summaryrefslogtreecommitdiffstats
path: root/source4/heimdal
Commit message (Collapse)AuthorAgeFilesLines
* heimdal: Use krb5_free_default_realm() for free()Santosh Kumar Pradhan2014-02-211-3/+3
| | | | | | | | | | The resource allocated by krb5_default_default_realm() should be free()'d by krb5_free_default_realm() instead of plain free() for better readability. Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* heimdal: Fix a format error on FreeBSD10Volker Lendecke2014-01-241-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* heimdal: Fix CID 745516 Use after freeVolker Lendecke2013-11-141-1/+3
| | | | | | | | | | | If the loop is exited normally, i.e. we did not find anything proper within DH_NUM_TRIES, we try to BN_free a second time. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Nov 14 19:17:06 CET 2013 on sn-devel-104
* heimdal: Fix CID 240779 Allocation size mismatchVolker Lendecke2013-11-131-2/+2
| | | | | | | | | | | | | The error Coverity complains about is in the malloc. krb5_enctypes is an enum, so it is usually smaller than the size of a pointer. So we overallocate, but in the memcpy further down we copy from potentially invalid memory. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Nov 13 11:05:44 CET 2013 on sn-devel-104
* heimdal: Fix CID 241943 Uninitialized pointer readVolker Lendecke2013-11-131-1/+2
| | | | | | | | In the error case without EXTRA_ADDRESSES we access ignore_addresses without initialization Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* heimdal: Fix 241482 Resource leakVolker Lendecke2013-11-111-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* heimdal: fixed -Werror=format error in com_errAndrew Tridgell2012-08-021-1/+1
| | | | | | | This needs to be merged upstream Autobuild-User(master): Andrew Tridgell <tridge@samba.org> Autobuild-Date(master): Thu Aug 2 08:59:24 CEST 2012 on sn-devel-104
* s4/heimdal: fix make-proto.pl with perl 5.16Björn Jacke2012-07-041-3/+2
| | | | | | | Thanks to Torsten Kurbad. This fixes #9025. Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Wed Jul 4 13:51:07 CEST 2012 on sn-devel-104
* heimdal:lib/wind: include <stdlib.h> at the endStefan Metzmacher2012-06-173-3/+3
| | | | | | | | | | | This makes sure config.h gets includes first. This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Jun 17 16:16:24 CEST 2012 on sn-devel-104
* heimdal:lib/wind: make sure errorlist_table.c includes config.h as first headerStefan Metzmacher2012-06-161-1/+1
| | | | | | | | | This should fix the build on AIX. metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jun 16 23:59:07 CEST 2012 on sn-devel-104
* heimdal:lib/krb5: don't name a struct 'token'Stefan Metzmacher2012-06-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | This is a static const struct and the name is never used, so just make it an anonymous struct. This hopefully fixes the build on AIX: "../source4/heimdal/lib/roken/roken-common.h", line 276.9: 1506-236 (W) Macro name __attribute__ has been redefined. "../source4/heimdal/lib/roken/roken-common.h", line 276.9: 1506-358 (I) "__attribute__" is defined on line 45 of ../source4/heimdal/lib/com_err/com_err.h. "../source4/heimdal/lib/krb5/expand_path.c", line 331.21: 1506-334 (S) Identifier token has already been defined on line 98 of "/usr/include/net/if_arp.h". "../source4/heimdal/lib/krb5/expand_path.c", line 390.43: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 391.31: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 392.20: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 392.48: 1506-019 (S) Expecting an array or a pointer to object type. "../source4/heimdal/lib/krb5/expand_path.c", line 393.39: 1506-019 (S) Expecting an array or a pointer to object type. Waf: Leaving directory `/opt/home/build/build_farm/samba_4_0_test/bin' Build failed: -> task failed (err #1): {task: cc expand_path.c -> expand_path_52.o} gmake: *** [all] Error 1 metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jun 16 15:20:59 CEST 2012 on sn-devel-104
* heimdal:lib/hdb: <config.h> needs to be the first headerStefan Metzmacher2012-06-151-2/+2
| | | | | | This should fix build problems on AIX. metze
* s4:heimdal: fix use of a non-existent word (existant)Michael Adam2012-06-121-1/+1
|
* heimdal:lib/asn1: try to fix the build on IRIXStefan Metzmacher2012-06-101-2/+6
| | | | | | | | | | | cc-1028 cc: ERROR File = ../source4/heimdal/lib/asn1/gen_template.c, Line = 548 The expression used must have a constant value. struct templatehead template = { 0L, &(template). tqh_first }; ^ If this really fixes the IRIX build, we'll propose this for heimdal upstream. metze
* heimdal: Fix the build on FreeBSDVolker Lendecke2012-03-011-1/+1
| | | | We don't have BACKTRACE_SYMBOLS by default
* s4-heimdal: Remove the execute flag of cfx.c.Andreas Schneider2012-02-231-0/+0
| | | | | The scripts which are extracting debuginfo are looking for files with the executable bit and find cfx.c which isn't a executable.
