Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix starting tests in shared library build.
(This used to be commit 3b65a0d6e491a57ed216dc0cd9c31d46e0cb6a35)
|
|
libraries.
(This used to be commit 4422031d1d9307539832cee165c5071ff12943e7)
|
|
should _krb5_find_type_in_ad() also take a const?
metze
(This used to be commit addc31bd9309cb2b41cbb548c82c80de1cf96c4f)
|
|
support for netbios domain based realms
metze
(This used to be commit dcec6eebf1b474ae3055449efebf491b1106a458)
|
|
when the client is using the netbios domain name as realm.
we should match this and not rewrite the principal.
This matches what windows give:
metze@SERNOX:~/prefix/lorikeet-heimdal/bin> ./kinit administrator@SERNOXDOM4
administrator@SERNOXDOM4's Password:
metze@SERNOX:~/prefix/lorikeet-heimdal/bin> ./klist
Credentials cache: FILE:/tmp/krb5cc_10000
Principal: administrator@SERNOXDOM4.MX.BASE
Issued Expires Principal
Nov 11 13:37:52 Nov 11 23:37:52 krbtgt/SERNOXDOM4@SERNOXDOM4.MX.BASE
Note:
I need to disable the principal checks in heimdal's
_krb5_extract_ticket() for the kinit to work.
Any ideas how to change heimdal to support this.
For the service principal we should use
the realm and principal in req->kdc_rep.enc_part
instead of the unencrypted req->kdc.ticket.sname
and req->kdc.ticket.realm to have a trusted value.
I'm not sure what we can do with the client realm...
metze
(This used to be commit cfee02143f06ed6ff5832e95fa69634f5dd883da)
|
|
- remove ipv6 support untill the resolve layer can give ipv6 addresses
metze
(This used to be commit 1e518c3e675e6952044bc0fdf2537be432c0c56f)
|
|
valrind issues on fort, because we won't hit NSS any more.
Andrew Bartlett
(This used to be commit 6f67fa01ab4f946c9a9aae0d4e8d028153873e04)
|
|
negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend
by some means or other.
Andrew Bartlett
(This used to be commit 476452e143f61a3878a3646864729daaddccdf68)
|
|
Andrew Bartlett
(This used to be commit ffce0087759d45a8dff8647feffa3bedbf42023b)
|
|
metze
(This used to be commit 643a38bc30a0df1582035b8d264e0dbbc2d2e152)
|
|
gsskrb5_set_default_realm(), which should fix mimir's issues.
Andrew Bartlett
(This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
|
|
metze
(This used to be commit f02f7ed19db2be8e23b1a5850082c9f9da35c028)
|
|
metze
(This used to be commit a5d36a6ddefb8c24e748b839391241da41e31440)
|
|
to the ildap backend
metze
(This used to be commit a996d2633600d32b2c2c04edebd0b901c627f00b)
|
|
rafal
(This used to be commit 1ea37bf3b32a7f534b3ae1918fc6336ef062f8ab)
|
|
metze
(This used to be commit 800999733eb2f35486a62fb8fa9d179c8ca312fa)
|
|
metze
(This used to be commit 617f9c70c1b61e0fd4338048bbd94e7a4722ad9d)
|
|
rafal
(This used to be commit 73e3f7efa71ca07a42215b044cd9a20762cf2694)
|
|
Always build and install .pc files as they make sense for static libs
as well.
(This used to be commit 82cb91e2dd50899050066cccee82cb5be52ec3fe)
|
|
(or something like that).
In any case, we need to stick with the initiator subkey for now, until
we figure out what Vista uses for the CIFS session key.
Andrew Bartlett
(This used to be commit b91a921e1393581ca0102ad1f49a1075acb91b4e)
|
|
(This used to be commit e8f2a086be2a0553467738df711b1450ba559848)
|
|
favour of a more tasteful replacement.
Remove kerberos_verify.c, as we don't need that code any more.
