oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
26,142 Commits 2 Branches 2 Tags
b819f1fe2b9219d65a4d481b7f756e0c68d72d0b
Commit Graph

26142 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Bartlett
b819f1fe2b Push PKINIT configuration into default_config.c 
The interaction with Samba4 is subtle - it calls
krb5_kdc_get_config(), but not configure() - but must have PKINIT set
up.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 19:45:18 -08:00
Andrew Bartlett
64a326d33b heimdal Fetch the client before the PAC check, but after obtaining krbtgt_out 
By checking the client principal here, we compare the realm based on
the normalised realm, but do so early enough to validate the PAC (and
regenerate it if required).

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 19:44:49 -08:00
Andrew Bartlett
2542e40fed heimdal Fix handling of backwards cross-realm detection for Samba4 
Samba4 may modify the case of the realm in a returned entry, but will no longer modify the case of the prinicipal components.

The easy way to keep this test passing is to consider also what we
need to do to get the krbtgt account for the PAC signing - and to use
krbtgt/<this>/@REALM component to fetch the real krbtgt, and to use
that resutl for realm comparion.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 08:47:44 UTC 2010 on sn-devel-104

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 19:41:13 -08:00
Andrew Bartlett
10f9468f9d heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller 
This means that no reply packet should be generated, but that instead
the user of the libkdc API should forward the packet to a real KDC,
that has a full database.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 19:40:07 -08:00
Love Hornquist Astrand
edb2464ab9 NETLOGON mechanism, for use in DCE-RPC 2010-11-28 19:35:40 -08:00
Love Hornquist Astrand
0a10f35897 drop unused functions 2010-11-28 11:50:42 -08:00
Love Hornquist Astrand
6c6726d76c drop hdb_fetch 2010-11-28 11:46:46 -08:00
Love Hornquist Astrand
965836509b switch to hdb_fetch_kvno 2010-11-28 11:43:02 -08:00
Love Hornquist Astrand
4cdd645ff4 add backends implement hdb_fetch_kvno, use it 2010-11-28 11:35:41 -08:00
Love Hornquist Astrand
917920e8cd implement fetch_kvno 2010-11-28 11:34:33 -08:00
Love Hornquist Astrand
38d0a72326 implement fetch_kvno 2010-11-28 11:33:24 -08:00
Love Hornquist Astrand
daa3d4753d implement fetch_kvno 2010-11-28 11:31:15 -08:00
Love Hornquist Astrand
ee8c2e45b4 use _hdb_fetch_kvno 2010-11-28 11:20:31 -08:00
Love Hornquist Astrand
c44315b6d9 add _hdb_fetch_kvno 2010-11-28 11:19:43 -08:00
Love Hornquist Astrand
617c51a150 kvno is krb5_kvno not unsigned 2010-11-28 11:19:22 -08:00
Love Hornquist Astrand
8ece8672ae kvno is krb5_kvno not unsigned 2010-11-28 11:19:15 -08:00
Love Hornquist Astrand
2ec1c3fbec use int32_t for krb5_kvno 2010-11-28 11:18:55 -08:00
Love Hornquist Astrand
d91e772a0e adopt syntax 2010-11-28 10:46:26 -08:00
Andrew Bartlett
f469fc6d49 heimdal Add support for extracting a particular KVNO from the database 
This should allow master key rollover.

(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 09:52:54 -08:00
Andrew Bartlett
e189d712ce Don't dereference NULL in error verify_checksum error path 
Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-11-28 09:46:43 -08:00
Love Hornquist Astrand
d69fcab43f use vsnprintf so that we dont need roken 2010-11-27 23:21:39 -08:00
Love Hornquist Astrand
d36ee8f0b6 add readline alternative 2010-11-27 19:51:26 -08:00
Love Hornquist Astrand
4cd0b0bd4d add rule for copy_cred_cache.obj 2010-11-27 19:45:20 -08:00
Love Hornquist Astrand
1713166806 use varible for kcc objects, add libsl and copy_cred_cache 2010-11-27 19:36:54 -08:00
Love Hornquist Astrand
88491eb210 uppercase variables names 2010-11-27 19:30:52 -08:00
Love Hornquist Astrand
e9f26f08f2 add more symbols 2010-11-27 19:27:19 -08:00
Love Hornquist Astrand
b26ed1a415 add gss_mo 2010-11-27 19:25:49 -08:00
Love Hornquist Astrand
c45a17e4e8 these are generated files 2010-11-27 19:24:35 -08:00
Love Hornquist Astrand
8b77068ab3 include "mech_locl.h" 2010-11-27 19:23:48 -08:00
Love Hornquist Astrand
d0e012e859 include #include "mech_locl.h" 2010-11-27 19:21:30 -08:00
Love Hornquist Astrand
97c22d9add sprinkle GSSAPI_LIB_VARIABLE 2010-11-27 19:16:44 -08:00
Love Hornquist Astrand
99e1c33987 sprinkle GSSAPI_CALLCONV, add missing space in */* 2010-11-27 19:11:09 -08:00
Love Hornquist Astrand
b56632b817 Include gssapi\gssapi_oid.h and mech/gss_oid.{c,obj} 2010-11-27 19:03:01 -08:00
Love Hornquist Astrand
5471d166e5 include gssapi\gssapi_oid.h 2010-11-27 19:02:21 -08:00
Love Hornquist Astrand
a2345c5159 remove debug printing 2010-11-27 18:59:17 -08:00
Love Hornquist Astrand
7ae0574ac4 use _P in globrules ? 2010-11-27 18:56:46 -08:00
Love Hornquist Astrand
7a7676e8e7 more include path ? 2010-11-27 18:52:47 -08:00
Love Hornquist Astrand
79473c415c define ROKEN_RENAME and use snprintf 2010-11-27 18:48:15 -08:00
Love Hornquist Astrand
66cf237c71 use roken rename to pull in snprintf 2010-11-27 18:41:00 -08:00
Love Hornquist Astrand
beedb73f80 print roken.h so we ca see what's happening 2010-11-27 18:21:16 -08:00
Love Hornquist Astrand
1be05e6568 support KRB5_KDB_SALTTYPE_CERTHASH 2010-11-27 13:27:35 -08:00
Love Hornquist Astrand
db7f598466 return size is a int, don't pretend. 2010-11-27 12:37:49 -08:00
Love Hornquist Astrand
d9d68e88d3 add oids that was missing 2010-11-27 11:12:08 -08:00
Love Hornquist Astrand
e307a6f350 init max_life and max_rlife 2010-11-27 11:04:55 -08:00
Love Hornquist Astrand
b108cbe218 spelling 2010-11-26 15:01:56 -08:00
Love Hornquist Astrand
3debbe8ef5 clean out gssapi_oid.h 2010-11-26 14:28:09 -08:00
Love Hornquist Astrand
95b601af10 clean out cache_plugin.h 2010-11-26 14:27:51 -08:00
Love Hornquist Astrand
24d628edf3 make test_config work again 2010-11-26 12:28:45 -08:00
Love Hornquist Astrand
1c400805f6 use %option nounput 2010-11-26 12:08:21 -08:00
Love Hornquist Astrand
f13335985f try %option nounput and see if we can remove a warning 2010-11-26 12:01:14 -08:00