Commit Graph

26707 Commits

Author SHA1 Message Date
Asanka C. Herath
4a6a5d59a5 Windows: Build policy assembly as a merge module 2010-11-29 18:21:56 -05:00
Love Hornquist Astrand
42f9c644cf Also try key usage 8 for tgs-rep subkey
If the is Windows 2000 DC, we need to retry with key usage 8 when doing ARCFOUR.

Thanks to Andrew and Tridge that helped me debug this using their systems.
2010-11-29 11:19:24 -08:00
Asanka C. Herath
d4f1d0e900 Canonicalize the program name if necessary in setprogname() 2010-11-29 13:32:24 -05:00
Love Hornquist Astrand
2038d6f56e don't whine when principal is not found in cache, also, use krb5_cc function to make it not hit the network 2010-11-29 09:31:07 -08:00
Love Hornquist Astrand
987faedb80 add random abstraction 2010-11-29 09:31:07 -08:00
Love Hornquist Astrand
bad0e733c5 less exit with failures 2010-11-29 09:31:07 -08:00
Love Hornquist Astrand
a2b45360c2 add random_init 2010-11-29 09:31:07 -08:00
Asanka C. Herath
b755dc12f4 Windows: Fix hcrypto tests on cygwin 2010-11-29 10:53:50 -05:00
Asanka C. Herath
6d662f71d7 Windows: Fix export lists 2010-11-29 10:53:49 -05:00
Asanka C. Herath
e3559160b7 Include roken.h before gssapi.h 2010-11-29 10:41:47 -05:00
Asanka C. Herath
87801aca51 Windows: Build gsstool 2010-11-29 10:41:46 -05:00
Asanka C. Herath
0e0fba8866 Windows: Detect VC version instead of hardcoding it 2010-11-29 10:41:44 -05:00
Asanka C. Herath
6fe4372d17 Windows: Install kcc 2010-11-29 10:41:44 -05:00
Asanka C. Herath
8e7f787053 Windows: Dependencies for kcc 2010-11-29 10:36:59 -05:00
Love Hornquist Astrand
290aed8056 add missing ; 2010-11-28 19:49:27 -08:00
Andrew Bartlett
b819f1fe2b Push PKINIT configuration into default_config.c
The interaction with Samba4 is subtle - it calls
krb5_kdc_get_config(), but not configure() - but must have PKINIT set
up.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-28 19:45:18 -08:00
Andrew Bartlett
64a326d33b heimdal Fetch the client before the PAC check, but after obtaining krbtgt_out
By checking the client principal here, we compare the realm based on
the normalised realm, but do so early enough to validate the PAC (and
regenerate it if required).

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-28 19:44:49 -08:00
Andrew Bartlett
2542e40fed heimdal Fix handling of backwards cross-realm detection for Samba4
Samba4 may modify the case of the realm in a returned entry, but will no longer modify the case of the prinicipal components.

The easy way to keep this test passing is to consider also what we
need to do to get the krbtgt account for the PAC signing - and to use
krbtgt/<this>/@REALM component to fetch the real krbtgt, and to use
that resutl for realm comparion.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 08:47:44 UTC 2010 on sn-devel-104

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-28 19:41:13 -08:00
Andrew Bartlett
10f9468f9d heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller
This means that no reply packet should be generated, but that instead
the user of the libkdc API should forward the packet to a real KDC,
that has a full database.

Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-28 19:40:07 -08:00
Love Hornquist Astrand
edb2464ab9 NETLOGON mechanism, for use in DCE-RPC 2010-11-28 19:35:40 -08:00
Love Hornquist Astrand
0a10f35897 drop unused functions 2010-11-28 11:50:42 -08:00
Love Hornquist Astrand
6c6726d76c drop hdb_fetch 2010-11-28 11:46:46 -08:00
Love Hornquist Astrand
965836509b switch to hdb_fetch_kvno 2010-11-28 11:43:02 -08:00
Love Hornquist Astrand
4cdd645ff4 add backends implement hdb_fetch_kvno, use it 2010-11-28 11:35:41 -08:00
Love Hornquist Astrand
917920e8cd implement fetch_kvno 2010-11-28 11:34:33 -08:00
Love Hornquist Astrand
38d0a72326 implement fetch_kvno 2010-11-28 11:33:24 -08:00
Love Hornquist Astrand
daa3d4753d implement fetch_kvno 2010-11-28 11:31:15 -08:00
Love Hornquist Astrand
ee8c2e45b4 use _hdb_fetch_kvno 2010-11-28 11:20:31 -08:00
Love Hornquist Astrand
c44315b6d9 add _hdb_fetch_kvno 2010-11-28 11:19:43 -08:00
Love Hornquist Astrand
617c51a150 kvno is krb5_kvno not unsigned 2010-11-28 11:19:22 -08:00
Love Hornquist Astrand
8ece8672ae kvno is krb5_kvno not unsigned 2010-11-28 11:19:15 -08:00
Love Hornquist Astrand
2ec1c3fbec use int32_t for krb5_kvno 2010-11-28 11:18:55 -08:00
Love Hornquist Astrand
d91e772a0e adopt syntax 2010-11-28 10:46:26 -08:00
Andrew Bartlett
f469fc6d49 heimdal Add support for extracting a particular KVNO from the database
This should allow master key rollover.

(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-28 09:52:54 -08:00
Andrew Bartlett
e189d712ce Don't dereference NULL in error verify_checksum error path
Andrew Bartlett

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2010-11-28 09:46:43 -08:00
Love Hornquist Astrand
d69fcab43f use vsnprintf so that we dont need roken 2010-11-27 23:21:39 -08:00
Love Hornquist Astrand
d36ee8f0b6 add readline alternative 2010-11-27 19:51:26 -08:00
Love Hornquist Astrand
4cd0b0bd4d add rule for copy_cred_cache.obj 2010-11-27 19:45:20 -08:00
Love Hornquist Astrand
1713166806 use varible for kcc objects, add libsl and copy_cred_cache 2010-11-27 19:36:54 -08:00
Love Hornquist Astrand
88491eb210 uppercase variables names 2010-11-27 19:30:52 -08:00
Love Hornquist Astrand
e9f26f08f2 add more symbols 2010-11-27 19:27:19 -08:00
Love Hornquist Astrand
b26ed1a415 add gss_mo 2010-11-27 19:25:49 -08:00
Love Hornquist Astrand
c45a17e4e8 these are generated files 2010-11-27 19:24:35 -08:00
Love Hornquist Astrand
8b77068ab3 include "mech_locl.h" 2010-11-27 19:23:48 -08:00
Love Hornquist Astrand
d0e012e859 include #include "mech_locl.h" 2010-11-27 19:21:30 -08:00
Love Hornquist Astrand
97c22d9add sprinkle GSSAPI_LIB_VARIABLE 2010-11-27 19:16:44 -08:00
Love Hornquist Astrand
99e1c33987 sprinkle GSSAPI_CALLCONV, add missing space in */* 2010-11-27 19:11:09 -08:00
Love Hornquist Astrand
b56632b817 Include gssapi\gssapi_oid.h and mech/gss_oid.{c,obj} 2010-11-27 19:03:01 -08:00
Love Hornquist Astrand
5471d166e5 include gssapi\gssapi_oid.h 2010-11-27 19:02:21 -08:00
Love Hornquist Astrand
a2345c5159 remove debug printing 2010-11-27 18:59:17 -08:00