Replace with code for using the new krb5_rd_req_ctx() borrowed from
Heimdal's accecpt_sec_context.c
Andrew Bartlett
(This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
|
|
full database name. The existing code (needed for when we use the HDB
as a keytab, such as for the kpasswd service) only works for HDB
keytabs not prefixed with a type.
Andrew Bartlett
(This used to be commit 12dc157daea4a20200f910d8e71c49670e35ef50)
|
|
shared libraries are actually used.
(This used to be commit 93e4f093b946cbb1b6deca82efdf0d5f033128b8)
|
|
Useful when testing calls against windows servers with krb auth.
rafal
(This used to be commit 0725e2ddebde9c170340d0284a1573222caa2159)
|
|
Andrew Bartlett
(This used to be commit 247b9f1ca907cf921087e6840400ddf68289b8f2)
|
|
Larry told me that most context flags needed to be set to, otherwise
it wouldn't work.
This fixes DCE_STYLE against Win2k3 SP1. It seems they just tightened
up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in
the session setup too (being the wrong layer).
Andrew Bartlett
(This used to be commit b2b77f34a4d0cebb828cac7bf9a73826fecab5b6)
|
|
configure checks
and working shared libraries
metze
(This used to be commit 25376f748c6f2da48a8bf7e0aa0d59befb9db4f3)
|
|
metze
(This used to be commit b6d1fd1b24d09049fcd432a804ad905e89fcc224)
|
|
they all have unresolved symbols and are useless
and produce noise in the build-farm
metze
(This used to be commit 3f8b776f630488aaec9f0ffcc099b01dcab02f3f)
|
|
- fix default for enable-dso to no
metze
(This used to be commit 47b113e5dbd33ab91246029af9293809824c5395)
|
|
generate more output
metze
(This used to be commit a07b11924c16d51cda484d417d9e1201278b03cb)
|
|
metze
(This used to be commit 846553085e57bda44fda2a541bf00517d3586e8c)
|
|
(it doesn't compile on suse 10.1 because gethostname() isn't found,
unistd.h isn't included...)
as we don't need the spnego mech, disable it till it gets fixed in heimdal
metze
(This used to be commit 0a52e11a9c34281c9ea284e007086b2ae6fce6c7)
|
|
this should fix the portability of samba4
metze
(This used to be commit 497543a17eaea16c3c7f379ed238e573427e28da)
|
|
metze
(This used to be commit 1ca8651a59e95eeca2942e5e66c2141e3f65dd9f)
|
|
metze
(This used to be commit bec1783c4c8ebba76c5467982c96e823491ce023)
|
|
the samba4 heimdal copy should do not need to use socket_wrapper
metze
(This used to be commit 704fe739406fb5eae38f4be9602b77be5ea1dff1)
|
|
metze
(This used to be commit df4c2b9c7966f861adf5324714c712bbb5af3daa)
|
|
metze
(This used to be commit 59fe6cfaba2eb39cb5ff33110e830c4c9b21fb95)
|
|
configure vars
we want to use in perl...
metze
(This used to be commit 2b021e2d8cff1a097068810d379fc0dca6869654)
|
|
(this fixes the auto dependency build)
metze
(This used to be commit 0798e678e742afc78c9a1d278322094ff1761dfa)
|
|
(fix the build the auto dependencies)
- add tabs
metze
(This used to be commit 03afa231ff8df98d3a0a01568a4c27370402ef16)
|
|
Andrew Bartlett
(This used to be commit 7b7e1fe15358d9ed1893305fbf8a1010293ed772)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
Ensure that we don't accept kerberos logins without a PAC (to ensure
we actually produce a PAC in the KDC)
Andrew Bartlett
(This used to be commit 5fda92783f3d53e4a832dbbea678b5bd16f315fd)
|
|
(This used to be commit c3be4a980ce6cb82c2a6a442065a028a3c23a7f3)
|
|
(This used to be commit 0da2bbcf766dc25805ad583fae185045bb390a5f)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
Supply the correct OID to the error display functions.
Rework the session key functions.
Andrew Bartlett
(This used to be commit 363628c13f4e4a8904802dcf4d80e296ed2f9e02)
|