summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11541: More logical (I think...) delegation semantics.Andrew Bartlett1-10/+14
Andrew Bartlett (This used to be commit 6bb1b244284a209ebcb50c17ad59d4528658da0b)
2007-10-10r11477: This seems really nasty, but as I understand it an attacker cannotAndrew Bartlett1-2/+11
change this checksum, as it is inside the encrypted packets. Where the client (such as Samba3) fakes up GSSAPI, allow it to continue. We can't rid the world of all Samba3 and similar clients... Andrew Bartlett (This used to be commit e60cdb63fb37e44252f83a56a6302f0bd22dec4d)
2007-10-10r11468: Merge a bit more of init_sec_context from Heimdal CVS into ourAndrew Bartlett1-4/+21
DCE_STYLE modified version, and add parametric options to control delegation. It turns out the only remaining issue is sending delegated credentials to a windows server, probably due to the bug lha mentions in his blog (using the wrong key). If I turn delgation on in smbclient, but off in smbd, I can proxy a cifs session. I can't wait till Heimdal 0.8, so I'll see if I can figure out the fix myself :-) Andrew Bartlett (This used to be commit fd5fd03570c13f5644e53ff89ac8eca7c0985740)
2007-10-10r11462: Fix the build: somehow I lost the header for this samba-specific hack.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 0a4194118974bdde4e10fd32578a5beeb6e768ce)
2007-10-10r11452: Update Heimdal to current lorikeet, including removing the ccache sideAndrew Bartlett8-107/+227
of the gsskrb5_acquire_cred hack. Add support for delegated credentials into the auth and credentials subsystem, and specifically into gensec_gssapi. Add the CIFS NTVFS handler as a consumer of delegated credentials, when no user/domain/password is specified. Andrew Bartlett (This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
2007-10-10r11392: After confirmation from Love, fix a compiler warningVolker Lendecke1-1/+1
(This used to be commit a0b4036ba6ae423bab3ec698d3e404f03bb0f9d5)
2007-10-10r11317: An ugly hack to setup the global gssapi_krb5_context early, when weAndrew Bartlett2-5/+18
have easy access to the event context. This stops Samba dead-locking against itself when the winbindd client tries to contact the KDC. Andrew Bartlett (This used to be commit 57f811115ed768ea1f170dcd71038398bf2ab6e9)
2007-10-10r11294: Update Heimdal in Samba4 to lorikeet-heimdal (which is in turn updatedAndrew Bartlett4-20/+69
to CVS of 2005-10-24). Andrew Bartlett (This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174)
2007-10-10r10386: Merge current lorikeet-heimdal into Samba4.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
2007-10-10r10286: This patch is ugly and disgusting, but for now it works better than ↵Andrew Bartlett1-2/+30
the other ideas I have had. When I get a full list of things I want to do to a krb5_context I'll either add gsskrb5_ wrappers, or a way of speicfying the krb5 context per gssapi context. (I want to ensure that the only krb5_context variables created while executing Samba4 are via our wrapper). Andrew Bartlett (This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625)
2007-10-10r10159: Dereference padsize before comparing to an int.James Peach1-1/+1
(This used to be commit 5767c05909c9927b3a806614b1f1bd2f90a35dd3)
2007-10-10r10153: This patch adds a new parameter to gensec_sig_size(), the size of theAndrew Bartlett6-24/+159
data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
2007-10-10r10072: Fix mismerge weridness in error handling.Andrew Bartlett1-7/+12
Andrew Bartlett (This used to be commit c17926b6fe278fd757862885f82fd342b755167c)
2007-10-10r10066: This is the second in my patches to work on Samba4's kerberos support,Andrew Bartlett4-316/+392
with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
2007-10-10r9680: Update Heimdal to current lorikeet-heimdal (which was itself updatedAndrew Bartlett2-24/+21
to Heimdal CVS as of 2005-08-27). Andrew Bartlett (This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
2007-10-10r9413: Bring Samba4 back up to date with lorikeet-heimdal.Andrew Bartlett1-4/+1
Delete test_crypto_wrapping.c, previously included but unbuilt. Andrew Bartlett (This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
2007-10-10r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.Andrew Bartlett2-178/+141
This is my first attempt at this, so there may be a few rough edges. Andrew Bartlett (This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
2007-10-10r8302: import mini HEIMDAL into the treeHeimdal Import User38-0/+10055
(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)