Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 6a9b6373273f135fe012a6603707d77c2a65e9fa)
|
|
metze
(This used to be commit a2a8aa322d722bd8a1ab672eacfe2f812d621f84)
|
|
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
|
|
'mock GSSAPI'.
Many thanks to Luke Howard for the work he has done on Heimdal for
XAD, to provide the right API hooks in GSSAPI.
Next step is to verify the signatures, and to build the PAC for the
KDC end.
Andrew Bartlett
(This used to be commit 2e82743c98e563e97c5a215d09efa0121854d0f7)
|
|
(they are needed when you use the in-tree heimdal)
(This used to be commit 53b2cdcda56746256b2ede3f0f482e854c700b3f)
|
|
Some of these should probably be re-added again later when
we need them. They should then be added to the appropriate config.m4 file
in the source tree rather then in rewrite.m4.
(This used to be commit 4eca613470139f6425f454aea016566f9deffa3e)
|
|
heimdal_build/config.h
Andrew Bartlett
(This used to be commit 337cb20ac45c95b8a6d0c90dfef4bdac591ba39a)
|
|
(which gets included by heimdal, or shoudl be) into
auth/kerberos/kerberos.h (which is used by Samba, but not by the
Heimdal code).
Andrew Barteltt
(This used to be commit 3f473a93778b1350df3f7aac07b64008988a059d)
|
|
This will however still be useful when we have crypt() based
authentication.
Andrew Bartlett
(This used to be commit 005e2c0cfed11010685ebc3f3a69cf9f484c958a)
|
|
(This used to be commit 3fe00b61147e09159ef02328a7f1d8f7805abf0d)
|
|
as krb5_closelog() no longer leaks memory.
Andrew Bartlett
(This used to be commit b0bf8a4a5f04b65655f4005b27c80eb098039720)
|
|
real install. (ie run ./configure against heimdal installed, and
record the output).
Andrew Bartlett
(This used to be commit 4cba1edd5cdb9797288cbcc5405eb1f5cae7182d)
|
|
(This used to be commit 0f2943ac175c4e2fee6f68c9909d74b2018f40a2)
|
|
(This used to be commit 2209655c802db01dd35778efd7857503a7e50b9f)
|
|
- if you want kerberos now, you need to unpack a lorikeet heimdal
tree in source/heimdal/. If source/heimdal/ does not exist at
configure time then all kerberos features are disabled. You cannot
use an external kerberos library for now. That may change later.
- moved lib/replace/ config stuff to lib/replace/ and create a
lib/replace/replace.h. That allows the heimdal build to use our
portability layer, and prevenets duplicate definitions of functions
like strlcat()
- if you do enable heimdal, then you will need to do 'make
HEIMDAL_EXTERNAL' before you build Samba. That should be fixed once
I explain the problem to jelmer (the problem is the inability to
set a depend without also dragging in the object list of the
dependency. We need this for building the heimdal asn1 compiler and
et compiler.
- disabled all of the m4 checks for external kerberos libraries. I
left them in place in auth/kerberos/, but disabled it in
configure.in
some of the heimdal_build/ code is still very rough, for example I
don't correctly detect the correct awk, flex, bison replacements for
heimdal_build/build_external.sh. I expect to fix that stuff up over
the next few days.
(This used to be commit d4648249b2c7fc8b5e7c0fc8d8f92ae043b5691f)
|
|
(This used to be commit e6a2174050bb55afb32d54b8cfe12c7358bf98f2)
|