* heimdal: Re-run lexyacc.sh to remove #line statementsAndrew Bartlett2012-02-107-327/+0
|
* heimdal: Re-run lexyacc.shAndrew Bartlett2012-02-1010-6378/+2423
|
* Revert "make paranoia check less paranoid" - check that key types strictly matchAndrew Bartlett2012-01-121-1/+1
| | | | | | | | | | | This reverts commit c25af51232616061bb08eea86aae595b4f029490 because otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
* make hmac-md5 the keyed checksum type for arcfour-hmac-md5Andrew Bartlett2012-01-121-1/+1
|
* use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3Andrew Bartlett2012-01-121-0/+8
| | | | | | | This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett
* heimdal: remove checking of KDC PAC signature, delegate to wdc pluginAndrew Bartlett2012-01-121-12/+2
| | | | | | | | | | | | The checking of the KDC signature is more complex than it looks, it may be of a different enc type to that which the ticket is encrypted with, and may even be prefixed with the RODC number. This is better handled in the plugin which can easily look up the DB for the correct key to verify this with, and can also quickly determine if this is an interdomain trust, which we cannot verify the PAC for. Andrew Bartlett
* HEIMDAL: Supply krb5_context to _krb5_internal_hmac to allow loggingAndrew Bartlett2011-12-121-6/+6
| | | | | | | | | | Without this, log messages from any abort are not printed to the samba logs. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Dec 12 14:34:16 CET 2011 on sn-devel-104
* HEIMDAL:lib/krb5: add utf8 support to build_logon_name() for the PACStefan Metzmacher2011-11-161-18/+49
| | | | | | | | | Pair-Programmed-With: Arvid Requate <requate@univention.de> metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Nov 16 02:00:12 CET 2011 on sn-devel-104
* HEIMDAL:lib/wind: export wind_ucs2write()Stefan Metzmacher2011-11-161-0/+1
| | | | | | Pair-Programmed-With: Arvid Requate <requate@univention.de> metze
* HEIMDAL:lib/winbd: fix wind_ucs2write with WIND_RW_LEStefan Metzmacher2011-11-161-4/+4
| | | | | | Pair-Programmed-With: Arvid Requate <requate@univention.de> metze
* HEIMDAL:lib/wind: fix wind_ucs4utf8() and wind_ucs2utf8()Stefan Metzmacher2011-11-161-5/+5
| | | | | | Pair-Programmed-With: Arvid Requate <requate@univention.de> metze
* heimdal: handle referrals for 3 part DRSUAPI SPNsAndrew Tridgell2011-10-041-1/+18
| | | | | | | | | | | | | This handles referrals for SPNs of the form E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are used during DRS replication when we don't know the dnsHostName of the target DC (which we don't know until the first replication from that DC completes). We use the 3rd part of the SPN directly as the realm name in the referral. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* heimdal: Try to handle the PAC checking when we are in a cross-realm environmentAndrew Bartlett2011-09-051-1/+10
|
* s4:heimdal: import lorikeet-heimdal-201107241840 (commit ↵Stefan Metzmacher2011-07-2642-115/+555
| | | | 0fdf11fa3cdb47df9f5393ebf36d9f5742243036)
* s4:heimdal: build samba4kgetcredStefan Metzmacher2011-07-241-0/+235
| | | | metze
* s4:heimdal: add missing filesStefan Metzmacher2011-07-155-0/+638
| | | | metze
* s4:heimdal: import lorikeet-heimdal-201107150856 (commit ↵Stefan Metzmacher2011-07-15312-2505/+3559
| | | | 48936803fae4a2fb362c79365d31f420c917b85b)
* s4:kdc: generate the S4U_DELEGATION_INFO in the regenerated pacStefan Metzmacher2011-06-281-4/+2
| | | | metze
* HEIMDAL:kdc: pass down the delegated_proxy_principal to the verify_pac()Stefan Metzmacher2011-06-283-20/+41
| | | | | | | | function This is needed in order to add the S4U_DELEGATION_INFO to the pac. metze
* HEIMDAL:kdc/windc_plugin.h: KRB5_WINDC_PLUGIN_MINOR 4 => 5Stefan Metzmacher2011-06-281-2/+2
