summaryrefslogtreecommitdiffstats
path: root/source4/heimdal/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* heimdal regenate lex and yacc filesAndrew Bartlett2010-11-159-3475/+2672
|
* Add attribute macros for Heimdal to useAndrew Bartlett2010-11-151-0/+304
| | | | | | | | Heimdal uses HEIMDAL_NORETURN_ATTRIBUTE and HEIMDAL_PRINTF_ATTRIBUTE, and we need to provide a link between these and Samba's function attribute handling. Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-201011102149 (commit ↵Andrew Bartlett2010-11-1545-11202/+1344
| | | | 5734d03c20e104c8f45533d07f2a2cbbd3224f29)
* heimdal Don't dereference NULL in error verify_checksum error pathAndrew Bartlett2010-11-111-1/+1
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104
* heimdal: fixed a shadowed variable warning for error_messageAndrew Tridgell2010-11-081-23/+23
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal Add clock-skew handling to DCE-style GSSAPIAndrew Bartlett2010-11-081-39/+65
| | | | | | | | | | | The clock skew handling was previously only on properly wrapped GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors from the krb5_rd_req to suggest parsing as a kerberos error packet. Andrew Bartlett Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
* heimdal Add handling for PAC signatures over all encryption typesAndrew Bartlett2010-11-022-24/+89
| | | | | | | | There are exceptions from the expected behaviour of 'checksum type matches key type' that we must deal with here, or else we can't serve DES-only servers. Andrew Bartlett
* s4-heimdal: lex_err_message() should not be staticAndrew Tridgell2010-10-301-2/+2
|
* s4-heimdal: fixed the use of error_message() in heimdalAndrew Tridgell2010-10-3012-47/+49
| | | | | | | | the lex code in heimdal had a function error_message() which conflicts with a function from the com_err library. This replaces it with lex_err_message() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* Add new files for sha512 supportAndrew Bartlett2010-10-031-0/+274
|
* s4:heimdal: import lorikeet-heimdal-201010022046 (commit ↵Andrew Bartlett2010-10-0319-106/+389
| | | | 1bea031b9404b14114b0272ecbe56e60c567af5c)
* s4:heimdal: import lorikeet-heimdal-201009250123 (commit ↵Matthieu Patou2010-10-03376-1634/+34086
| | | | | | | | | 42cabfb5b683dbcb97d583c397b897507689e382) I based this on Matthieu's import of lorikeet-heimdal, and then updated it to this commit. Andrew Bartlett
* heimdal: added verbose logging of hemimdal crypto errorsAndrew Bartlett2010-09-301-2/+15
|
* heimdal: fixed timegm UTC/GMT bugAndrew Tridgell2010-09-281-15/+6
| | | | | | | | | | | This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett2010-09-283-1/+35
| | | | | | | If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
* heimdal Fix DNS name qualification to not mangle IP addressesAndrew Bartlett2010-09-291-5/+23
| | | | | | | | | If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett
* heimdal Add an error code for use in the RODCAndrew Bartlett2010-09-291-0/+1
| | | | | | | | | | In this case, the whole request packet should be forwarded to a real KDC, with full secrets, as we don't have the password. This could also be used to implement 'play dead when the LDAP server is down'. Andrew Bartlett
* heimdal Add support for extracting a particular KVNO from the databaseAndrew Bartlett2010-09-292-2/+3
| | | | | | | | | This should allow master key rollover. (but the real reason is to allow multiple krbtgt accounts, as used by Active Directory to implement RODC support) Andrew Bartlett
* heimdal: avoid DNS search domain expansion Andrew Tridgell2010-09-271-1/+16
| | | | | | | | | When you have a domain search list in resolv.conf, and one of the DNS servers for a searched domain is uncontactable then we would timeout resolving DNS names. Avoid this by adding a '.' to the hostname if the hostname already has a '.' in it, which we assume to mean it is fully qualified.
* s4-heimdal: Fix typo in comment.Karolin Seeger2010-06-011-1/+1
| | | | Karolin
* s4:heimdal: remove unused heimdal/lib/hcrypto/evp-cc.cStefan Metzmacher2010-05-111-659/+0
| | | | metze
* s4-heimdal: Fix typo in comment.Karolin Seeger2010-04-131-1/+1
| | | | Karolin
* s4:heimdal Add hooks to check with the DB before we allow s4u2selfAndrew Bartlett2010-04-101-1/+6
| | | | | | | | This allows us to resolve multiple forms of a name, allowing for example machine$@REALM to get an S4U2Self ticket for host/machine@REALM. Andrew Bartlett
* s4-krb5: Fix typos in comment.Karolin Seeger2010-04-091-1/+1
| | | | Karolin
* s4:heimal Update generated files (cp from Heimdal)Andrew Bartlett2010-03-275-477/+459
|
* s4:heimdal: import lorikeet-heimdal-201003262338 (commit ↵Andrew Bartlett2010-03-2729-134/+365
| | | | f4e0dc17709829235f057e0e100d34802d3929ff)
* s4:heimdal New files and supporting logic for heimdal updateAndrew Bartlett2010-03-274-0/+1353
|
* s4:heimdal: import lorikeet-heimdal-201001120029 (commit ↵Andrew Bartlett2010-03-27210-1755/+3816
| | | | a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
* kerberos - set the memory to "0"s before freeing the password to prevent ↵Matthias Dieter Wallnöfer2010-03-161-2/+6
| | | | security issues
* heimdal - remove unused variableMatthias Dieter Wallnöfer2010-03-161-1/+0
|
* heimdal - fix overlapped identifiers in the "krb5" libraryMatthias Dieter Wallnöfer2010-03-163-11/+11
|
* heimdal - free always "ctx->password" when it isn't needed anymoreMatthias Dieter Wallnöfer2010-03-161-1/+3
| | | | | "strdup" does always create a new object in the memory (through "malloc") which needs to be freed if it isn't used anymore.
