Andrew Bartlett
6a5547742f
Allow the PAC to be passed along during cross-realm authentication
2008-10-06 14:28:27 -07:00
Andrew Bartlett
6ad78f01a5
Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.
...
This avoids one more custom patch to the Heimdal code, and provides a
more standard way to produce hdb plugins in future.
I've renamed from hdb_ldb to hdb_samba4 as it really is not generic
ldb.
Andrew Bartlett
2008-09-29 22:34:35 -07:00
Andrew Bartlett
baf0b36081
Merge krb5_cksumtype_to_enctype from Heimdal svn -r 23719
...
(This used to be commit cc1df3c002
2008-09-03 14:20:30 +10:00
Andrew Bartlett
0b16d70f39
Don't wipe the PAC checksums, the caller may actually need them.
...
(This used to be commit 9db5a966fc
2008-08-28 16:19:16 +10:00
Stefan Metzmacher
9430420ba2
heimdal: add missing heimdal/lib/hcrypto/{evp-aes-cts.c,evp-hcrypto.c}, sorry...
...
metze
(This used to be commit 0c4227e45d
2008-08-26 21:38:34 +02:00
Stefan Metzmacher
243321b4bb
heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patches
...
This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo.
metze
(This used to be commit 467a1f2163
2008-08-26 19:46:38 +02:00
Stefan Metzmacher
9080b5d979
heimdal_build: autogenerate the heimdal private/proto headers
...
Now it's possible to just use a plain heimdal tree in source/heimdal/
without any pregenerated files.
metze
(This used to be commit da333ca711
2008-08-26 18:49:17 +02:00
Stefan Metzmacher
a1bbd66b0f
heimdal_build: autogenerate table files in heimdal/lib/wind/
...
metze
(This used to be commit f4cfba26ae
2008-08-26 18:48:50 +02:00
Stefan Metzmacher
57d4e11023
heimdal_build: add fallback for AC_WARNING_ENABLE()
...
metze
(This used to be commit 8d6d96898d
2008-08-26 18:47:49 +02:00
Stefan Metzmacher
f09f67d24d
heimdal: remove unused old files
...
metze
(This used to be commit 94cef56212
2008-08-26 18:47:48 +02:00
Stefan Metzmacher
1c4b84ee4f
heimdal_build: add a fake sqlite keytab implementation
...
This remove a difference against lorikeet-heimdal.
metze
(This used to be commit 4314df3561
2008-08-26 14:25:44 +02:00
Stefan Metzmacher
cec74e9b00
Revert "gsskrb5: add support for DCE_STYLE and des and des3 keys"
...
This reverts commit 86848dd0f2585e5360e2
2008-08-26 12:30:02 +02:00
Stefan Metzmacher
64826077bf
Revert "gsskrb5: always return an acceptor subkey"
...
This reverts commit 6a8b07c3958ed040c8c4
2008-08-26 12:30:02 +02:00
Stefan Metzmacher
e75f1072b6
Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key"
...
This reverts commit dbb94133e0697cd1896b
2008-08-14 13:13:52 +02:00
Stefan Metzmacher
69d074af81
gsskrb5: always return an acceptor subkey
...
For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.
metze
(This used to be commit 6a8b07c395
2008-08-14 13:13:52 +02:00
Stefan Metzmacher
5569132f45
gsskrb5: try to be compatible with windows for gss_wrap* and cfx
...
The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.
metze
(This used to be commit 0fa41a94e4
2008-08-08 15:29:17 +02:00
Stefan Metzmacher
610b1ada15
krb5: always generate the acceptor subkey as the same enctype as the used service key
...
With this patch samba4 can use gsskrb5_get_subkey() to get the session key.
metze
(This used to be commit dbb94133e0
2008-08-08 15:29:16 +02:00
Stefan Metzmacher
4ad02f5185
gsskrb5: add support for DCE_STYLE and des and des3 keys
...
