f75f683aed38ba83b)
|
|
error out immediatelly. This prevents a long timeout
(This used to be commit f6c0fccc06060582ef870a0ac590dabeec2f2e6a)
|
|
share the MEMORY: keytab).
Andrew Bartlett
(This used to be commit 6c43de27086d3c463891598eb55a44877194cb0d)
|
|
function for enctype to string.
Andrew Bartlett
(This used to be commit ae6c968cb27f451e5f8cea62be7f33b4b4716f82)
|
|
Andrew Bartlett
(This used to be commit 88a7b7805c11cb3a1be3222d3e4b0b3ad8aff2aa)
|
|
be updated.
This allows a new password to be written in, and old entries removed
(we keep kvno and kvno-1).
Clean up the code a lot, and add comments on what it is doing...
Andrew Bartlett
(This used to be commit 0a911baabad60a43741269d29a96fdd74e54331a)
|
|
Andrew Bartlett
(This used to be commit 9b3dedbc0bb12897a8f9bd4ec864de26b3835981)
|
|
Andrew Bartlett
(This used to be commit 571f9c9c51b93946d23f2b35ef76ac881994b8cc)
|
|
abartlet, tridge, lha: is there a better way?
metze
(This used to be commit b2b4969bdcdd85b1093d91184ff10eff9f74e550)
|
|
We now put the PAC in the AS-REP, so that the client has it in the
TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the
client wants a ticket.
This should also allow us to interop with windows KDCs.
If we get an invalid PAC at the TGS stage, we just drop it.
I'm slowly trying to move the application logic out of hdb-ldb.c, and
back in with the rest of Samba's auth system, for consistancy. This
continues that trend.
Andrew Bartlett
(This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c)
|