sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code
24,081 Commits 60 Branches 1,145 Tags 452 MiB
5dbc4a23bc
Commit Graph

716 Commits

Author SHA1 Message Date
Stefan Metzmacher
31dc9126c1 r24072: Add "client ldap sasl wrapping" parameter. 
Possible values are "plain" (default), "sign" or "seal".

metze
(This used to be commit 26ccbad721)
 2007-10-10 12:29:02 -05:00
Günther Deschner
3ec8b1702c r24066: Fix memleak found by Volker. We don't leak keys now with MIT and Heimdal. 
Guenther
(This used to be commit 7755ad750f)
 2007-10-10 12:29:01 -05:00
Volker Lendecke
bf27a77c05 r24065: According to gd, this breaks heimdal. Thanks for checking! 
(This used to be commit ea5f53eac8)
 2007-10-10 12:29:01 -05:00
Stefan Metzmacher
b4f6db40ab r24062: fix logic for broken krb5 libs which always force 
sign and seal...

metze
(This used to be commit 4a4fc8cccb)
 2007-10-10 12:29:00 -05:00
Volker Lendecke
d44063715a r24058: Fix some memory leaks in ads_secrets_verify_ticket. 
Jeremy, Günther, please review!

Thanks,

Volker
(This used to be commit 000e096c27)
 2007-10-10 12:29:00 -05:00
Stefan Metzmacher
75ae998b99 r24042: add support for krb5 sign and seal in LDAP via "GSS-SPNEGO" 
metze
(This used to be commit 34ab84aceb)
 2007-10-10 12:28:59 -05:00
Stefan Metzmacher
6b5c55b0f0 r24037: only setup sasl wrapping after a successful bind 
metze
(This used to be commit 85d6cd3dfb)
 2007-10-10 12:28:58 -05:00
Günther Deschner
2349acdd43 r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, renew, 
pac).

Guenther
(This used to be commit 4cada7c148)
 2007-10-10 12:28:51 -05:00
Günther Deschner
f659ffc0ee r23970: Allow to set the debuglevel at which to dump the PAC logon info. 
Guenther
(This used to be commit 7d321aad83)
 2007-10-10 12:28:50 -05:00
Günther Deschner
fce64f6833 r23969: Some helper routines to retrieve a PAC and PAC elements. 
Guenther
(This used to be commit d4c87c792a)
 2007-10-10 12:28:50 -05:00
Volker Lendecke
f5033a1e62 r23953: Some C++ warnings 
(This used to be commit 8716edf157)
 2007-10-10 12:28:49 -05:00
Günther Deschner
e6875b1b45 r23951: Fix segfault. 
Guenther
(This used to be commit 1a5c8780ae)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
14e81b3009 r23948: add gsskrb5 sign and seal support for LDAP connections 
NOTE: only for the "GSSAPI" SASL mech yet

metze
(This used to be commit a079b66384)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
ea3c3b9272 r23946: add support for NTLMSSP sign and seal 
NOTE: windows servers are broken with sign only...

metze
(This used to be commit 408bb2e6e2)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
07c034f7c4 r23945: add infrastructure to select plain, sign or seal LDAP connection 
metze
(This used to be commit 2075c05b3d)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
e0c4034393 r23943: - always provide ads_setup_sasl_wrapping() function 
- read/write returning 0 means EOF and we need to return direct

metze
(This used to be commit 885d557ae7)
 2007-10-10 12:28:48 -05:00
Günther Deschner
9e0c550922 r23937: Use ads_config_path() when we need to know the configration context. 
Guenther
(This used to be commit 1a62c731c6)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
00b27d2d69 r23933: - implement ctrl SASL wrapping hook 
- pass down sign or seal hooks
- some sasl wrapping fixes

