IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This reverts commit c25af51232616061bb08eea86aae595b4f029490 because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.
This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.
Andrew Bartlett
Without this, log messages from any abort are not printed to
the samba logs.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Dec 12 14:34:16 CET 2011 on sn-devel-104
Pair-Programmed-With: Arvid Requate <requate@univention.de>
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 16 02:00:12 CET 2011 on sn-devel-104
This handles referrals for SPNs of the form
E3514235-4B06-11D1-AB04-00C04FC2DCD2/NTDSGUID/REALM, which are
used during DRS replication when we don't know the dnsHostName of the
target DC (which we don't know until the first replication from that
DC completes).
We use the 3rd part of the SPN directly as the realm name in the
referral.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
commit "heimdal Add support for extracting a particular KVNO from the database"
(f469fc6d4922d796f5c61bf43e3efc018e37b680 in heimdal/master
and 9b5e304ccedc8f0f7ce2342e4d9c621417dd1c1e in samba/master)
changed the windc_plugin interface, so we need to change the
version number.
metze
This way we can compare the already canonicalized principals,
while still passing the client specified target principal down
to the backend specific constrained_delegation() hook.
metze
Windows does not use a KVNO when it checks it's passwords, and MIT
doesn't check the KVNO when no acceptor identity is specified (looping
over all keys in the keytab).
Andrew Bartlett
This should definitely fix bug #7858.
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Feb 25 12:39:21 CET 2011 on sn-devel-104
The lex/yacc files were generated on Fedora 14, and have empty
filenames in #line declarations. I don't know why this is, but it
seems best just to omit the #line statements.
This is what was causing Valgrind on Fedora not to run on Samba
binaries and programs linked to Samba libraries.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Feb 25 11:46:56 CET 2011 on sn-devel-104
This fixes Win2003 domain logons against Samba4, which need a
canonicalised reply, and helpfully do set that flag.
Specifically, they need that realm in krbtgt/realm@realm that these
both match exactly in the reply.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Feb 17 06:40:53 CET 2011 on sn-devel-104
This is needed because otherwise on some OS like netbsd,openbsd,MacOSX.
The preprossessing of ./heimdal/lib/gssapi/mech/cred.h on this plateform
is broken because mechqueue.h's definition won't be used as SLIST_HEAD
is already defined.
The definition occurs when net/if.h is included as it includes
sys/queue.h
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Dec 11 00:34:51 CET 2010 on sn-devel-104
this e_data field in a kerberos error packet tells windows to do clock
skew recovery.
See [MS-KILE] 2.2.1 KERB-ERROR-DATA
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
