summaryrefslogtreecommitdiffstats
path: root/source4/heimdal/lib/gssapi
Commit message (Collapse)AuthorAgeFilesLines
* heimdal: Fix 241482 Resource leakVolker Lendecke2013-11-111-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s4-heimdal: Remove the execute flag of cfx.c.Andreas Schneider2012-02-231-0/+0
| | | | | The scripts which are extracting debuginfo are looking for files with the executable bit and find cfx.c which isn't a executable.
* use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3Andrew Bartlett2012-01-121-0/+8
| | | | | | | This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-201107241840 (commit ↵Stefan Metzmacher2011-07-267-39/+55
| | | | 0fdf11fa3cdb47df9f5393ebf36d9f5742243036)
* s4:heimdal: add missing filesStefan Metzmacher2011-07-153-0/+245
| | | | metze
* s4:heimdal: import lorikeet-heimdal-201107150856 (commit ↵Stefan Metzmacher2011-07-1569-495/+995
| | | | 48936803fae4a2fb362c79365d31f420c917b85b)
* Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2Jelmer Vernooij2011-03-149-2/+152
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
* s4:heimdal: import lorikeet-heimdal-201101310455 (commit ↵Andrew Bartlett2011-02-0231-104/+109
| | | | aa88eb1a05c4985cc23fb65fc1bad75bdce01c1f)
* heimdal_build: Add version-script for gssapi.Jelmer Vernooij2010-12-171-0/+180
|
* s4:heimdal: import lorikeet-heimdal-201012010201 (commit ↵Andrew Bartlett2010-12-0115-244/+1317
| | | | 81fe27bcc0148d410ca4617f8759b9df1a5e935c)
* s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERYAndrew Tridgell2010-11-171-1/+5
| | | | | | | | | this e_data field in a kerberos error packet tells windows to do clock skew recovery. See [MS-KILE] 2.2.1 KERB-ERROR-DATA Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:heimdal: import lorikeet-heimdal-201011102149 (commit ↵Andrew Bartlett2010-11-151-14/+13
| | | | 5734d03c20e104c8f45533d07f2a2cbbd3224f29)
* heimdal Add clock-skew handling to DCE-style GSSAPIAndrew Bartlett2010-11-081-39/+65
| | | | | | | | | | | The clock skew handling was previously only on properly wrapped GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors from the krb5_rd_req to suggest parsing as a kerberos error packet. Andrew Bartlett Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
* s4:heimdal: import lorikeet-heimdal-201009250123 (commit ↵Matthieu Patou2010-10-03101-525/+500
| | | | | | | | | 42cabfb5b683dbcb97d583c397b897507689e382) I based this on Matthieu's import of lorikeet-heimdal, and then updated it to this commit. Andrew Bartlett
* heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett2010-09-283-1/+35
| | | | | | | If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-201003262338 (commit ↵Andrew Bartlett2010-03-277-11/+108
| | | | f4e0dc17709829235f057e0e100d34802d3929ff)
* s4:heimdal: import lorikeet-heimdal-201001120029 (commit ↵Andrew Bartlett2010-03-279-38/+61
| | | | a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
* s4:heimdal: import lorikeet-heimdal-200911170333 (commit ↵Andrew Bartlett2009-11-176-12/+0
| | | | | | | | | | b532c294d974cead40a1183c71be644c6ccc2832) This fixes up connections to Windows 2003, because the previous import had a broken arcfour-hmac-md5 implementation (fixed in Heimdal 316fc6ff8ffb0cbb1ef3689685e9977c37405bc4) Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200911122202 (commit ↵Andrew Bartlett2009-11-131-9/+7
| | | | 9291fd2d101f3eecec550178634faa94ead3e9a1)
* s4:heimdal: import lorikeet-heimdal-200909210500 (commit ↵Andrew Bartlett2009-11-1377-533/+611
| | | | 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
* s4:heimdal/gssapi/krb5: set cred_handle in _gsskrb5_import_credStefan Metzmacher2009-09-181-0/+1
| | | | metze
* s4:heimdal: import lorikeet-heimdal-200908052208 (commit ↵Andrew Bartlett2009-08-061-4/+5