metze
(This used to be commit 8c64ca3394)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
307e51ed14 r23926: implement output buffer handling for the SASL write wrapper 
metze
(This used to be commit 65ce6fa21a)
 2007-10-10 12:28:45 -05:00
Stefan Metzmacher
7bef162aeb r23922: implement input buffer handling for the SASL read wrapper 
metze
(This used to be commit 7d8518ebd9)
 2007-10-10 12:28:42 -05:00
Stefan Metzmacher
8cd89a20ce r23918: not all ldap libraries support debugging 
metze
(This used to be commit 3f68189c9a)
 2007-10-10 12:28:41 -05:00
Stefan Metzmacher
d48dbc8bad r23916: use the correct io operations for debugging 
metze
(This used to be commit d745a1a719)
 2007-10-10 12:28:41 -05:00
Stefan Metzmacher
77619f37a0 r23898: rename HAVE_ADS_SASL_WRAPPING -> HAVE_LDAP_SASL_WRAPPING 
metze
(This used to be commit 873eaff8fe)
 2007-10-10 12:28:39 -05:00
Stefan Metzmacher
57dd25cccb r23893: add dummy callbacks for LDAP SASL wrapping, 
they're not used yet...

metze
(This used to be commit a3b97cdce7)
 2007-10-10 12:28:39 -05:00
Stefan Metzmacher
809c9d4d31 r23888: move elements belonging to the current ldap connection to a 
substructure.

metze
(This used to be commit 00909194a6)
 2007-10-10 12:28:38 -05:00
Stefan Metzmacher
2fc53c947b r23886: add ads_disconnect() function 
metze
(This used to be commit ba70737b70)
 2007-10-10 12:28:38 -05:00
Günther Deschner
28041b6064 r23869: Protect against partial security descriptors. 
Guenther
(This used to be commit 0a96a11f01)
 2007-10-10 12:28:36 -05:00
Günther Deschner
ed0ffc5cef r23861: Fix return code in ads_find_samaccount(). 
Guenther
(This used to be commit 684fcf39dc)
 2007-10-10 12:28:35 -05:00
Günther Deschner
8d786a4e2b r23842: Attempt to fix the build with LDAP. 
Guenther
(This used to be commit efd817ae11)
 2007-10-10 12:28:33 -05:00
Günther Deschner
34d091f1c6 r23839: Try to get the attribute name from schema GUIDs or the display name from 
extended rights GUID from ad while dumping the security descriptors's aces.

This would perform much better with a guid cache, but for the rare cases where
it is used

	net ads search cn=mymachine ntSecurityDescriptor -U user%pass

it should be ok for now.

Guenther
(This used to be commit b36913433e)
 2007-10-10 12:28:33 -05:00
Günther Deschner
b62ade20d0 r23838: Allow to store schema and config path in ADS_STRUCT config. 
Guenther
(This used to be commit 1d5b08326f)
 2007-10-10 12:28:33 -05:00
Günther Deschner
9d6f8ed5e7 r23837: Pass ADS_STRUCT and TALLOC_CTX down to ads_disp_sd. 
Guenther
(This used to be commit ad0a6d5703)
 2007-10-10 12:28:32 -05:00
Günther Deschner
f05dcab9bf r23836: Add ads_config_path() and ads_get_extended_right_name_by_guid(). 
Guenther
(This used to be commit 4d62f1191b)
 2007-10-10 12:28:32 -05:00
Günther Deschner
fd8dc4b561 r23835: Pass down a struct GUID to ads_get_attrname_by_guid() directly. 
Guenther
(This used to be commit a4d5206d0b)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c252b04abf r23834: Allow to pass an ADS_STRUCT pointer down to the dump function callback in 
libads.

Guenther
(This used to be commit 311bbbafa6)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c8e23e4091 r23833: Document ads_find_samaccount(). 
Guenther
(This used to be commit 3effd1c346)
 2007-10-10 12:28:31 -05:00
Günther Deschner
e7705f9eb9 r23829: Add ads_get_attrname_by_guid(). 
Guenther
(This used to be commit a84fd83006)
 2007-10-10 12:28:31 -05:00
Günther Deschner
1c957f9559 r23826: Fix gpo security filtering by matching the security descriptor ace's for the 
extended apply group policy right.

