IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
As discussed with jerry at the CIFS conf: overriding the
administrator's wishes from the krb5.conf has only every given me
segfaults. We suggest leaving this up to the defaults from the
libraries anyway.
Andrew Bartlett
(This used to be commit 0b72c04906b1c25e80b217a8f34fd3a8e756b9ca)
x, so we can't get at them even if we wanted to.
Kerberos experts, please take a look to make sure I've done the
right thing!
(This used to be commit 9b8e179fcc1fb877e8601bfd242ee1fd615b554c)
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
This patch is mainly based on the work of Todd Stecher
<tstecher@isilon.com> and has been reviewed by Jeremy.
I sucessfully tested and valgrinded it with MIT 1.4.3, 1.3.5, Heimdal
0.7.2 and 0.6.1rc3.
Guenther
(This used to be commit 535d03cbe8b021e9aa6d74b62d81b867c494c957)
* Fix the build without kerberos headers
* Fix memleak in the krb5_address handling
Guenther
(This used to be commit 10e42117559d4bc6a34e41a94914bf6c65c3477f)
kerberized pam_winbind and workstation restrictions are in effect.
The krb5 AS-REQ needs to add the host netbios-name in the address-list.
We don't get the clear NT_STATUS_INVALID_WORKSTATION code back yet from
the edata of the KRB_ERROR but the login at least fails when the local
machine is not in the workstation list on the DC.
Guenther
(This used to be commit 8b2ba11508e2730aba074d7c095291fac2a62176)
smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
(This used to be commit 37ab42afbc9a79cf5b04ce6a1bf4060e9c961199)
does an implicit open/read/close and blows away an
open keytab handle - so make sure we use a new
handle.
Wonderful analysis from Luke <ldeller@xplantechnology.com>
helped fix this.
Jeremy.
(This used to be commit 9d2f2385ad68cbe11bdfb82b5f2d016626f6e679)
ticket was encrypted using a DES key (and the Windows KDC still puts
CKSUMTYPE_HMAC_MD5_ARCFOUR in the PAC).
In that case, return to old behaviour and ignore the PAC.
Thanks to Chengjie Liu <chengjie.liu@datadomain.com>.
Guenther
(This used to be commit 48d8a9dd9f573d0d913a26a62e4ad3d224731343)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
a directory, the errno returned could end up as ENOENT rather than ENOTDIR.
- Fixes some compiler warnings which showed up on IRIX, as reported by
James Peach.
(This used to be commit 615a62b21f8d2f7f97bde2f166ddd6849d39b95c)
1. using smbc_getxattr() et al, one may now request all access control
entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
provided by smbc_getxattr() et al, when requesting all attributes,
all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
compiler flags are in use. removed -Wcast-qual flag from list, as that
is specifically to force warnings in the case of casting away qualifiers.
Note: In the process of eliminating compiler warnings, a few nasties were
discovered. In the file libads/sasl.c, PRIVATE kerberos interfaces
are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
kerberos interfaces are being used. Someone who knows kerberos
should look at these and determine if there is an alternate method
of accomplishing the task.
(This used to be commit 994694f7f26da5099f071e1381271a70407f33bb)
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.
(This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
heimdal 0.6.1rc3 had a bug causing winbindd to die, heimdal version
0.6.1 and higher have that fixed (thanks to Love from Heimdal).
SuSE has been informed about this possible pitfall, any other vendors
that ship with heimdal-0.6.1rc3 to be notified ?
Guenther
(This used to be commit 6239a5bec99c62032e0cde20679a71622dd7a059)
of this call non-critical.
Thanks to Love for the patch and explaining the inner workings of
heimdal.
Guenther
(This used to be commit 4bd9d8240b571fdd8546af4eea3f4f148987d57c)
using our own implementation of krb5_lookup_kdc with heimdal. Also,
heimdals krb5_krbhst_next() obviously does not retrieve the struct
addrinfo in the krb5_krbhst_info-struct, using
krb5_krbhst_get_addrinfo() instead.
Guenther
(This used to be commit cca660e109cc94b49ac6bf1f2802235d1d4d4383)
This memset could well have clobbered bits of the stack, because
session_key changed from
char session_key[16];
to
DATA_BLOB session_key
Andrew Bartlett
(This used to be commit 54248a405c9459f93f4200ebb0dc71748ae2fc83)
