Age | Commit message (Collapse) | Author | Files | Lines |
|
Karolin
|
|
f4e0dc17709829235f057e0e100d34802d3929ff)
|
|
a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
|
|
security issues
|
|
|
|
|
|
"strdup" does always create a new object in the memory (through "malloc") which
needs to be freed if it isn't used anymore.
|
|
Karolin
|
|
This is a fairly ugly workaround, but then again, strerror_r() is a
very ugly mess.
|
|
This caused samba4kinit to segfault on some systems
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
b532c294d974cead40a1183c71be644c6ccc2832)
This fixes up connections to Windows 2003, because the previous import
had a broken arcfour-hmac-md5 implementation (fixed in Heimdal
316fc6ff8ffb0cbb1ef3689685e9977c37405bc4)
Andrew Bartlett
|
|
9291fd2d101f3eecec550178634faa94ead3e9a1)
|
|
290db8d23647a27c39b97c189a0b2ef6ec21ca69)
|
|
370a73a74199a5a55188340906e15fd795f67a74)
This removes some of the portability changes made to code under
heimdal/
If these are still required, then we will re-add them with code under
heimdal_build/ (so that we can simply 'drop in' future heimdal
releases).
Andrew Bartlett
|
|
8714779fa7376fd9f7761587639e68b48afc8c9c)
This also adds a new hdb-glue.c file, to cope with Heimdal's
uncondtional enabling of SQLITE.
(Very reasonable, but not required for Samba4's use).
Andrew Bartlett
|
|
d09910d6803aad96b52ee626327ee55b14ea0de8)
This includes in particular changes to the KDC to resolve bug 6272,
originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We
need to sort the AuthorizationData elements to put the PAC first, or
else WinXP breaks when browsed from Win2k8.
Andrew Bartlett
|
|
2bef9cd5378c01e9c2a74d6221761883bd11a5c5)
|
|
this is 73dbbe0d54 re-added. abartlet, please pick this to lorikeet.
|
|
904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
|
|
with a libintl.h before.
Jeremy.
|
|
Jeremy.
|
|
metze
|
|
metze
|
|
support for the underlying functions now.
|
|
metze
|
|
smaba4kpasswd will be used to test the kpasswdd componet of the KDC
(which is up until now untested), and rkpty is an expect-like wrapper
we can use to blackbox that utility.
Andrew Bartlett
|
|
(This used to be commit cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8)
|
|
(This used to be commit 9db5a966fce0b71a0d2167b4aff70cc081abc1cc)
|
|
This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo.
metze
(This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53)
|
|
Now it's possible to just use a plain heimdal tree in source/heimdal/
without any pregenerated files.
metze
(This used to be commit da333ca7113f78eeacab4f93b401f075114c7d88)
|
|
metze
(This used to be commit 94cef56212d7d7c1150aea760dba24bda7190442)
|
|
This remove a difference against lorikeet-heimdal.
metze
(This used to be commit 4314df3561dfe60228db0af220549300b0137c85)
|
|
used service key"
This reverts commit dbb94133e0313cae933d261af0bf1210807a6d11.
As we fixed gensec_gssapi to only return a session key when it's
have the correct session key, this hack isn't needed anymore.
metze
(This used to be commit 697cd1896bccaa55ee422f17d9312d787ca699ed)
|
|
service key
With this patch samba4 can use gsskrb5_get_subkey() to get the session key.
metze
(This used to be commit dbb94133e0313cae933d261af0bf1210807a6d11)
|
|
metze
(This used to be commit d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b)
|
|
Andrew Bartlett
(This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2)
|
|
to an alpha release.
Andrew Bartlett
(This used to be commit 30e02747d511630659c59eafec8d28f58605943b)
|
|
panics on hosts without /dev/random.
Andrew Bartlett
(This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f)
|
|
Andrew Bartlett
(This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f)
|
|
ccache, as well as PKINIT.
Andrew Bartlett
(This used to be commit 440b8d9e4b09d5e8c943504ade85c17f752fe705)
|
|
maybe there's some broken code in windows which relies
on this...
love: can you merge this to heimdal?
metze
(This used to be commit b64abf9113a939308dc9e92ff7ddaad7be6ab551)
|
|
Update Heimdal to match current lorikeet-heimdal. This includes
integrated PAC hooks, so Samba doesn't have to handle this any more.
This also brings in the PKINIT code, hence so many new files.
Andrew Bartlett
(This used to be commit 351f7040f7bb73b9a60b22b564686f7c2f98a729)
|
|
lookup plugin, the new PAC validation code as well as Heimdal's SPNEGO
implementation.
Andrew Bartlett
(This used to be commit 05421f45ed7811697ea491e26c9d991a7faa1a64)
|
|
support for netbios domain based realms
metze
(This used to be commit dcec6eebf1b474ae3055449efebf491b1106a458)
|
|
gsskrb5_set_default_realm(), which should fix mimir's issues.
Andrew Bartlett
(This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
|
|
favour of a more tasteful replacement.
Remove kerberos_verify.c, as we don't need that code any more.
Replace with code for using the new krb5_rd_req_ctx() borrowed from
Heimdal's accecpt_sec_context.c
Andrew Bartlett
(This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
|
|
Andrew Bartlett
(This used to be commit 7b7e1fe15358d9ed1893305fbf8a1010293ed772)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
These principals do not need to be in the same realm as the rest of
the ticket, the full principal name is in the first componet of the
ASN.1.
Samba4's backend will handle getting this to the 'right' place.
Andrew Bartlett
(This used to be commit 90b01b8af21609e2e5c8b6bd8cab8bd393844acf)
|