| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security issues
|
|
|
|
|
|
"strdup" does always create a new object in the memory (through "malloc") which
needs to be freed if it isn't used anymore.
|
|
Karolin
|
|
Andrew using cp like in commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78
is wrong as that removes #include "config.h" and breaks the build on AIX.
metze
|
|
This is a fairly ugly workaround, but then again, strerror_r() is a
very ugly mess.
|
|
This caused samba4kinit to segfault on some systems
|
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
b532c294d974cead40a1183c71be644c6ccc2832)
This fixes up connections to Windows 2003, because the previous import
had a broken arcfour-hmac-md5 implementation (fixed in Heimdal
316fc6ff8ffb0cbb1ef3689685e9977c37405bc4)
Andrew Bartlett
|
|
We should be able to rebuild these, but a cp is easier :-)
|
|
9291fd2d101f3eecec550178634faa94ead3e9a1)
|
|
290db8d23647a27c39b97c189a0b2ef6ec21ca69)
|
|
Renamed the variable "str" in the nested block to "str2" to prevent the collision
with "str" in the main function block.
|
|
The issue was that we would free the entry after the database, not
knowing that the entry was a talloc child of the database.
Andrew Bartlett
|
|
in error cases)
|
|
- Shadowed variables
- "const" related warnings
- Parameter names which shadow function declarations
- Non-void functions which have no return value
(patch also ported upstream)
|
|
metze
|
|
370a73a74199a5a55188340906e15fd795f67a74)
This removes some of the portability changes made to code under
heimdal/
If these are still required, then we will re-add them with code under
heimdal_build/ (so that we can simply 'drop in' future heimdal
releases).
Andrew Bartlett
|
|
8714779fa7376fd9f7761587639e68b48afc8c9c)
This also adds a new hdb-glue.c file, to cope with Heimdal's
uncondtional enabling of SQLITE.
(Very reasonable, but not required for Samba4's use).
Andrew Bartlett
|
|
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ. (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
Andrew Bartlett
|
|
This extends the hdb_keytab code to allow enumeration of all the keys.
The plan is to allow ktutil's copy command to copy from Samba4's
hdb_samba4 into a file-based keytab used in wireshark.
One day, with a few more hacks, we might even make this a loadable
module that can be used directly...
Andrew Bartlett
|
|
d09910d6803aad96b52ee626327ee55b14ea0de8)
This includes in particular changes to the KDC to resolve bug 6272,
originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We
need to sort the AuthorizationData elements to put the PAC first, or
else WinXP breaks when browsed from Win2k8.
Andrew Bartlett
|
|
2bef9cd5378c01e9c2a74d6221761883bd11a5c5)
|
|
We had previously assumed it was unconditional. Samba3 didn't mind
very much, but Samba4's samba3-like client did, and the behaviour
differed to Win2008 behaviour.
Andrew Bartlett
|
|
last import
Also commit the regenerated files for systems without yacc and lex.
This fixes the build with automatic dependecies for me.
metze
|
|
this is 73dbbe0d54 re-added. abartlet, please pick this to lorikeet.
|
|
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
|
|
This requires a rework on Heimdal's windc plugin layer, as we want
full control over what tickets Heimdal will issue. (In particular, in
case our requirements become more complex in future).
The original problem was that Heimdal's check would permit the ticket,
but Samba would then deny it, not knowing it was for kadmin/changepw
Also (in hdb-samba4) be a bit more careful on what entries we will
make the 'change_pw' service mark that this depends on.
Andrew Bartlett
|
|
904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
|
|
Patch from Timur I. Bakeyev sent to samba-technical:
Heimdal requires openpty() presence. FreeBSD has in in standard libc, so
autodetection works, but compilation fails, as declaration of this function is
missing.
This patch adds proper header detection and inclusion for openpty().
|
|
with a libintl.h before.
Jeremy.
|
|
Jeremy.
|
|
metze
|
|
metze
|
|
metze
|
|
This should fix a build problem on IRIX.
metze
|
|
This should fix problems with the IRIX build.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
(This was not entered in lorikeet-heimdal.diff, so missed by metze's import).
Andrew Bartlett
|
|
support for the underlying functions now.
|
|
metze
|
|
remove some unused functions.
|
|
smaba4kpasswd will be used to test the kpasswdd componet of the KDC
(which is up until now untested), and rkpty is an expect-like wrapper
we can use to blackbox that utility.
Andrew Bartlett
|
|
|
|
This avoids one more custom patch to the Heimdal code, and provides a
more standard way to produce hdb plugins in future.
I've renamed from hdb_ldb to hdb_samba4 as it really is not generic
ldb.
Andrew Bartlett
|
|
(This used to be commit cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8)
|