Only the des keys are tested as windows doesn't support des3
metze
(This used to be commit 86848dd0f2
2008-08-08 12:52:14 +02:00
Stefan Metzmacher
86c9db8d4a
heimdal: add missing files
...
metze
(This used to be commit b395cd7acd
2008-08-01 17:49:45 +02:00
Stefan Metzmacher
9f5325ce39
heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c
...
metze
(This used to be commit 3bd7e68a5c
2008-08-01 17:27:18 +02:00
Stefan Metzmacher
a925f039ee
heimdal: update to lorikeet-heimdal rev 801
...
metze
(This used to be commit d6c54a66fb
2008-08-01 16:11:00 +02:00
Stefan Metzmacher
3678411037
gsskrb5: just don't force, but allow the flags when GSS_CF_NO_CI_FLAGS is given
...
metze
(This used to be commit f10c9ca361
2008-06-27 12:43:04 +02:00
Stefan Metzmacher
eb192abd3a
gsskrb5: fix gss_krb5_cred_no_ci_flags_x_oid_desc variable name
...
metze
(This used to be commit d88be1a1cb
2008-06-27 12:43:04 +02:00
Stefan Metzmacher
b3ec55b984
krb5_init_sec_context: skip the token header when GSS_C_DCE_STYLE is specified
...
Windows (and heimdal) accepts packets with token header
in the server, but it doesn't match the windows client.
We now match the windows client and that fixes
also the display in wireshark.
metze
(This used to be commit 58f66184f0
2008-06-02 16:58:04 +02:00
Andrew Bartlett
aaf62085dd
Merge branch 'v4-0-logon' of git://git.id10ts.net/samba into 4-0-local
...
(This used to be commit 8252b51850
2008-03-19 11:04:42 +11:00
Andrew Bartlett
9e6b0c2871
Merge lorikeet-heimdal -r 787 into Samba4 tree.
...
Andrew Bartlett
(This used to be commit d88b530522
2008-03-19 10:17:42 +11:00
Andrew Kroeger
a550317253
heimdal: Add parameter to windc_plugin to allow extended return codes.
...
These changes add a krb5_data parameter named e_data to the windc_plugin to
allow the samba KDC to return extended error information in addition to the
standard KRB5KDC_ERR_* codes. Windows uses the extended information to provide
detailed information in user dialogs (e.g. account disabled, logon hours
restriction, must change password, etc.).
This particular commit modifies only heimdal code. Hopefully this can be
submitted and accepted into the upstream heimdal codebase.
(This used to be commit f542362be2
2008-03-13 01:16:49 -05:00
Jelmer Vernooij
236a780baa
idl: Use typedef rather than declare.
...
(This used to be commit 3fd750bd54
2008-01-12 01:18:53 +01:00
Jelmer Vernooij
0500b87092
r26540: Revert my previous commit after concerns raised by Andrew.
...
(This used to be commit 6ac86f8be7
2007-12-21 05:52:06 +01:00
Jelmer Vernooij
3e75f222bc
r26539: Remove unnecessary statics.
...
(This used to be commit e53e79eebe
2007-12-21 05:52:05 +01:00
Jelmer Vernooij
d378cf4c15
r26310: Remove more uses of global_loadparm.
...
(This used to be commit 9d806da113
2007-12-21 05:48:22 +01:00
Stefan Metzmacher
9fe133ffc6
r25738: always include config.h first.
...
this needs merging to heimdal and lorikeet-heimdal
metze
(This used to be commit c2c2c991c7
2007-12-21 05:43:36 +01:00
Stefan Metzmacher
5d482b634d
r25734: regenerate yacc output (parse.[ch] files)
...
metze
(This used to be commit cb3aec0d22
2007-12-21 05:43:34 +01:00
Stefan Metzmacher
12215fadf8
r25732: import updated parse.y files from lorikeet-heimdal
...
