Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
smaba4kpasswd will be used to test the kpasswdd componet of the KDC
(which is up until now untested), and rkpty is an expect-like wrapper
we can use to blackbox that utility.
Andrew Bartlett
|
|
This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo.
metze
(This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53)
|
|
metze
(This used to be commit b395cd7acdb3ca5b25368fbbad0606efe4699d04)
|
|
metze
(This used to be commit d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b)
|
|
panics on hosts without /dev/random.
Andrew Bartlett
(This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f)
|
|
Andrew Bartlett
(This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f)
|
|
loikeet-heimdal
metze
(This used to be commit 48eb20199e7a01f4ab7f5194a5256ad7dd03ad86)
|
|
breaks Samba builds on some systems as they find the wrong roken.h
(This used to be commit 59cd26b664af5edebc979d2bc746bf9621333130)
|
|
Update Heimdal to match current lorikeet-heimdal. This includes
integrated PAC hooks, so Samba doesn't have to handle this any more.
This also brings in the PKINIT code, hence so many new files.
Andrew Bartlett
(This used to be commit 351f7040f7bb73b9a60b22b564686f7c2f98a729)
|
|
lookup plugin, the new PAC validation code as well as Heimdal's SPNEGO
implementation.
Andrew Bartlett
(This used to be commit 05421f45ed7811697ea491e26c9d991a7faa1a64)
|
|
this should fix the portability of samba4
metze
(This used to be commit 497543a17eaea16c3c7f379ed238e573427e28da)
|
|
metze
(This used to be commit bec1783c4c8ebba76c5467982c96e823491ce023)
|
|
the samba4 heimdal copy should do not need to use socket_wrapper
metze
(This used to be commit 704fe739406fb5eae38f4be9602b77be5ea1dff1)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
headers with "" even with a -I override. That means our heimdal_build/
roken override doesn't work.
Switching to <> style includes in roken fixes this. lha, would be be
acceptable upstream? I notice that half your includes of roken.h are
with <> now anyway, so should be harmless (and even more consistent!)
(This used to be commit 92742b899941687c861a85683ad2c2c6a3083fb6)
|
|
Andrew Bartlett
(This used to be commit f0e538126c5cb29ca14ad0d8281eaa0a715ed94f)
|
|
have strsep in libc.
(This used to be commit 76dea9f68ca9be909c45979c9e5510133e4f2264)
|
|
Andrew Bartlett
(This used to be commit 97a0a0e2fa6784e5fc5278f7a15b385ddcb6a3b3)
|
|
to CVS of 2005-10-24).
Andrew Bartlett
(This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174)
|
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
lorikeet-heimdal
to Samba4.
Andrew Bartlett
(This used to be commit 6835e427907bf52f7fdd332b726ffa47041853de)
|
|
to Heimdal CVS as of 2005-08-27).
Andrew Bartlett
(This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
|
|
This is my first attempt at this, so there may be a few rough edges.
Andrew Bartlett
(This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
|
|
metze
(This used to be commit 60e2d58685ee50f90d6ad2ce2609a3c0b433ae10)
|
|
metze
(This used to be commit 1008459a98a8232f039b87c91443d653858e0500)
|
|
this should fix the build on solaris 10
lha can that be merged to the main heimdal if that apears to not break
the build on other platforms
metze
(This used to be commit cb0259627976c10906016233fb27a1d05ae7e4b0)
|
|
(This used to be commit 903d963ca8fdefa23eaa77b5117d90b6b84866ab)
|
|
(This used to be commit 87f7098ee3a24be202b6aaa1ab2a4e44b7b89975)
|
|
(This used to be commit 59c3de6ca8b8e153e5cfd67da5f2afc2e23d36db)
|
|
that uses the Samba
interfaces list. This makes heimdal obey the 'interfaces=' smb.conf option, and should also
fix the portability problems with the heimdal code
(This used to be commit ba621d1c554e135f449a144019b84719a086e04f)
|
|
(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)
|