| | | | | | | | | | | | | 370a73a74199a5a55188340906e15fd795f67a74) This removes some of the portability changes made to code under heimdal/ If these are still required, then we will re-add them with code under heimdal_build/ (so that we can simply 'drop in' future heimdal releases). Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200908050050 (commit ↵Andrew Bartlett2009-08-0519-67/+727
| | | | | | | | | | | 8714779fa7376fd9f7761587639e68b48afc8c9c) This also adds a new hdb-glue.c file, to cope with Heimdal's uncondtional enabling of SQLITE. (Very reasonable, but not required for Samba4's use). Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200907162216 (commit ↵Andrew Bartlett2009-07-171-0/+6
| | | | | | | | | | | d09910d6803aad96b52ee626327ee55b14ea0de8) This includes in particular changes to the KDC to resolve bug 6272, originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We need to sort the AuthorizationData elements to put the PAC first, or else WinXP breaks when browsed from Win2k8. Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200907152325 (commit ↵Andrew Bartlett2009-07-1649-411/+871
| | | | 2bef9cd5378c01e9c2a74d6221761883bd11a5c5)
* s4:heimdal The implied GSS_C_MUTUAL_FLAG depends on AP_OPTS_MUTUAL_REQUIREDAndrew Bartlett2009-07-161-1/+4
| | | | | | | | We had previously assumed it was unconditional. Samba3 didn't mind very much, but Samba4's samba3-like client did, and the behaviour differed to Win2008 behaviour. Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett2009-06-1272-494/+964
| | | | | | | | | | | 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
* s4: import lorikeet-heimdal-200810271034Stefan Metzmacher2008-10-2872-1768/+1838
| | | | metze
* heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patchesStefan Metzmacher2008-08-26120-255/+398
| | | | | | | This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo. metze (This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53)
* heimdal_build: autogenerate the heimdal private/proto headersStefan Metzmacher2008-08-262-1041/+0
| | | | | | | | Now it's possible to just use a plain heimdal tree in source/heimdal/ without any pregenerated files. metze (This used to be commit da333ca7113f78eeacab4f93b401f075114c7d88)
* Revert "gsskrb5: add support for DCE_STYLE and des and des3 keys"Stefan Metzmacher2008-08-262-64/+22
| | | | | | | | | This reverts commit 86848dd0f217774faed81af8fbf68618013e20a1. This should come back via a merge from heimdal's trunk later. metze (This used to be commit 585e5360e2d9f722e80850eb86c3d4253530e8ba)
* Revert "gsskrb5: always return an acceptor subkey"Stefan Metzmacher2008-08-261-18/+4
| | | | | | | | | | This reverts commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8. This isn't strictly needed and will come back in the next merge from heimdal's trunk. metze (This used to be commit 8ed040c8c4bed082ab74ab267090b35bb57db3f3)
* gsskrb5: always return an acceptor subkeyStefan Metzmacher2008-08-141-4/+18
| | | | | | | | For non cfx keys it's the same as the intiator subkey. This matches windows behavior. metze (This used to be commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8)
* gsskrb5: try to be compatible with windows for gss_wrap* and cfxStefan Metzmacher2008-08-082-11/+39
| | | | | | | | | The good thing is that windows and heimdal both use EC=0 in the non DCE_STYLE case, so we need the windows compat hack only in DCE_STYLE mode. metze (This used to be commit 0fa41a94e466d5e11bcf362ccd8ff41b72733d1a)
* gsskrb5: add support for DCE_STYLE and des and des3 keysStefan Metzmacher2008-08-082-22/+64
| | | | | | | Only the des keys are tested as windows doesn't support des3 metze (This used to be commit 86848dd0f217774faed81af8fbf68618013e20a1)
* heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.cStefan Metzmacher2008-08-011-0/+69
