oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
24,196 Commits 2 Branches 2 Tags
3c053a2e094807af6e5f7c3338f09622098b809a
Commit Graph

24196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Love Hornquist Astrand
3c053a2e09 fix up the paranoid code to make it work with ipv6. 2009-07-16 22:21:59 -07:00
Love Hornquist Astrand
3634423f36 Allow specifying runing user and chroot() enviroment 
Allow the admin to switch the user the kdc is running under and
specify the chroot() directory to run in.

Please note you need a very special setup to get this working.
 2009-07-16 22:15:26 -07:00
Love Hörnquist Åstrand
2076c1c93e Add PAC to the first entry in the array since Windows and samba3 expects it there. 
The problem was found by Matthieu Patou, whom also created the first
patch which I changed to look what the current code looks like.

History is tracked in [HEIMDAL-582].

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25338 ec53bebd-3082-4978-b11e-865c3cabbd6b
switch-from-svn-to-git 		2009-07-16 18:28:56 +00:00
Love Hörnquist Åstrand
f8d7804396 More tests for HC_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25337 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:44 +00:00
Love Hörnquist Åstrand
e9cea2daee More tests for HC_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25336 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:24 +00:00
Love Hörnquist Åstrand
6c56033e6f improve msft compiler case 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25335 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:28:12 +00:00
Love Hörnquist Åstrand
6a85bbcc65 More tests for KRB5_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25334 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:27:52 +00:00
Love Hörnquist Åstrand
57e31f7593 More tests for GSSAPI_DEPRECATED 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25333 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-16 18:27:37 +00:00
Love Hörnquist Åstrand
2b54af87e9 Add paranoid printing using strvisx. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25332 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 23:31:55 +00:00
Love Hörnquist Åstrand
d07832d6d7 rename ruserpass to ruserpassword to not collide with uclibc, prompted by [HEIMDAL-534] 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25331 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 23:07:07 +00:00
Love Hörnquist Åstrand
29fc07df5b add paranoid check for PORT and EPRT, make it default 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25330 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:18:25 +00:00
Love Hörnquist Åstrand
16b76d5cc0 add paranoid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25329 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:18:13 +00:00
Love Hörnquist Åstrand
de5f912e02 Contributed by Andrew Bartlett: 
When Samba4's 'fake' GSSAPI client contacts Windows 2008, and does not
request AP_MUTUAL_REQUIRED, it does not elicit a response packet.