I wonder why they're not updated as the parse.[ch]
are generated from the new versions already...
metze
(This used to be commit 9735715a0f
2007-12-21 05:43:32 +01:00
Stefan Metzmacher
733591c079
r25298: regenerate lex.c files with config.h as first include
...
this should help on aix 5.3.
metze
(This used to be commit bfd8c275bb
2007-10-10 15:07:08 -05:00
Andrew Bartlett
b39330c487
r24614: Merge with current lorikeet-heimdal. This brings us one step closer
...
to an alpha release.
Andrew Bartlett
(This used to be commit 30e02747d5
2007-10-10 15:02:25 -05:00
Stefan Metzmacher
c1010f666c
r23895: reapply rev 23493:
...
regenerate lex.c files with flex 2.5.33
this makes sure we include config.h as first header
hopefully fixes the build on SerNet-aix
abartlet: please don't revert that again with your next
heimdal merge...:-)
metze
(This used to be commit 8da4e9a9ac
2007-10-10 15:01:08 -05:00
Andrew Tridgell
e1c15c74af
r23799: updated old Franklin Street FSF addresses to new URL
...
(This used to be commit db92b76a00
2007-10-10 14:59:16 -05:00
Andrew Bartlett
ec0035c9b8
r23678: Update to current lorikeet-heimdal (-r 767), which should fix the
...
panics on hosts without /dev/random.
Andrew Bartlett
(This used to be commit 14a4ddb131
2007-10-10 14:58:59 -05:00
Stefan Metzmacher
f5c2f26e84
r23493: regenerate lex.c files with flex 2.5.33
...
this makes sure we include config.h as first header
hopefully fixes the build on SerNet-aix
metze
(This used to be commit 0149226ece
2007-10-10 14:53:22 -05:00
Andrew Bartlett
91adebe749
r23456: Update Samba4 to current lorikeet-heimdal.
...
Andrew Bartlett
(This used to be commit ae0f81ab23
2007-10-10 14:53:18 -05:00
Stefan Metzmacher
4690d5c553
r23209: import getnameinfo.c, inet_ntop.c and inet_pton.c from
...
loikeet-heimdal
metze
(This used to be commit 48eb20199e
2007-10-10 14:53:04 -05:00
Andrew Tridgell
1a55a36401
r23060: use #include <roken.h> consistently. Using "roken.h" in this directory
...
breaks Samba builds on some systems as they find the wrong roken.h
(This used to be commit 59cd26b664
2007-10-10 14:52:46 -05:00
Andrew Bartlett
cc275f011e
r22191: Add a samba4kinit binary to the build, so I can test using an existing
...
ccache, as well as PKINIT.
Andrew Bartlett
(This used to be commit 440b8d9e4b
2007-10-10 14:50:02 -05:00
Andrew Bartlett
548ffe7cf6
r21746: We don't link in this file any more.
...
(This used to be commit 123ae858c7
2007-10-10 14:49:23 -05:00
Andrew Tridgell
3bdf3aa144
r21620: commit updated versions (with correct paths)
...
(This used to be commit 2694bfb143
2007-10-10 14:49:03 -05:00
Stefan Metzmacher
3db368ad76
r21448: return the same error codes as a windows KDC
...
metze
(This used to be commit e4d69b83dc
2007-10-10 14:48:37 -05:00
Stefan Metzmacher
544e17896e
r21447: make handling of replying e_data more generic
...
love: please merge this
metze
(This used to be commit 3e4ff2de9c
2007-10-10 14:48:37 -05:00
Stefan Metzmacher
f280849a6f
r21439: fix compiler warnings
...
metze
(This used to be commit ac347d7aa5
2007-10-10 14:48:35 -05:00
Stefan Metzmacher
837f283f81
r21438: create the PAC element in the same order as w2k3,
...
maybe there's some broken code in windows which relies
on this...
love: can you merge this to heimdal?
metze
(This used to be commit b64abf9113
2007-10-10 14:48:35 -05:00
