Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
The two error tables need to be combined, but for now seperate the names.
(As the common parts of the tree now use the _common function,
errmap_unix.c must be included in the s3 autoconf build).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
|
|
Due to library link orders, this is already the function that is being
used. However we still need to sort out the duplicate symbol issues,
probably by renaming things.
Andrew Bartlett
|
|
cli_credentials_set_impersonate_principal()
This also adds a cli_credentials_get_self_service() helper function.
In order to support S4U2Proxy we need to be able to set
the service principal for the S4U2Self step independent of the
target principal.
metze
|
|
This is consistent with lock_path()
Andrew Bartlett
|
|
This uses the source3 PAC code (originally from Samba4) with some
small changes to restore functionality needed by the torture tests,
and to have a common API.
Andrew Bartlett
|
|
The s3 function doesn't use the keytab_container concept.
Andrew Bartlett
|
|
This requires a small rework of the build system to ensure that the
correct #define statements are made in both the s3 and top level
builds. We now define the various HAVE_ macros in config.h at all
times, using heimdal_build/wscript_configure when that is in use.
Andrew Bartlett
|
|
this prevents symbol duplication of the asn1 symbols in the service
and ntvfs subsystems
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Simo, please check.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Feb 14 18:54:38 CET 2011 on sn-devel-104
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this fixes the include path to add ldb
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Jan 1 04:46:35 CET 2011 on sn-devel-104
|
|
principal
In addition fix a counter type
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Dec 4 15:14:46 CET 2010 on sn-devel-104
|
|
we were continually trying the first address returned, instead of
moving to the next address
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Nov 14 04:11:28 UTC 2010 on sn-devel-104
|
|
remote_addr was used after free
|
|
|
|
we need the caller to know when the previous_ev was NULL
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
|
|
this fixes some double linking. The name 'KERBEROS' was also a bit
confusing, as it sounded like a base kerberos library, when it is in
fact part of auth
|
|
|
|
By setting the event context to use for this operation (only) onto
the krb5_context just before we call that operation, we can try
and emulate the specification of an event context to the actual send_to_kdc()
This eliminates the specification of an event context to many other
cli_credentials calls, and the last use of event_context_find()
Special care is taken to restore the event context in the event of
nesting in the send_to_kdc function.
Andrew Bartlett
|
|
|
|
|
|
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Oct 11 00:34:56 UTC 2010 on sn-devel-104
|
|
|
|
|
|
Instead, store the same key value under the multiple alias names.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104
|
|
Previously, our PAC code didn't include these groups into the
server_info from which we would eventually calculate the full
list of tokenGroups.
Andrew Bartlett
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104
|
|
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.
Andrew Bartlett
|
|
This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.
Andrew Bartlett
|
|
The previous code never worked
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This will allow us to interpret this attibute broadly in Samba.
Andrew Bartlett
|
|
This ensures that our DC will use all the available encyption types.
(The KDC reads this entry to determine what the server supports)
Andrew Bartlett
|
|
|
|
This means that we consider the ccache only as reliable as the least
specified of the inputs we used.
This means that we will regenerate the ccache if any of the inputs change.
Andrew Bartlett
|
|
A torture test to demonstrate will be added soon.
Andrew Bartlett
|
|
we won't be using the mk -> wscript generator again
|
|
them
|
|
|
|
The options need to be freed also on this error case.
|
|
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|