summaryrefslogtreecommitdiffstats
path: root/source4/heimdal
Commit message (Collapse)AuthorAgeFilesLines
* s4-heimdal: Allow any kvno to match when searching the keytab.Andrew Bartlett2011-04-161-2/+1
| | | | | | | | Windows does not use a KVNO when it checks it's passwords, and MIT doesn't check the KVNO when no acceptor identity is specified (looping over all keys in the keytab). Andrew Bartlett
* Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2Jelmer Vernooij2011-03-1455-2722/+6907
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
* HEIMDAL:kdc: correctly propagate HDB_ERR_NOT_FOUND_HERE to via ↵Stefan Metzmacher2011-03-041-0/+5
| | | | | | tgs_parse_request() and _kdc_tgs_rep() metze
* s4:heimdal - fix valgrind issue on Fedora 14Milan Crha2011-02-256-148/+148
| | | | | | | | | | This should definitely fix bug #7858. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Feb 25 12:39:21 CET 2011 on sn-devel-104
* Revert "heimdal_build omit #line statments to allow valgrind to work again"Matthias Dieter Wallnöfer2011-02-257-53/+376
| | | | | This reverts commit 80e23c68d83a7c9989f87d5a88a78bb76d222afc. A better patch has been provided by Milan Crha in the following commit.
* heimdal_build omit #line statments to allow valgrind to work againAndrew Bartlett2011-02-257-376/+53
| | | | | | | | | | | | | | The lex/yacc files were generated on Fedora 14, and have empty filenames in #line declarations. I don't know why this is, but it seems best just to omit the #line statements. This is what was causing Valgrind on Fedora not to run on Samba binaries and programs linked to Samba libraries. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Feb 25 11:46:56 CET 2011 on sn-devel-104
* heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as wellAndrew Bartlett2011-02-171-2/+1
| | | | | | | | | | | | | This fixes Win2003 domain logons against Samba4, which need a canonicalised reply, and helpfully do set that flag. Specifically, they need that realm in krbtgt/realm@realm that these both match exactly in the reply. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Feb 17 06:40:53 CET 2011 on sn-devel-104
* s4:heimdal: import lorikeet-heimdal-201101310455 (commit ↵Andrew Bartlett2011-02-0254-185/+192
| | | | aa88eb1a05c4985cc23fb65fc1bad75bdce01c1f)
* heimdal_build: Add version-script for heimdal_base, hx509 and hcrypto. ↵Jelmer Vernooij2010-12-181-0/+244
| | | | Convert hbase and hcrypto to libraries.
* heimdal_build: Add version-script for krb5.Jelmer Vernooij2010-12-171-0/+769
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Fri Dec 17 21:09:25 CET 2010 on sn-devel-104
* heimdal_build: Add version-script for gssapi.Jelmer Vernooij2010-12-171-0/+180
|
* heimdal_build: Add version-script for asn1.Jelmer Vernooij2010-12-171-0/+6
|
* heimdal_build: Add version-script for hdb.Jelmer Vernooij2010-12-171-0/+107
|
* heimdal_build: Add version-script for kdc.Jelmer Vernooij2010-12-171-0/+21
|
* heimdal_build: Add version-script for wind.Jelmer Vernooij2010-12-171-0/+28
|
* heimdal_build: Add version-script for ntlm.Jelmer Vernooij2010-12-171-0/+30
|
* heimdal: Add version script file for hcrypto (unused so far, as hcrypto ↵Jelmer Vernooij2010-12-171-0/+299
| | | | still needs to be made a proper library).
* heimdal_build: Add version-script for roken.Jelmer Vernooij2010-12-171-0/+199
|
* heimdal_build: Add version-script for com_err.Jelmer Vernooij2010-12-172-0/+48
|
* heimdal: unset SLIST_ENTRY only if we are with windowsMatthieu Patou2010-12-111-1/+3
| | | | | | | | | | | | | This is needed because otherwise on some OS like netbsd,openbsd,MacOSX. The preprossessing of ./heimdal/lib/gssapi/mech/cred.h on this plateform is broken because mechqueue.h's definition won't be used as SLIST_HEAD is already defined. The definition occurs when net/if.h is included as it includes sys/queue.h Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Dec 11 00:34:51 CET 2010 on sn-devel-104
* s4:heimdal: import lorikeet-heimdal-201012010201 (commit ↵Andrew Bartlett2010-12-0176-3707/+2651
| | | | 81fe27bcc0148d410ca4617f8759b9df1a5e935c)
* heimdal: fix for w2000 from lhaAndrew Tridgell2010-12-011-2/+14
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Dec 1 00:59:59 CET 2010 on sn-devel-104
* heimdal:base/heimbase.c - remove an unused variableMatthias Dieter Wallnöfer2010-11-291-1/+0
|
* heimdal: added HEIM_BASE_NON_ATOMIC optionAndrew Tridgell2010-11-171-1/+8
| | | | | This allows heimdal to build without gcc, by not using atomic operations. We don't need heimdal to be atomic in Samba.
