| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
of the gsskrb5_acquire_cred hack.
Add support for delegated credentials into the auth and credentials
subsystem, and specifically into gensec_gssapi.
Add the CIFS NTVFS handler as a consumer of delegated credentials,
when no user/domain/password is specified.
Andrew Bartlett
(This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
|
|
than doing ASN.1 parsing in Samba.
Also use the API function for getting a client from a ticket, rather
than just digging in the structure.
Andrew Bartlett
(This used to be commit 25d5ea6d724bd2b64a6086ae6e2e1c5148b8ca4a)
|
|
to CVS of 2005-10-24).
Andrew Bartlett
(This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174)
|
|
Andrew Bartlett
(This used to be commit 1d7094b8dfd53dfda55db7ce30f47f74864093bf)
|
|
at the Samba4 socket layer.
The intention here is to ensure that other events may be processed while
heimdal is waiting on the KDC. The interface is designed to be
sufficiently flexible, so that the plugin may choose how to time
communication with the KDC (ie multiple outstanding requests, looking
for a functional KDC).
I've hacked the socket layer out of cldap.c to handle this very
specific case of one udp packet and reply. Likewise I also handle
TCP, stolen from the winbind code.
This same plugin system might also be useful for a self-contained
testing mode in Heimdal, in conjunction with libkdc. I would suggest
using socket-wrapper instead however.
Andrew Bartlett
(This used to be commit 3b09f9e8f9f6f645cd03073ef833c8d0fb0d84e2)
|
|
Andrew Bartlett
(This used to be commit 77aca9619d24a8e118f53bcd1a1e54b8437812a8)
|
|
Andrew Bartlett
(This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
|
|
canonicalisation code, I've hacked Heimdal to use the default realm if
no other realm can be determined for a given host.
Andrew Bartlett
(This used to be commit 0f0b0021b7728ce75ca0060003a3d08264ead810)
|
|
on the kerberos mailing lists a couple of weeks ago: Don't use DNS at
all for expanding short names into long names.
Using the 'override krb5_init_context' code already in the tree, this
removes the DNS lag on a kerberos session setup/connection.
Andrew Bartlett
(This used to be commit de3ceab3d064a286e8662a2b9b62b212f0454156)
|
|
Andrew Bartlett
(This used to be commit b9695d5e7cc052a952d8d60bc1ab08e00f4827e8)
|
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a
merge from lorikeet-heimdal, where I removed this)
This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred()
function, as this allows us to specify the target principal, regardless
of which alias the client may use.
This patch also tries to simplify some principal handling and fixes some
error cases.
Posted to samba-technical, reviewed by metze, and looked over by lha on IRC.
Andrew Bartlett
(This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00)
|
|
Merge these norealm functions from lorikeet-heimdal.
Andrew Bartlett
(This used to be commit 6aef275efd7f434f65824eb3dd129c8e5efd8731)
|
|
Andrew Bartlett
(This used to be commit cc35cd5ee2abbd6be01dc1ea66eca0bd48a6f636)
|
|
to Heimdal CVS as of 2005-08-27).
Andrew Bartlett
(This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
|
|
Delete test_crypto_wrapping.c, previously included but unbuilt.
Andrew Bartlett
(This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
|
|
This is my first attempt at this, so there may be a few rough edges.
Andrew Bartlett
(This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
|
|
that uses the Samba
interfaces list. This makes heimdal obey the 'interfaces=' smb.conf option, and should also
fix the portability problems with the heimdal code
(This used to be commit ba621d1c554e135f449a144019b84719a086e04f)
|
|
(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)
|