* s4-heimdal: Fix typos in comment.Karolin Seeger2010-02-151-1/+1
| | | | Karolin
* s4:heimdal: regerenate filesStefan Metzmacher2010-02-089-173/+218
| | | | | | | Andrew using cp like in commit ca12e7bc8ff4a91f2044c0a60550fec902e97a78 is wrong as that removes #include "config.h" and breaks the build on AIX. metze
* heimdal: work around differences between GNU and XSI strerror_r()Andrew Tridgell2009-12-141-2/+10
| | | | | This is a fairly ugly workaround, but then again, strerror_r() is a very ugly mess.
* s4-heimdal: fixed a use-after-free heimdal bugAndrew Tridgell2009-12-081-0/+1
| | | | This caused samba4kinit to segfault on some systems
* krb5: Fix leaked hx509_context pointerKamen Mazdrashki2009-12-081-0/+4
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4:heimdal: import lorikeet-heimdal-200911170333 (commit ↵Andrew Bartlett2009-11-179-25/+8
| | | | | | | | | | b532c294d974cead40a1183c71be644c6ccc2832) This fixes up connections to Windows 2003, because the previous import had a broken arcfour-hmac-md5 implementation (fixed in Heimdal 316fc6ff8ffb0cbb1ef3689685e9977c37405bc4) Andrew Bartlett
* s4:heimdal Import generated files from heimdal treeAndrew Bartlett2009-11-139-827/+1185
| | | | We should be able to rebuild these, but a cp is easier :-)
* s4:heimdal: import lorikeet-heimdal-200911122202 (commit ↵Andrew Bartlett2009-11-1350-484/+936
| | | | 9291fd2d101f3eecec550178634faa94ead3e9a1)
* s4:heimdal: import lorikeet-heimdal-200909210500 (commit ↵Andrew Bartlett2009-11-13132-2079/+3967
| | | | 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
* heimdal - hdb/ext.c - fix a "shadows variable" warningMatthias Dieter Wallnöfer2009-10-211-4/+4
| | | | | Renamed the variable "str" in the nested block to "str2" to prevent the collision with "str" in the main function block.
* s4:heimdal A real fix for bug 6801Andrew Bartlett2009-10-141-3/+3
| | | | | | | The issue was that we would free the entry after the database, not knowing that the entry was a talloc child of the database. Andrew Bartlett
* heimdal - fix various warningsMatthias Dieter Wallnöfer2009-10-036-21/+21
| | | | | | | | | - Shadowed variables - "const" related warnings - Parameter names which shadow function declarations - Non-void functions which have no return value (patch also ported upstream)
* s4:heimdal/gssapi/krb5: set cred_handle in _gsskrb5_import_credStefan Metzmacher2009-09-181-0/+1
| | | | metze
* s4:heimdal: import lorikeet-heimdal-200908052208 (commit ↵Andrew Bartlett2009-08-0631-114/+30
| | | | | | | | | | | | | 370a73a74199a5a55188340906e15fd795f67a74) This removes some of the portability changes made to code under heimdal/ If these are still required, then we will re-add them with code under heimdal_build/ (so that we can simply 'drop in' future heimdal releases). Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200908050050 (commit ↵Andrew Bartlett2009-08-0544-346/+1090
| | | | | | | | | | | 8714779fa7376fd9f7761587639e68b48afc8c9c) This also adds a new hdb-glue.c file, to cope with Heimdal's uncondtional enabling of SQLITE. (Very reasonable, but not required for Samba4's use). Andrew Bartlett
* s4:kerberos Add support for user principal names in certificatesAndrew Bartlett2009-07-281-1/+6
| | | | | | | | | | | | | | This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
* s4:heimdal Extend the 'hdb as a keytab' codeAndrew Bartlett2009-07-271-4/+145
| | | | | | | | | | | | This extends the hdb_keytab code to allow enumeration of all the keys. The plan is to allow ktutil's copy command to copy from Samba4's hdb_samba4 into a file-based keytab used in wireshark. One day, with a few more hacks, we might even make this a loadable module that can be used directly... Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-200907162216 (commit ↵Andrew Bartlett2009-07-175-6/+38
| | | | | | | | | | | d09910d6803aad96b52ee626327ee55b14ea0de8) This includes in particular changes to the KDC to resolve bug 6272, originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We need to sort the AuthorizationData elements to put the PAC first, or else WinXP breaks when browsed from Win2k8. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-04 06:04:40 +0000