* s4-heimdal: implement KERB_AP_ERR_TYPE_SKEW_RECOVERYAndrew Tridgell2010-11-171-1/+5
| | | | | | | | | this e_data field in a kerberos error packet tells windows to do clock skew recovery. See [MS-KILE] 2.2.1 KERB-ERROR-DATA Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal Build ticket with the canonical server nameAndrew Bartlett2010-11-161-1/+1
| | | | | | | We need to use the name that the HDB entry returned, otherwise we will not canonicalise the reply as requested. Andrew Bartlett
* heimdal Fetch the client before the PAC check, but after obtaining krbtgt_outAndrew Bartlett2010-11-151-31/+30
| | | | | | | | By checking the client principal here, we compare the realm based on the normalised realm, but do so early enough to validate the PAC (and regenerate it if required). Andrew Bartlett
* s4:heimdal - fix the return code of a non-void functionMatthias Dieter Wallnöfer2010-11-151-0/+2
| | | | | Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Mon Nov 15 23:14:57 UTC 2010 on sn-devel-104
* heimdal Fix handling of backwards cross-realm detection for Samba4Andrew Bartlett2010-11-151-18/+48
| | | | | | | | | | | | | | Samba4 may modify the case of the realm in a returned entry, but will no longer modify the case of the prinicipal components. The easy way to keep this test passing is to consider also what we need to do to get the krbtgt account for the PAC signing - and to use krbtgt/<this>/@REALM component to fetch the real krbtgt, and to use that resutl for realm comparion. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Nov 15 08:47:44 UTC 2010 on sn-devel-104
* heimdal Extra files required for merge up to current heimdalAndrew Bartlett2010-11-1529-0/+6699
|
* heimdal regenate lex and yacc filesAndrew Bartlett2010-11-159-3475/+2672
|
* Add attribute macros for Heimdal to useAndrew Bartlett2010-11-152-0/+477
| | | | | | | | Heimdal uses HEIMDAL_NORETURN_ATTRIBUTE and HEIMDAL_PRINTF_ATTRIBUTE, and we need to provide a link between these and Samba's function attribute handling. Andrew Bartlett
* s4:heimdal: import lorikeet-heimdal-201011102149 (commit ↵Andrew Bartlett2010-11-1547-11222/+1373
| | | | 5734d03c20e104c8f45533d07f2a2cbbd3224f29)
* heimdal Return HDB_ERR_NOT_FOUND_HERE to the callerAndrew Bartlett2010-11-123-11/+34
| | | | | | | | This means that no reply packet should be generated, but that instead the user of the libkdc API should forward the packet to a real KDC, that has a full database. Andrew Bartlett
* heimdal Don't dereference NULL in error verify_checksum error pathAndrew Bartlett2010-11-111-1/+1
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104
* heimdal: fixed a shadowed variable warning for error_messageAndrew Tridgell2010-11-081-23/+23
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal Add clock-skew handling to DCE-style GSSAPIAndrew Bartlett2010-11-081-39/+65
| | | | | | | | | | | The clock skew handling was previously only on properly wrapped GSSAPI, and was skipped for DCE-style. This allows the ASN.1 errors from the krb5_rd_req to suggest parsing as a kerberos error packet. Andrew Bartlett Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 8 07:58:09 UTC 2010 on sn-devel-104
* heimdal Add handling for PAC signatures over all encryption typesAndrew Bartlett2010-11-022-24/+89
| | | | | | | | There are exceptions from the expected behaviour of 'checksum type matches key type' that we must deal with here, or else we can't serve DES-only servers. Andrew Bartlett
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-315-227/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* s4-heimdal: lex_err_message() should not be staticAndrew Tridgell2010-10-301-2/+2
|
* s4-heimdal: fixed the use of error_message() in heimdalAndrew Tridgell2010-10-3012-47/+49
| | | | | | | | the lex code in heimdal had a function error_message() which conflicts with a function from the com_err library. This replaces it with lex_err_message() Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* Add new files for sha512 supportAndrew Bartlett2010-10-031-0/+274
|
* s4:heimdal: import lorikeet-heimdal-201010022046 (commit ↵Andrew Bartlett2010-10-0324-125/+418
| | | | 1bea031b9404b14114b0272ecbe56e60c567af5c)
* s4:heimdal: import lorikeet-heimdal-201009250123 (commit ↵Matthieu Patou2010-10-03382-1687/+34153
| | | | | | | | | 42cabfb5b683dbcb97d583c397b897507689e382) I based this on Matthieu's import of lorikeet-heimdal, and then updated it to this commit. Andrew Bartlett
* heimdal use returned server entry from HDB to compare realmsAndrew Bartlett2010-10-021-1/+1
| | | | | | | | Some hdb modules (samba4) may change the case of the realm in a returned result. Use that to determine if it matches the krbtgt realm also returned from the DB (the DB will return it in the 'right' case) Andrew Bartlett
* heimdal: added verbose logging of hemimdal crypto errorsAndrew Bartlett2010-09-301-2/+15
|
* heimdal: fixed timegm UTC/GMT bugAndrew Tridgell2010-09-281-15/+6
| | | | | | | | | | | This was a wonderful bug! On some Fedora systems, but not on Ubuntu, there is a difference between UTC and GMT. Heimdal replaced timegm() with _der_timegm() which did not account for that difference (which is 24 seconds at the moment). This led to a mutual authentication failure. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal Use a seperate krb5_auth_context for the delegated credentialsAndrew Bartlett2010-09-283-1/+35
| | | | | | | If we re-use this context, we overwrite the timestamp while talking to the KDC and fail the mutual authentiation with the target server. Andrew Bartlett
* heimdal Fix DNS name qualification to not mangle IP addressesAndrew Bartlett2010-09-291-5/+23
| | | | | | | | | If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett
* heimdal Add an error code for use in the RODCAndrew Bartlett2010-09-291-0/+1
| | | | | | | | | | In this case, the whole request packet should be forwarded to a real KDC, with full secrets, as we don't have the password. This could also be used to implement 'play dead when the LDAP server is down'. Andrew Bartlett
generated by cgit (git 2.34.1) at 2024-09-22 12:34:57 +0000