summaryrefslogtreecommitdiff
path: root/source4/heimdal
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10066: This is the second in my patches to work on Samba4's kerberos support,Andrew Bartlett9-427/+522
with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
2007-10-10r10035: This patch removes the need for the special case hackAndrew Bartlett3-55/+0
'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a merge from lorikeet-heimdal, where I removed this) This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred() function, as this allows us to specify the target principal, regardless of which alias the client may use. This patch also tries to simplify some principal handling and fixes some error cases. Posted to samba-technical, reviewed by metze, and looked over by lha on IRC. Andrew Bartlett (This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00)
2007-10-10r10022: Merge tpot's fix for IRIX and AIX_rea build problems from ↵Andrew Bartlett1-3/+3
lorikeet-heimdal to Samba4. Andrew Bartlett (This used to be commit 6835e427907bf52f7fdd332b726ffa47041853de)
2007-10-10r9931: Make use of new 'norealm' parsing functions rather than strchr(p '@').Andrew Bartlett2-20/+64
Merge these norealm functions from lorikeet-heimdal. Andrew Bartlett (This used to be commit 6aef275efd7f434f65824eb3dd129c8e5efd8731)
2007-10-10r9877: Merge from lorikeet-heimdal, to try and fix build failures.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 53f2bf3b9178b78527bb43b9dca7b43e1497dd20)
2007-10-10r9859: Enable (blocking) KDC resolution with DNS.Andrew Bartlett4-0/+185
To enable, set: [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true in your /etc/krb5.conf. In the future I may override the krb5.conf and set this on by default in Samba4. Andrew Bartlett (This used to be commit 32fb50d02560123b8d0ab13346041806c062f9bf)
2007-10-10r9696: Update prototypes for new name of short parsing function.Andrew Bartlett1-4/+11
Andrew Bartlett (This used to be commit cc35cd5ee2abbd6be01dc1ea66eca0bd48a6f636)
2007-10-10r9680: Update Heimdal to current lorikeet-heimdal (which was itself updatedAndrew Bartlett24-327/+779
to Heimdal CVS as of 2005-08-27). Andrew Bartlett (This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
2007-10-10r9648: this fixes the krb5 based login with the pac. The key to this whole ↵Andrew Tridgell1-0/+3
saga was that the logon_time field in the pac must match the authtime field in the ticket we gave the client in the AS-REP (and thus also the authtime field in the ticket we get back in the TGS-REQ). Many thanks to Andrew Bartlett for his patience in showing me the basic ropes of all this code! This was a joint effort. (This used to be commit 7bee374b3ffcdb0424a83f909fe5ad504ea3882e)
2007-10-10r9413: Bring Samba4 back up to date with lorikeet-heimdal.Andrew Bartlett25-609/+1603
Delete test_crypto_wrapping.c, previously included but unbuilt. Andrew Bartlett (This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
2007-10-10r9305: Use the check-var.m4 from roken to really, really detect h_errno ↵Andrew Bartlett1-0/+25
correctly. This fixes the build on Fedora Core 4. Andrew Bartlett (This used to be commit aa36b2adad0d66b8171aa3ccca3057298361bec5)
2007-10-10r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.Andrew Bartlett70-4442/+9261
This is my first attempt at this, so there may be a few rough edges. Andrew Bartlett (This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
2007-10-10r9151: reverting to return char * againStefan Metzmacher2-3/+3
metze (This used to be commit 60e2d58685ee50f90d6ad2ce2609a3c0b433ae10)
2007-10-10r9107: try to get the build on solaris going...Stefan Metzmacher1-0/+49
metze (This used to be commit 1008459a98a8232f039b87c91443d653858e0500)
2007-10-10r9105: match the prototype of netdb.hStefan Metzmacher2-3/+3
this should fix the build on solaris 10 lha can that be merged to the main heimdal if that apears to not break the build on other platforms metze (This used to be commit cb0259627976c10906016233fb27a1d05ae7e4b0)
2007-10-10r8464: the last few functions needed by irix 6.4.Andrew Tridgell5-0/+383
(This used to be commit 903d963ca8fdefa23eaa77b5117d90b6b84866ab)
2007-10-10r8463: more irix fixes. This one adds some missing addrinfo functionsAndrew Tridgell3-0/+551
(This used to be commit 87f7098ee3a24be202b6aaa1ab2a4e44b7b89975)
2007-10-10r8420: slowly getting my way through some more heimdal portability fixesAndrew Tridgell1-0/+88
(This used to be commit 59c3de6ca8b8e153e5cfd67da5f2afc2e23d36db)
2007-10-10r8310: replace the heimdal networking interface scanning code with glue code ↵Andrew Tridgell2-1477/+0
that uses the Samba interfaces list. This makes heimdal obey the 'interfaces=' smb.conf option, and should also fix the portability problems with the heimdal code (This used to be commit ba621d1c554e135f449a144019b84719a086e04f)
2007-10-10r8307: try to cope with flex and bison not being installed, in a similar ↵Andrew Tridgell6-0/+7230
fashion to yapp for pidl if they are installed, then we rebuild the generated files, otherwise we use the ones in svn (This used to be commit 6ab503b7cc902b8691dc80907bb44f1f705ab8ee)
2007-10-10r8302: import mini HEIMDAL into the treeHeimdal Import User240-0/+75318
(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)
generated by cgit (git 2.34.1) at 2024-11-01 01:41:55 +0000