Guenther
(This used to be commit d832014a6f)
 2007-10-10 12:28:31 -05:00
Günther Deschner
6d0141c17e r23820: Display security_ace_object in LDAP security descriptors for debugging. 
Guenther
(This used to be commit 3925e85812)
 2007-10-10 12:28:30 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address. 
(This used to be commit 87c91e4362)
 2007-10-10 12:28:27 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text 
(This used to be commit b0132e94fc)
 2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later. 
Jeremy.
(This used to be commit 407e6e695b)
 2007-10-10 12:28:20 -05:00
Günther Deschner
221d06d6f3 r23772: Add ads_find_samaccount() helper function. 
Guenther
(This used to be commit 6fafa64bea)
 2007-10-10 12:23:55 -05:00
Günther Deschner
8ead92f06d r23654: Remove misleading inline comment. 
Guenther
(This used to be commit a3441c22b3)
 2007-10-10 12:23:42 -05:00
Günther Deschner
110e420196 r23651: Always, always, always compile before commit... 
Guenther
(This used to be commit accb40446a)
 2007-10-10 12:23:41 -05:00
Günther Deschner
3b1956f9d2 r23650: Fix remaining callers of krb5_kt_default(). 
Guenther
(This used to be commit b9d7a2962a)
 2007-10-10 12:23:41 -05:00
Günther Deschner
a248672932 r23649: Fix the build (by moving smb_krb5_open_keytab() to clikrb5.c). 
Guenther
(This used to be commit 19020d19dc)
 2007-10-10 12:23:41 -05:00
Günther Deschner
a2618aa8d5 r23648: Allow to list a custom krb5 keytab file with: 
net ads keytab list /path/to/krb5.keytab

Guenther
(This used to be commit a2befee3f2)
 2007-10-10 12:23:41 -05:00
Günther Deschner
6fff735da0 r23647: Use smb_krb5_open_keytab() in smbd as well. 
Guenther
(This used to be commit d22c0d291e)
 2007-10-10 12:23:41 -05:00
Günther Deschner
df63172ad9 r23646: Generalize our internal keytab handling to support a broader range of default 
keytabnames (like "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab"). This also
fixes keytab support with Heimdal (which supports the WRFILE pragma as well
now).

Guenther
(This used to be commit 7ca002f4cc)
 2007-10-10 12:23:40 -05:00
Günther Deschner
47bd42ab1c r23607: Add legacy support for Services for Unix (SFU) 2.0. 
Guenther
(This used to be commit 11b390309b)
 2007-10-10 12:23:35 -05:00
Jeremy Allison
5a80fa5c0c r23514: Remove unused function ads_get_dn_from_extended_dn(). 
Jeremy.
(This used to be commit 03763bc528)
 2007-10-10 12:23:24 -05:00
Gerald Carter
b4a39dc10e r23477: Build farm fix: Use int rather than MIT's krb5_int32 when setting context flags. 
(This used to be commit 903145e957)
 2007-10-10 12:23:19 -05:00
Gerald Carter
4caefdf348 r23474: Here's a small patch that disables the libkrb5.so replay cache 
when verifying a ticket from winbindd_pam.c.

I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.

There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator.  Checked against MIT 1.5.1.  Have not
researched how Heimdal does it.

My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f7)
 2007-10-10 12:23:19 -05:00
Gerald Carter
3272b1dd60 r23251: whoops! Fix compile error 
(This used to be commit 22a3ea40ac)
 2007-10-10 12:22:59 -05:00
Jeremy Allison
ad5ff1b809 r23147: Patch #4566 from jacob berkman <jberkman@novell.com>. Pass password data to krb5_prompter. 
Jeremy.
(This used to be commit 232fc5d69d)
 2007-10-10 12:22:48 -05:00
Jeremy Allison
71ee55f98d r23080: Fix bug #4637 - we hads missed some cases where 
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6f)
 2007-10-10 12:22:43 -05:00
Michael Adam
2753d30cbe r22893: Use ldap_rename_s instead of deprecated ldap_rename2_s. 
This fixes the build on solaris (host sun9).
And hopefully doesn't break any other builds... :-)
If it does, we need some configure magic.