We had previously assumed it was unconditional.  Samba3 didn't mind
very much, but Samba4's samba3-like client did, and the behaviour
differed to Win2008 behaviour.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25328 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:18:00 +00:00
Love Hörnquist Åstrand
452483e61c Have two realms in the configuration file so that kpasswdd works with both of them. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25327 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:17:47 +00:00
Love Hörnquist Åstrand
6a24e13678 Use hdb_get_dbinfo() to find the realms. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25326 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:17:30 +00:00
Love Hörnquist Åstrand
9dcdb2c02c Test two realms. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25325 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:17:17 +00:00
Love Hörnquist Åstrand
aa5b66d1e8 plug a memory leak. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25324 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:16:49 +00:00
Love Hörnquist Åstrand
8eb14db155 remove unused variable 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25323 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-15 22:16:21 +00:00
Love Hörnquist Åstrand
6f23451ef8 x 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25322 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-08 00:07:19 +00:00
Love Hörnquist Åstrand
9807194527 check for NULL pointer not no NULL pointer... 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25321 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-08 00:07:05 +00:00
Love Hörnquist Åstrand
d3f16452e0 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25320 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:20:10 +00:00
Love Hörnquist Åstrand
5a9dd54e95 drop RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25319 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:09:16 +00:00
Love Hörnquist Åstrand
6aa38c372c Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25318 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:09:04 +00:00
Love Hörnquist Åstrand
ef92d8485a Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25317 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:48 +00:00
Love Hörnquist Åstrand
a18db94691 Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:36 +00:00
Love Hörnquist Åstrand
af77ace518 Push enterprise support into the bdblayer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25315 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:26 +00:00
Love Hörnquist Åstrand
48a0f6d995 reset iteration query before continuing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25314 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:15 +00:00
Love Hörnquist Åstrand
e02d83174c set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25313 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:08:05 +00:00
Love Hörnquist Åstrand
4ff6ed4652 set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25312 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:52 +00:00
Love Hörnquist Åstrand
54b5beeb98 set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25311 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:41 +00:00
Love Hörnquist Åstrand
4beac004a1 set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25310 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:30 +00:00
Love Hörnquist Åstrand
dd133f88ca make compile w/o warning, fixup from abartletts patch 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25309 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:16 +00:00
Love Hörnquist Åstrand
97b8122bc6 Report HDB_AUTH_SUCCESS for PK-INIT too. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25308 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:34:18 +00:00
Love Hörnquist Åstrand
7829e74641 Provide auth_status to backend. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25307 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:33:06 +00:00
Love Hörnquist Åstrand
d3de015b79 Check locked-out flag for client and server. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25306 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:32:56 +00:00
Love Hörnquist Åstrand
8e2e176812 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25305 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:27:09 +00:00
Love Hörnquist Åstrand
5136167f15 if client delegates to itself, that ok 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25304 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:57 +00:00
Love Hörnquist Åstrand
90de65f2be If backend implements ->hdb_check_constrained_delegation, use it for processing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25303 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:39 +00:00
Love Hörnquist Åstrand
45ef83f6fd add hdb_check_constrained_delegation 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25302 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:25 +00:00
Love Hörnquist Åstrand
e28e7b2c45 check for hdb->hdb_password 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25301 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:12 +00:00
Love Hörnquist Åstrand
868bd2dd69 sync check flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25300 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:26:00 +00:00
Love Hörnquist Åstrand
deef966478 sync check flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25299 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:25:46 +00:00
Love Hörnquist Åstrand
5c104ef172 add ->hdb_password and ->hdb_auth_status 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25298 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:25:29 +00:00
Love Hörnquist Åstrand
f65f1f26ef add HDBFlags: locked-out 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25297 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:25:01 +00:00
Love Hörnquist Åstrand
a28a9a1b30 comment about hdb_capability_flags 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25296 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 04:24:48 +00:00
Love Hörnquist Åstrand
326381bfc6 fix error message in constrained delegation, from andrew bartlett 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25295 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:23:25 +00:00
Love Hörnquist Åstrand
506b98d110 Patch from Andrew bartlett via heimdal-bugs@h5l.org 
kdc Allow a password change when the password is expired

    This requires a rework on Heimdal's windc plugin layer, as we want
    full control over what tickets Heimdal will issue.  (In particular, in
    case our requirements become more complex in future).

    The original problem was that Heimdal's check would permit the ticket,
    but Samba would then deny it, not knowing it was for kadmin/changepw

    Andrew Bartlett

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25294 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:16:46 +00:00
Love Hörnquist Åstrand
ba04bad361 From Andrew Bartlet via heimdal-bugs@h5l.org 
s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups

    The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
    list user principal name) in an AS-REQ.  Evidence from the wild
    (Win2k8 reportadely) indicates that this is instead valid for all
    types of requests.

    While this is now handled in heimdal/kdc/misc.c, a flag is now defined
    in Heimdal's hdb so that we can take over this handling in future (once we start
    using a system Heimdal, and if we find out there is more to be done
    here).

    Andrew

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25293 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:16:35 +00:00
Love Hörnquist Åstrand
012eae7f34 rename gssapi/ntlm/digest.c to kdc.c since that is what its talking too 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25292 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-03 03:16:21 +00:00
Love Hörnquist Åstrand
90ac3afd08 hostname is not_defined_in_RFC4178@please_ignore 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25291 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-06-28 21:12:38 +00:00