| | | | | metze (This used to be commit 3bd7e68a5cfe80733782367e327b570d04b21586)
* heimdal: update to lorikeet-heimdal rev 801Stefan Metzmacher2008-08-0171-466/+893
| | | | | metze (This used to be commit d6c54a66fb23c784ef221a3c1cf766b72bdb5a0b)
* gsskrb5: just don't force, but allow the flags when GSS_CF_NO_CI_FLAGS is givenStefan Metzmacher2008-06-271-0/+6
| | | | | metze (This used to be commit f10c9ca3612d7bdc4c2c221e959f8c48ec2f9349)
* gsskrb5: fix gss_krb5_cred_no_ci_flags_x_oid_desc variable nameStefan Metzmacher2008-06-271-2/+2
| | | | | metze (This used to be commit d88be1a1cb543b4e2cc5d15262da786558aa276d)
* krb5_init_sec_context: skip the token header when GSS_C_DCE_STYLE is specifiedStefan Metzmacher2008-06-021-5/+11
| | | | | | | | | | Windows (and heimdal) accepts packets with token header in the server, but it doesn't match the windows client. We now match the windows client and that fixes also the display in wireshark. metze (This used to be commit 58f66184f0f732a78e86bbb0f3c29e920f086d08)
* Merge lorikeet-heimdal -r 787 into Samba4 tree.Andrew Bartlett2008-03-1919-124/+254
| | | | | Andrew Bartlett (This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2)
* r24614: Merge with current lorikeet-heimdal. This brings us one step closerAndrew Bartlett2007-10-1012-76/+87
| | | | | | | to an alpha release. Andrew Bartlett (This used to be commit 30e02747d511630659c59eafec8d28f58605943b)
* r23678: Update to current lorikeet-heimdal (-r 767), which should fix theAndrew Bartlett2007-10-1014-121/+136
| | | | | | | panics on hosts without /dev/random. Andrew Bartlett (This used to be commit 14a4ddb131993fec72316f7e8e371638749e6f1f)
* r23456: Update Samba4 to current lorikeet-heimdal.Andrew Bartlett2007-10-10125-569/+1059
| | | | | Andrew Bartlett (This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f)
* r20640: Commit part 2/2Andrew Bartlett2007-10-1052-1347/+1745
| | | | | | | | | | Update Heimdal to match current lorikeet-heimdal. This includes integrated PAC hooks, so Samba doesn't have to handle this any more. This also brings in the PKINIT code, hence so many new files. Andrew Bartlett (This used to be commit 351f7040f7bb73b9a60b22b564686f7c2f98a729)
* r20139: only add GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG if the caller ↵Stefan Metzmacher2007-10-101-2/+5
| | | | | | | | | | | requested it! this is needed to create plain, singed or sealed LDAP connections. this should go into lorikeet and main heimdal... metze (This used to be commit 75c037cae21714e394a63f2506387e1049eb4406)
* r19681: Update to current lorikeet-heimdal. I'm looking at using the realmAndrew Bartlett2007-10-106-116/+179
| | | | | | | | lookup plugin, the new PAC validation code as well as Heimdal's SPNEGO implementation. Andrew Bartlett (This used to be commit 05421f45ed7811697ea491e26c9d991a7faa1a64)
* r19650: Allow Samba to use Heimdal's SPNEGO code. Currently this can onlyAndrew Bartlett2007-10-102-5/+4
| | | | | | | | negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend by some means or other. Andrew Bartlett (This used to be commit 476452e143f61a3878a3646864729daaddccdf68)
* r19644: Merge up to current lorikeet-heimdal, incling addingAndrew Bartlett2007-10-105-22/+100
| | | | | | | gsskrb5_set_default_realm(), which should fix mimir's issues. Andrew Bartlett (This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
* r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in ↵Andrew Bartlett2007-10-1011-132/+162
| | | | | | | | | | | favour of a more tasteful replacement. Remove kerberos_verify.c, as we don't need that code any more. Replace with code for using the new krb5_rd_req_ctx() borrowed from Heimdal's accecpt_sec_context.c Andrew Bartlett (This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
generated by cgit (git 2.34.1) at 2025-08-30 16:38:04 +0000