Thanks to Björn Jacke <bj@sernet.de>.
(This used to be commit a43775ab36)
 2007-10-10 12:22:05 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and 
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687e)
 2007-10-10 12:22:01 -05:00
Günther Deschner
83564b43e3 r22800: Add GPO_SID_TOKEN and an LDAP function to get tokensids from the tokenGroup attribute. 
Guenther
(This used to be commit e4e8f84060)
 2007-10-10 12:21:59 -05:00
Günther Deschner
75a0171857 r22799: Fix the build. 
Guenther
(This used to be commit 6e911c442b)
 2007-10-10 12:21:59 -05:00
Günther Deschner
46c5da2fd6 r22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT 
ACEs).

Guenther
(This used to be commit e138cbc876)
 2007-10-10 12:21:58 -05:00
Günther Deschner
9c170fce26 r22797: We are only interested in the DACL of the security descriptor, so search with 
the SD_FLAGS control.

Guenther
(This used to be commit 648df57e53)
 2007-10-10 12:21:57 -05:00
Gerald Carter
3eca3af1bc r22728: Patch from Danilo Almeida <dalmeida@centeris.com>: 
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit 3004cc6e59)
 2007-10-10 12:21:51 -05:00
Gerald Carter
89fd4444af r22714: Prevent DNS lookup storms when the DNS servers are unreachable. 
Helps when transitioning from offline to online mode.

Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).
(This used to be commit 4f05c6fe26)
 2007-10-10 12:21:49 -05:00
Gerald Carter
8ff276fcb0 r22701: Fix the krb5_nt_status error table and add the "no DCs found" mapping 
(This used to be commit 2ab617fbbf)
 2007-10-10 12:21:47 -05:00
Günther Deschner
e468268335 r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and make 
winbindd's kerberized pam_auth use that.

Guenther
(This used to be commit 0f436eab5b)
 2007-10-10 12:19:54 -05:00
Günther Deschner
116c1532e7 r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS 
codes directly out of the krb5_error edata.

Guenther
(This used to be commit dcd902f24a)
 2007-10-10 12:19:53 -05:00
Günther Deschner
6288491e90 r22663: Restructure kerberos_kinit_password_ext() error path. 
Guenther
(This used to be commit 997ded4e3f)
 2007-10-10 12:19:53 -05:00
Jeremy Allison
56a5d05b8b r22590: Make TALLOC_ARRAY consistent across all uses. 
That should be it....
Jeremy.
(This used to be commit 603233a98b)
 2007-10-10 12:19:49 -05:00
Jeremy Allison
be8b0685a5 r22589: Make TALLOC_ARRAY consistent across all uses. 
Jeremy.
(This used to be commit 8968808c3b)
 2007-10-10 12:19:49 -05:00
Günther Deschner
1ee9650a1d r22479: Add "net ads keytab list". 
Guenther
(This used to be commit 9ec76c5427)
 2007-10-10 12:19:37 -05:00
Günther Deschner
56f6336fd4 r22460: Adding a generic ads_ranged_search() function. 
Guenther
(This used to be commit b8828ea251)
 2007-10-10 12:19:35 -05:00
Günther Deschner
8040fec0ac r22459: Adding ads_get_dn_from_extended_dn(), in preparation of making ranged LDAP 
queries more generic. Michael, feel free to overwrite these and the following.

