summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib
AgeCommit message (Collapse)AuthorFilesLines
2012-01-12Revert "make paranoia check less paranoid" - check that key types strictly matchAndrew Bartlett1-1/+1
This reverts commit c25af51232616061bb08eea86aae595b4f029490 because otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
2012-01-12make hmac-md5 the keyed checksum type for arcfour-hmac-md5Andrew Bartlett1-1/+1
2012-01-12use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3Andrew Bartlett1-0/+8
This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett
2011-12-12HEIMDAL: Supply krb5_context to _krb5_internal_hmac to allow loggingAndrew Bartlett1-6/+6
Without this, log messages from any abort are not printed to the samba logs. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Dec 12 14:34:16 CET 2011 on sn-devel-104
2011-11-16HEIMDAL:lib/krb5: add utf8 support to build_logon_name() for the PACStefan Metzmacher1-18/+49
Pair-Programmed-With: Arvid Requate <requate@univention.de> metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 16 02:00:12 CET 2011 on sn-devel-104
2011-11-16HEIMDAL:lib/wind: export wind_ucs2write()Stefan Metzmacher1-0/+1
Pair-Programmed-With: Arvid Requate <requate@univention.de> metze
2011-11-16HEIMDAL:lib/winbd: fix wind_ucs2write with WIND_RW_LEStefan Metzmacher1-4/+4
Pair-Programmed-With: Arvid Requate <requate@univention.de> metze
2011-11-16HEIMDAL:lib/wind: fix wind_ucs4utf8() and wind_ucs2utf8()Stefan Metzmacher1-5/+5
Pair-Programmed-With: Arvid Requate <requate@univention.de> metze
2011-07-26s4:heimdal: import lorikeet-heimdal-201107241840 (commit ↵Stefan Metzmacher36-106/+542
0fdf11fa3cdb47df9f5393ebf36d9f5742243036)
2011-07-15s4:heimdal: add missing filesStefan Metzmacher5-0/+638
metze
2011-07-15s4:heimdal: import lorikeet-heimdal-201107150856 (commit ↵Stefan Metzmacher292-2081/+3021
48936803fae4a2fb362c79365d31f420c917b85b)
2011-05-31heimdal: Remove getprogname and setprogname from the heimdal importAndrew Bartlett2-139/+0
2011-04-16s4-heimdal: Allow any kvno to match when searching the keytab.Andrew Bartlett1-2/+1
Windows does not use a KVNO when it checks it's passwords, and MIT doesn't check the KVNO when no acceptor identity is specified (looping over all keys in the keytab). Andrew Bartlett
2011-03-14Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2Jelmer Vernooij51-2717/+6901
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
2011-02-25s4:heimdal - fix valgrind issue on Fedora 14Milan Crha6-148/+148
This should definitely fix bug #7858. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Feb 25 12:39:21 CET 2011 on sn-devel-104
2011-02-25Revert "heimdal_build omit #line statments to allow valgrind to work again"Matthias Dieter Wallnöfer7-53/+376
This reverts commit 80e23c68d83a7c9989f87d5a88a78bb76d222afc. A better patch has been provided by Milan Crha in the following commit.
2011-02-25heimdal_build omit #line statments to allow valgrind to work againAndrew Bartlett7-376/+53
The lex/yacc files were generated on Fedora 14, and have empty filenames in #line declarations. I don't know why this is, but it seems best just to omit the #line statements. This is what was causing Valgrind on Fedora not to run on Samba binaries and programs linked to Samba libraries. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Feb 25 11:46:56 CET 2011 on sn-devel-104
2011-02-02s4:heimdal: import lorikeet-heimdal-201101310455 (commit ↵Andrew Bartlett48-144/+186
aa88eb1a05c4985cc23fb65fc1bad75bdce01c1f)
2010-12-18heimdal_build: Add version-script for heimdal_base, hx509 and hcrypto. ↵Jelmer Vernooij1-0/+244
Convert hbase and hcrypto to libraries.
2010-12-17heimdal_build: Add version-script for krb5.Jelmer Vernooij1-0/+769
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Fri Dec 17 21:09:25 CET 2010 on sn-devel-104
2010-12-17heimdal_build: Add version-script for gssapi.Jelmer Vernooij1-0/+180
2010-12-17heimdal_build: Add version-script for asn1.Jelmer Vernooij1-0/+6
2010-12-17heimdal_build: Add version-script for hdb.Jelmer Vernooij1-0/+107
2010-12-17heimdal_build: Add version-script for wind.Jelmer Vernooij1-0/+28
2010-12-17heimdal_build: Add version-script for ntlm.Jelmer Vernooij1-0/+30
2010-12-17heimdal: Add version script file for hcrypto (unused so far, as hcrypto ↵Jelmer Vernooij1-0/+299
still needs to be made a proper library).
