summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5/get_for_creds.c
AgeCommit message (Collapse)AuthorFilesLines
2010-03-27s4:heimdal: import lorikeet-heimdal-201001120029 (commit ↵Andrew Bartlett1-3/+3
a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
2009-11-13s4:heimdal: import lorikeet-heimdal-200911122202 (commit ↵Andrew Bartlett1-7/+6
9291fd2d101f3eecec550178634faa94ead3e9a1)
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-2/+0
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2008-10-28s4: import lorikeet-heimdal-200810271034Stefan Metzmacher1-41/+44
metze
2008-08-26heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patchesStefan Metzmacher1-1/+1
This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo. metze (This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53)
2008-08-01heimdal: update to lorikeet-heimdal rev 801Stefan Metzmacher1-11/+10
metze (This used to be commit d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b)
2008-03-19Merge lorikeet-heimdal -r 787 into Samba4 tree.Andrew Bartlett1-30/+64
Andrew Bartlett (This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2)
2007-10-10r23456: Update Samba4 to current lorikeet-heimdal.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f)
2007-10-10r19644: Merge up to current lorikeet-heimdal, incling addingAndrew Bartlett1-42/+46
gsskrb5_set_default_realm(), which should fix mimir's issues. Andrew Bartlett (This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett1-1/+1
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r16100: Patch from Michael Wood <mwood@icts.uct.ac.za>: s/then/than/ for ↵Gerald Carter1-1/+1
correct grammar (This used to be commit 26a2fa97e4c819e630bc9b50e11c8d5328c7b8c8)
2007-10-10r15192: Update Samba4 to use current lorikeet-heimdal.Andrew Bartlett1-5/+2
Andrew Bartlett (This used to be commit f0e538126c5cb29ca14ad0d8281eaa0a715ed94f)
2007-10-10r14635: - Remove lex.c from SVN (it is built anyway, and having it in SVNAndrew Bartlett1-2/+2
confuses things) - Update Samba4 from lorikeet-heimdal - Remove generated symlink on make clean Andrew Bartlett (This used to be commit a5c2b4cc92e807d18cb8df99bebf004fa4252e1e)
2007-10-10r14198: Update Samba4 to current lorikeet-heimdal.Andrew Bartlett1-16/+9
Andrew Bartlett (This used to be commit 97a0a0e2fa6784e5fc5278f7a15b385ddcb6a3b3)
2007-10-10r11995: A big kerberos-related update.Andrew Bartlett1-13/+9
This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10r11529: Disable DNS lookups for forwarded credentials, unless really, reallyAndrew Bartlett1-34/+41
wanted. There is nothing that suggests that the host we forward credentials to will not have other interfaces, unassoicated with their service name. Likewise, the name may be a netbios, not DNS name. This should avoid some nasty DNS lookups. Andrew Bartlett (This used to be commit da0ff19856a8f41eb64787990d47d2961824711d)
2007-10-10r11469: Fix typo, and use the correct (RFC4120) session key for delegatingAndrew Bartlett1-10/+12
credentials. This means we now delegate to windows correctly. Andrew Bartlett (This used to be commit d6928a3bf86f1ab89f29eac538ceb701c6669913)
2007-10-10r8302: import mini HEIMDAL into the treeHeimdal Import User1-0/+427
(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)
generated by cgit (git 2.34.1) at 2024-11-19 10:08:36 +0000