Guenther
(This used to be commit 0475b8eea9)
 2007-10-10 12:19:35 -05:00
Stefan Metzmacher
78c57f59ac r22153: fix LDAP SASL "GSSAPI" bind against w2k3, this isn't critical 
because we try "GSS-SPNEGO" first and all windows version support
that.

metze
(This used to be commit 34a5badbde)
 2007-10-10 12:19:17 -05:00
Jeremy Allison
725fcf3461 r22112: Fix memleak pointed out by Steven Danneman <steven.danneman@isilon.com>. 
Jeremy.
(This used to be commit 7c45bd3a47)
 2007-10-10 12:19:14 -05:00
Stefan Metzmacher
eceb926df9 r22092: - make spnego_parse_auth_response() more generic and 
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
  if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
  force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE

metze
(This used to be commit e9f2aa22f9)
 2007-10-10 12:19:10 -05:00
Jeremy Allison
4899c6b806 r22079: Tsk, tsk, Metze didn't compile before check-in :-). 
Merge the memory leak fix (with fix :-) to 3.0.25.
Jeremy.
(This used to be commit ab3150fe4e)
 2007-10-10 12:19:09 -05:00
Stefan Metzmacher
98c300ab90 r22078: fix memory leak in not often used code, we only use it if the server 
doesn't support GSS-SPNEGO in SASL

can someone please review this, maybe it's also for 3.0.25

metze
(This used to be commit 8c6930b701)
 2007-10-10 12:19:09 -05:00
Jeremy Allison
9d34ee1c8b r21968: Don't use gss-types in proto headers. 
Jeremy.
(This used to be commit 829580414d)
 2007-10-10 12:18:53 -05:00
Jeremy Allison
3adeddcc4a r21967: Add conversion from gss errors to nt status. 
Jeremy
(This used to be commit 8ba138efd0)
 2007-10-10 12:18:53 -05:00
Jeremy Allison
8c395be5e5 r21922: Fixed the build by rather horrid means. I really need 
to restructure libsmb/smb_signing.c so it isn't in
the base libs path but lives in libsmb instead (like
smb_seal.c does).
Jeremy.
(This used to be commit 1b828f051d)
 2007-10-10 12:18:49 -05:00
Jeremy Allison
42b2ddec8f r21863: Fix debug messages with incorrect function name. 
Jeremy.
(This used to be commit d432d81c83)
 2007-10-10 12:18:39 -05:00
Günther Deschner
b067d986b4 r21855: Fix a memleak in the krb5 locator and comment out gfree_all() which doesn't 
make sense as long as it doesn't work as an lp_unload().

Guenther
(This used to be commit 128ea9bebb)
 2007-10-10 12:18:38 -05:00
Jeremy Allison
b74cb6740f r21850: After Jerry explained to me the HORRIBLE way in which 
the MIT gss libraries *SUCK*, move the frees to the end
of the function so MIT doesn't segfault.....
Add a comment so that another engineer knows why I did
this.
Jeremy.
(This used to be commit 1a2be06d4a)
 2007-10-10 12:18:38 -05:00
Jeremy Allison
7d77dd9db6 r21847: Fix memory leaks in error paths (and in main code path in one case...) 
in sasl bind. Wonder why coverity didn't find these ?
Jeremy.
(This used to be commit 89bdd30e4b)
 2007-10-10 12:18:37 -05:00
Jeremy Allison
edccfc9192 r21845: Refactor the sessionsetupX code a little to allow us 
to return a NT_STATUS_TIME_DIFFERENCE_AT_DC error to
a client when there's clock skew. Will help people
debug this. Prepare us for being able to return the
correct sessionsetupX "NT_STATUS_MORE_PROCESSING_REQUIRED"
error with associated krb5 clock skew error to allow
clients to re-sync time with us when we're eventually
able to be a KDC.
Jeremy.
(This used to be commit c426340fc7)
 2007-10-10 12:18:37 -05:00
Volker Lendecke
f56da0890f r21831: Back out r21823 for a while, this is going into a bzr tree first. 
Volker
(This used to be commit fd0ee6722d)
 2007-10-10 12:18:37 -05:00
Volker Lendecke
aa6055debd r21823: Let secrets_store_machine_password() also store the account name. Not used 
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.

