IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
seen in particular on opi.
This looked like a Heimdal problem, but I think it was simply that we
didn't do a talloc_reference() to keep tabs on the memory we were
using, and in between obtaining the pointer and using it, it was
assigned to unrelated memory.
Andrew Bartlett
to work better against w2k, so we don't get redirected from
1.2.840.113554.1.2.2 to 1.2.840.48018.1.2.2 by a w2k server, causing 2 additional
auth roundtrips.
metze
(or something like that).
In any case, we need to stick with the initiator subkey for now, until
we figure out what Vista uses for the CIFS session key.
Andrew Bartlett
Remove kerberos_verify.c, as we don't need that code any more.
Replace with code for using the new krb5_rd_req_ctx() borrowed from
Heimdal's accecpt_sec_context.c
Andrew Bartlett
Larry told me that most context flags needed to be set to, otherwise
it wouldn't work.
This fixes DCE_STYLE against Win2k3 SP1. It seems they just tightened
up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in
the session setup too (being the wrong layer).
Andrew Bartlett
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
and the maximum amount of user data that may be fitted into that.
This is used in the new SASL code, to correctly honour SASL buffer sizes.
Andrew Bartlett
this isn't supported, fallback to NTLM.
Also, where we get a failure as 'logon failure', try and do a '3
tries' for the password, like we already do for CIFS. (Incomplete:
needs a mapping between RPC errors and the logon failure NTSTATUS).
Because we don't yet support Kerberos sign/seal to win2k3 SP1 for
DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos
isn't demanded.
Andrew Bartlett
