Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
|
|
still needs to be made a proper library).
|
|
|
|
|
|
This is needed because otherwise on some OS like netbsd,openbsd,MacOSX.
The preprossessing of ./heimdal/lib/gssapi/mech/cred.h on this plateform
is broken because mechqueue.h's definition won't be used as SLIST_HEAD
is already defined.
The definition occurs when net/if.h is included as it includes
sys/queue.h
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Dec 11 00:34:51 CET 2010 on sn-devel-104
|
|
81fe27bcc0148d410ca4617f8759b9df1a5e935c)
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Dec 1 00:59:59 CET 2010 on sn-devel-104
|
|
this e_data field in a kerberos error packet tells windows to do clock
skew recovery.
See [MS-KILE] 2.2.1 KERB-ERROR-DATA
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
Heimdal uses HEIMDAL_NORETURN_ATTRIBUTE and HEIMDAL_PRINTF_ATTRIBUTE,
and we need to provide a link between these and Samba's function
attribute handling.
Andrew Bartlett
|
|
5734d03c20e104c8f45533d07f2a2cbbd3224f29)
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The clock skew handling was previously only on properly wrapped
GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors
from the krb5_rd_req to suggest parsing as a kerberos error packet.
Andrew Bartlett
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
|
|
There are exceptions from the expected behaviour of 'checksum type
matches key type' that we must deal with here, or else we can't serve
DES-only servers.
Andrew Bartlett
|
|
|
|
the lex code in heimdal had a function error_message() which conflicts
with a function from the com_err library. This replaces it with
lex_err_message()
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
1bea031b9404b14114b0272ecbe56e60c567af5c)
|
|
42cabfb5b683dbcb97d583c397b897507689e382)
I based this on Matthieu's import of lorikeet-heimdal, and then
updated it to this commit.
Andrew Bartlett
|
|
|
|
This was a wonderful bug!
On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.
Andrew Bartlett
|
|
If the host running this code used IPv6 forms for IPv4 addreses
then the check for '.' would not be sufficient to determine that this
isn't a name we should mangle. Instead, check if it can be parsed
as a numeric address first, and only then mangle.
Andrew Bartlett
|
|
In this case, the whole request packet should be forwarded to
a real KDC, with full secrets, as we don't have the password.
This could also be used to implement 'play dead when the LDAP
server is down'.
Andrew Bartlett
|
|
This should allow master key rollover.
(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)
Andrew Bartlett
|
|
When you have a domain search list in resolv.conf, and one of the DNS
servers for a searched domain is uncontactable then we would timeout
resolving DNS names.
Avoid this by adding a '.' to the hostname if the hostname already has
a '.' in it, which we assume to mean it is fully qualified.
|
|
Karolin
|
|
metze
|
|
Karolin
|
|
This allows us to resolve multiple forms of a name, allowing for
example machine$@REALM to get an S4U2Self ticket for
host/machine@REALM.
Andrew Bartlett
|
|
Karolin
|
|
|
|
f4e0dc17709829235f057e0e100d34802d3929ff)
|
|
|
|
a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
|
|
security issues
|
|
|
|
|
|
"strdup" does always create a new object in the memory (through "malloc") which
needs to be freed if it isn't used anymore.
|
|
Karolin
|
|
Andrew using cp like in commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78
is wrong as that removes #include "config.h" and breaks the build on AIX.
metze
|
|
This is a fairly ugly workaround, but then again, strerror_r() is a
very ugly mess.
|
|
This caused samba4kinit to segfault on some systems
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
b532c294d974cead40a1183c71be644c6ccc2832)
This fixes up connections to Windows 2003, because the previous import
had a broken arcfour-hmac-md5 implementation (fixed in Heimdal
316fc6ff8ffb0cbb1ef3689685e9977c37405bc4)
Andrew Bartlett
|