summaryrefslogtreecommitdiff
path: root/source4/heimdal
AgeCommit message (Collapse)AuthorFilesLines
2010-11-12heimdal Return HDB_ERR_NOT_FOUND_HERE to the callerAndrew Bartlett3-11/+34
This means that no reply packet should be generated, but that instead the user of the libkdc API should forward the packet to a real KDC, that has a full database. Andrew Bartlett
2010-11-11heimdal Don't dereference NULL in error verify_checksum error pathAndrew Bartlett1-1/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104
2010-11-08heimdal: fixed a shadowed variable warning for error_messageAndrew Tridgell1-23/+23
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-08heimdal Add clock-skew handling to DCE-style GSSAPIAndrew Bartlett1-39/+65
The clock skew handling was previously only on properly wrapped GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors from the krb5_rd_req to suggest parsing as a kerberos error packet. Andrew Bartlett Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
2010-11-02heimdal Add handling for PAC signatures over all encryption typesAndrew Bartlett2-24/+89
There are exceptions from the expected behaviour of 'checksum type matches key type' that we must deal with here, or else we can't serve DES-only servers. Andrew Bartlett
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij5-227/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-30s4-heimdal: lex_err_message() should not be staticAndrew Tridgell1-2/+2
2010-10-30s4-heimdal: fixed the use of error_message() in heimdalAndrew Tridgell12-47/+49
the lex code in heimdal had a function error_message() which conflicts with a function from the com_err library. This replaces it with lex_err_message() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-03Add new files for sha512 supportAndrew Bartlett1-0/+274
2010-10-03s4:heimdal: import lorikeet-heimdal-201010022046 (commit ↵Andrew Bartlett24-125/+418
1bea031b9404b14114b0272ecbe56e60c567af5c)
2010-10-03s4:heimdal: import lorikeet-heimdal-201009250123 (commit ↵Matthieu Patou382-1687/+34153
42cabfb5b683dbcb97d583c397b897507689e382) I based this on Matthieu's import of lorikeet-heimdal, and then updated it to this commit. Andrew Bartlett
2010-10-02heimdal use returned server entry from HDB to compare realmsAndrew Bartlett1-1/+1
Some hdb modules (samba4) may change the case of the realm in a returned result. Use that to determine if it matches the krbtgt realm also returned from the DB (the DB will return it in the 'right' case) Andrew Bartlett
2010-09-30heimdal: added verbose logging of hemimdal crypto errorsAndrew Bartlett1-2/+15
2010-09-28heimdal: fixed timegm UTC/GMT bugAndrew Tridgell1-15/+6
This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett3-1/+35
If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
2010-09-29heimdal Fix DNS name qualification to not mangle IP addressesAndrew Bartlett1-5/+23
If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett
2010-09-29heimdal Add an error code for use in the RODCAndrew Bartlett1-0/+1
In this case, the whole request packet should be forwarded to a real KDC, with full secrets, as we don't have the password. This could also be used to implement 'play dead when the LDAP server is down'. Andrew Bartlett
2010-09-29heimdal Add support for extracting a particular KVNO from the databaseAndrew Bartlett7-19/+54
This should allow master key rollover. (but the real reason is to allow multiple krbtgt accounts, as used by Active Directory to implement RODC support) Andrew Bartlett
2010-09-27heimdal: avoid DNS search domain expansion Andrew Tridgell1-1/+16
When you have a domain search list in resolv.conf, and one of the DNS servers for a searched domain is uncontactable then we would timeout resolving DNS names. Avoid this by adding a '.' to the hostname if the hostname already has a '.' in it, which we assume to mean it is fully qualified.