| | | | | | | | | | commit "heimdal Add support for extracting a particular KVNO from the database" (f469fc6d4922d796f5c61bf43e3efc018e37b680 in heimdal/master and 9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e in samba/master) changed the windc_plugin interface, so we need to change the version number. metze
* HEIMDAL:kdc: don't allow self delegation if a backend ↵Stefan Metzmacher2011-06-241-4/+4
| | | | | | | | | | | check_constrained_delegation() hook is given A service should use S4U2Self instead of S4U2Proxy. Windows servers allow S4U2Proxy only to explicitly configured target principals. metze
* HEIMDAL:kdc: pass down the server hdb_entry_ex to check_constrained_delegation()Stefan Metzmacher2011-06-241-5/+19
| | | | | | | | This way we can compare the already canonicalized principals, while still passing the client specified target principal down to the backend specific constrained_delegation() hook. metze
* HEIMDAL:kdc: use the correct client realm in the EncTicketPartStefan Metzmacher2011-06-241-1/+1
| | | | | | With S4U2Proxy tgt->crealm might be different from tgt_name->realm. metze
* heimdal: Remove getprogname and setprogname from the heimdal importAndrew Bartlett2011-05-312-139/+0
|
* HEIMDAL:kdc: check and regenerate the PAC in the s4u2proxy caseStefan Metzmacher2011-05-181-13/+38
| | | | | | TODO: we need to add a S4U_DELEGATION_INFO to the PAC later. metze
* HEIMDAL:kdc: pass the correct principal name for the resulting service ticketStefan Metzmacher2011-05-181-38/+36
| | | | | | | Depending on S4U2Proxy the principal name for the resulting ticket is not the principal of the client ticket. metze
* HEIMDAL:kdc: let check_PAC() to verify the incoming server and krbtgt cheksumsStefan Metzmacher2011-05-181-4/+7
| | | | | | | | For a normal TGS-REQ they're both signed with krbtgt key. But for S4U2Proxy requests which ask for contrained delegation, the keys differ. metze
* s4-heimdal: Allow any kvno to match when searching the keytab.Andrew Bartlett2011-04-161-2/+1
| | | | | | | | Windows does not use a KVNO when it checks it's passwords, and MIT doesn't check the KVNO when no acceptor identity is specified (looping over all keys in the keytab). Andrew Bartlett
* Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2Jelmer Vernooij2011-03-1455-2722/+6907
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
* HEIMDAL:kdc: correctly propagate HDB_ERR_NOT_FOUND_HERE to via ↵Stefan Metzmacher2011-03-041-0/+5
| | | | | | tgs_parse_request() and _kdc_tgs_rep() metze
* s4:heimdal - fix valgrind issue on Fedora 14Milan Crha2011-02-256-148/+148
| | | | | | | | | | This should definitely fix bug #7858. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Feb 25 12:39:21 CET 2011 on sn-devel-104
* Revert "heimdal_build omit #line statments to allow valgrind to work again"Matthias Dieter Wallnöfer2011-02-257-53/+376
| | | | | This reverts commit 80e23c68d83a7c9989f87d5a88a78bb76d222afc. A better patch has been provided by Milan Crha in the following commit.
* heimdal_build omit #line statments to allow valgrind to work againAndrew Bartlett2011-02-257-376/+53
| | | | | | | | | | | | | | The lex/yacc files were generated on Fedora 14, and have empty filenames in #line declarations. I don't know why this is, but it seems best just to omit the #line statements. This is what was causing Valgrind on Fedora not to run on Samba binaries and programs linked to Samba libraries. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Feb 25 11:46:56 CET 2011 on sn-devel-104
* heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as wellAndrew Bartlett2011-02-171-2/+1
| | | | | | | | | | | | | This fixes Win2003 domain logons against Samba4, which need a canonicalised reply, and helpfully do set that flag. Specifically, they need that realm in krbtgt/realm@realm that these both match exactly in the reply. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Feb 17 06:40:53 CET 2011 on sn-devel-104