2010-12-17heimdal_build: Add version-script for roken.Jelmer Vernooij1-0/+199
2010-12-17heimdal_build: Add version-script for com_err.Jelmer Vernooij1-0/+20
2010-12-11heimdal: unset SLIST_ENTRY only if we are with windowsMatthieu Patou1-1/+3
This is needed because otherwise on some OS like netbsd,openbsd,MacOSX. The preprossessing of ./heimdal/lib/gssapi/mech/cred.h on this plateform is broken because mechqueue.h's definition won't be used as SLIST_HEAD is already defined. The definition occurs when net/if.h is included as it includes sys/queue.h Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Dec 11 00:34:51 CET 2010 on sn-devel-104
2010-12-01s4:heimdal: import lorikeet-heimdal-201012010201 (commit ↵Andrew Bartlett67-2631/+2586
81fe27bcc0148d410ca4617f8759b9df1a5e935c)
2010-12-01heimdal: fix for w2000 from lhaAndrew Tridgell1-2/+14
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Dec 1 00:59:59 CET 2010 on sn-devel-104
2010-11-17s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERYAndrew Tridgell1-1/+5
this e_data field in a kerberos error packet tells windows to do clock skew recovery. See [MS-KILE] 2.2.1 KERB-ERROR-DATA Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-15heimdal Extra files required for merge up to current heimdalAndrew Bartlett19-0/+4893
2010-11-15heimdal regenate lex and yacc filesAndrew Bartlett9-3475/+2672
2010-11-15Add attribute macros for Heimdal to useAndrew Bartlett1-0/+304
Heimdal uses HEIMDAL_NORETURN_ATTRIBUTE and HEIMDAL_PRINTF_ATTRIBUTE, and we need to provide a link between these and Samba's function attribute handling. Andrew Bartlett
2010-11-15s4:heimdal: import lorikeet-heimdal-201011102149 (commit ↵Andrew Bartlett45-11202/+1344
5734d03c20e104c8f45533d07f2a2cbbd3224f29)
2010-11-11heimdal Don't dereference NULL in error verify_checksum error pathAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104
2010-11-08heimdal: fixed a shadowed variable warning for error_messageAndrew Tridgell1-23/+23
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-08heimdal Add clock-skew handling to DCE-style GSSAPIAndrew Bartlett1-39/+65
The clock skew handling was previously only on properly wrapped GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors from the krb5_rd_req to suggest parsing as a kerberos error packet. Andrew Bartlett Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
2010-11-02heimdal Add handling for PAC signatures over all encryption typesAndrew Bartlett2-24/+89
There are exceptions from the expected behaviour of 'checksum type matches key type' that we must deal with here, or else we can't serve DES-only servers. Andrew Bartlett
2010-10-30s4-heimdal: lex_err_message() should not be staticAndrew Tridgell1-2/+2
2010-10-30s4-heimdal: fixed the use of error_message() in heimdalAndrew Tridgell12-47/+49
the lex code in heimdal had a function error_message() which conflicts with a function from the com_err library. This replaces it with lex_err_message() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-03Add new files for sha512 supportAndrew Bartlett1-0/+274
2010-10-03s4:heimdal: import lorikeet-heimdal-201010022046 (commit ↵Andrew Bartlett19-106/+389
1bea031b9404b14114b0272ecbe56e60c567af5c)
2010-10-03s4:heimdal: import lorikeet-heimdal-201009250123 (commit ↵Matthieu Patou376-1634/+34086
42cabfb5b683dbcb97d583c397b897507689e382) I based this on Matthieu's import of lorikeet-heimdal, and then updated it to this commit. Andrew Bartlett
2010-09-30heimdal: added verbose logging of hemimdal crypto errorsAndrew Bartlett1-2/+15
2010-09-28heimdal: fixed timegm UTC/GMT bugAndrew Tridgell1-15/+6
This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett3-1/+35
If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
2010-09-29heimdal Fix DNS name qualification to not mangle IP addressesAndrew Bartlett1-5/+23
If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett
2010-09-29heimdal Add an error code for use in the RODCAndrew Bartlett1-0/+1
In this case, the whole request packet should be forwarded to a real KDC, with full secrets, as we don't have the password. This could also be used to implement 'play dead when the LDAP server is down'. Andrew Bartlett