2010-06-01s4-heimdal: Fix typo in comment.Karolin Seeger1-1/+1
Karolin
2010-05-11s4:heimdal: remove unused heimdal/lib/hcrypto/evp-cc.cStefan Metzmacher1-659/+0
metze
2010-04-13s4-heimdal: Fix typo in comment.Karolin Seeger1-1/+1
Karolin
2010-04-10s4:heimdal Create a new PAC when impersonating a user with S4U2SelfAndrew Bartlett1-4/+46
If we don't do this, the PAC is given for the machine accout, not the account being impersonated. Andrew Bartlett
2010-04-10s4:heimdal Add hooks to check with the DB before we allow s4u2selfAndrew Bartlett2-5/+42
This allows us to resolve multiple forms of a name, allowing for example machine$@REALM to get an S4U2Self ticket for host/machine@REALM. Andrew Bartlett
2010-04-09s4-krb5: Fix typos in comment.Karolin Seeger1-1/+1
Karolin
2010-03-27s4:heimdal Use correct variable to advance past -- options in kpasswdAndrew Bartlett1-2/+2
This bug was introduced when kpasswd was migrated to a local getarg() call, in Heimdal commit 7dd146072cd9b56d660a01f4aa20f8d81be356e8 Andrew Bartlett
2010-03-27s4:heimal Update generated files (cp from Heimdal)Andrew Bartlett5-477/+459
2010-03-27s4:heimdal: import lorikeet-heimdal-201003262338 (commit ↵Andrew Bartlett39-257/+381
f4e0dc17709829235f057e0e100d34802d3929ff)
2010-03-27s4:heimdal New files and supporting logic for heimdal updateAndrew Bartlett4-0/+1353
2010-03-27s4:heimdal: import lorikeet-heimdal-201001120029 (commit ↵Andrew Bartlett222-1939/+4091
a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
2010-03-16kerberos - set the memory to "0"s before freeing the password to prevent ↵Matthias Dieter Wallnöfer1-2/+6
security issues
2010-03-16heimdal - remove unused variableMatthias Dieter Wallnöfer1-1/+0
2010-03-16heimdal - fix overlapped identifiers in the "krb5" libraryMatthias Dieter Wallnöfer3-11/+11
2010-03-16heimdal - free always "ctx->password" when it isn't needed anymoreMatthias Dieter Wallnöfer1-1/+3
"strdup" does always create a new object in the memory (through "malloc") which needs to be freed if it isn't used anymore.
2010-02-15s4-heimdal: Fix typos in comment.Karolin Seeger1-1/+1
Karolin
2010-02-08s4:heimdal: regerenate filesStefan Metzmacher9-173/+218
Andrew using cp like in commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78 is wrong as that removes #include "config.h" and breaks the build on AIX. metze
2009-12-14heimdal: work around differences between GNU and XSI strerror_r()Andrew Tridgell1-2/+10
This is a fairly ugly workaround, but then again, strerror_r() is a very ugly mess.
2009-12-08s4-heimdal: fixed a use-after-free heimdal bugAndrew Tridgell1-0/+1
This caused samba4kinit to segfault on some systems
2009-12-08krb5: Fix leaked hx509_context pointerKamen Mazdrashki1-0/+4
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-24heimdal Fix invalid format stringAndrew Bartlett1-1/+1
2009-11-17s4:heimdal: import lorikeet-heimdal-200911170333 (commit ↵Andrew Bartlett9-25/+8
b532c294d974cead40a1183c71be644c6ccc2832) This fixes up connections to Windows 2003, because the previous import had a broken arcfour-hmac-md5 implementation (fixed in Heimdal 316fc6ff8ffb0cbb1ef3689685e9977c37405bc4) Andrew Bartlett
2009-11-13s4:heimdal Import generated files from heimdal treeAndrew Bartlett9-827/+1185
We should be able to rebuild these, but a cp is easier :-)
2009-11-13s4:heimdal: import lorikeet-heimdal-200911122202 (commit ↵Andrew Bartlett59-646/+1168
9291fd2d101f3eecec550178634faa94ead3e9a1)
2009-11-13s4:heimdal: import lorikeet-heimdal-200909210500 (commit ↵Andrew Bartlett137-2178/+4114
290db8d23647a27c39b97c189a0b2ef6ec21ca69)
2009-10-21heimdal - hdb/ext.c - fix a "shadows variable" warningMatthias Dieter Wallnöfer1-4/+4
Renamed the variable "str" in the nested block to "str2" to prevent the collision with "str" in the main function block.
2009-10-14s4:heimdal A real fix for bug 6801Andrew Bartlett1-3/+3
The issue was that we would free the entry after the database, not knowing that the entry was a talloc child of the database. Andrew Bartlett
2009-10-03heimdal kerberos - fix memory leak (free the plugin list always - not only ↵Matthias Dieter Wallnöfer1-1/+1
in error cases)
2009-10-03heimdal - fix various warningsMatthias Dieter Wallnöfer7-24/+24
- Shadowed variables - "const" related warnings - Parameter names which shadow function declarations - Non-void functions which have no return value (patch also ported upstream)
2009-09-18s4:heimdal/gssapi/krb5: set cred_handle in _gsskrb5_import_credStefan Metzmacher1-0/+1
metze
2009-08-06s4:heimdal: import lorikeet-heimdal-200908052208 (commit ↵Andrew Bartlett33-117/+31
370a73a74199a5a55188340906e15fd795f67a74) This removes some of the portability changes made to code under heimdal/ If these are still required, then we will re-add them with code under heimdal_build/ (so that we can simply 'drop in' future heimdal releases). Andrew Bartlett