Volker
(This used to be commit f94e5af72e)
 2007-10-10 12:18:36 -05:00
Günther Deschner
0e702698f9 r21822: Adding experimental krb5 lib locator plugin. 
This is a starting point and may get changed. Basically we need follow the
exact same path to detect (K)DCs like other Samba tools/winbind do. In
particular with regard to the server affinity cache and the site-awarness for
DNS SRV lookups.

To compile just call "make bin/smb_krb5_locator.so", copy to
/usr/lib/plugin/krb5/ (Heimdal HEAD) or /usr/lib/krb5/plugins/libkrb5/ (MIT)
and you should immediately be able to kinit to your AD domain without having
your REALM with kdc or kpasswd directives defined in /etc/krb5.conf at all.

Tested with todays Heimdal HEAD and MIT krb5 1.5.

Guenther
(This used to be commit 34ae610bd5)
 2007-10-10 12:18:36 -05:00
James Peach
98e58694ee r21779: I missd a call to krb5_get_init_creds_opt_alloc in r21778. 
(This used to be commit 4f6c2826aa)
 2007-10-10 12:18:32 -05:00
James Peach
3adeb42742 r21778: Wrap calls to krb5_get_init_creds_opt_free to handle the different 
calling convention in the latest MIT changes.  Apparantly Heimdal
is also changing to this calling convention.
(This used to be commit c29c69d2df)
 2007-10-10 12:18:32 -05:00
Jeremy Allison
aab1dd4ddb r21755: Memory leak fixes from Zack Kirsch <zack.kirsch@isilon.com>. 
Jeremy.
(This used to be commit 02d08ca0be)
 2007-10-10 12:18:28 -05:00
Jeremy Allison
fae01b4899 r21608: Fix a couple of memleaks in error code paths before 
Coverity finds them :-)
Jeremy.
(This used to be commit cbe725f1b0)
 2007-10-10 12:18:16 -05:00
Simo Sorce
e9e6af5951 r21606: Implement escaping function for ldap RDN values 
Fix escaping of DN components and filters around the code
Add some notes to commandline help messages about how to pass DNs

revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was
incorrect.
The 2 functions use DNs in different ways.

- lookup_usergroups_member() uses the DN in a search filter,
and must use the filter escaping function to escape it
Escaping filters that include escaped DNs ("\," becomes "\5c,") is the
correct way to do it (tested against W2k3).

- lookup_usergroups_memberof() instead uses the DN ultimately as a base dn.
Both functions do NOT need any DN escaping function as DNs can't be reliably
escaped when in a string form, intead each single RDN value must be escaped
separately.

DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as
they come already escaped on the wire and passed as is by the ldap libraries

DN filtering has been tested.
For example now it is possible to do something like:
'net ads add user joe#5' as now the '#' character is correctly escaped when
building the DN, previously such a call failed with Invalid DN Syntax.

Simo.
(This used to be commit 5b4838f62a)
 2007-10-10 12:18:16 -05:00
Günther Deschner
81e4a28718 r21561: It makes absolutely no sense to call krb5_kt_resolve() two times 
directly after another.

Guenther
(This used to be commit 76ba11d777)
 2007-10-10 12:18:13 -05:00
Günther Deschner
4e00351fd4 r21558: Safe more indent, again no code changes. 
Guenther
(This used to be commit 7b18a4730d)
 2007-10-10 12:18:13 -05:00
Günther Deschner
59e8bd617b r21557: indent only fix. No code change. 
Guenther
(This used to be commit 8ff0903a17)
 2007-10-10 12:18:13 -05:00
Günther Deschner
3e946cbb85 r21556: Remove superfluos return check in ads_keytab_verify_ticket(). 
Guenther
(This used to be commit 020601ea0a)
 2007-10-10 12:18:13 -05:00
Günther Deschner
5aa3b27949 r21352: Let ads_upn_suffixes() return a pointer to an array of suffixes. 
Guenther
(This used to be commit 7ad7847e5b)
 2007-10-10 12:17:57 -05:00