Heimdal can be executed in environments in which the user
account profile is not loaded. In such environments it is
not possible to use PROV_RSA_FULL as it stores required
data within the profile. Instead, fallback to PROV_RNG which
does not store data within the profile and can be used to access
secure random number generator routines.
Change-Id: If600246f39645ed6bf5af0dd237f5adfddcf6c0c
if NO_AFS is not defined include the KAFS library when
building kuser. the KAFS library does not yet build on
Windows but will in the future.
Change-Id: If2a6c7279d6166cc0f4c49d36f3fa54ad7d19d87
on a big endian machine, usage of this file in the kernel
is somewhat troublesome since the linux kernel already has
a well known global/#define called current.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
We don't need a cast in that case.
Before commit 1124c4872d
(KVNOs are krb5uint32 in RFC4120, make it so),
we compared krb5int32 casted to size_t with unsigned int,
which resulted in the following problem:
Casting krb5int32 to (size_t) is wrong, as sizeof(int)==4 != sizeof(size_t)== 8.
If you cast negative int values to size_t you'll get this:
int ival = -5000; // 0xFFFFEC78
size_t sval = (size_t)ival; // this will be 0xFFFFFFFFFFFFEC78
So we better compare while casting to (unsigned int).
This is important for Active Directory RODC support,
which adds a random number into the higher 16-bits of the
32-bit kvno value.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
We need to use the name that the HDB entry returned, otherwise we
will not canonicalise the reply if requested.
Andrew Bartlett
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
This will be used to indicate to the backend if a fetch is for
an AS REQ or TGS REQ. Samba needs to take some action in the
HDB_F_FOR_TGS_REQ case and always canonicalize the principal
names, even without HDB_F_CANON.
metze
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
