| Commit message (Collapse) | Author | Age |
... | |
| | | | |
|
| | | |
| | | |
| | | | |
This is needed if the first is not usable
|
| | | | |
|
| | | | |
|
| | |/
| | |
| | | |
Not all error codes have been added, only the most common ones.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This will shortly be removed from krb5.asn1.
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
Andrew Bartlett based on work by metze to remove it from othert parts of the code
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
(Samba commit 9ebd10b3432c271625db9fbc1987759c02b23f83 forward-ported
to Heimdal master by Andrew Bartlett)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
An ENTERPRISE principal should result in 'administrator@S4XDOM.BASE'
instead of 'administrator\@S4XDOM.BASE'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
| | |
| | |
| | |
| | |
| | | |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
overwritten
This change ensures that our RODC will correctly proxy when asked to provide
a ticket for a service or user where the keys are not on this RODC.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Most probably just a copy/paste error.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The resource allocated by krb5_default_default_realm() should be
free()'d by krb5_free_default_realm() instead of plain free()
for better readability.
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.
This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.
Andrew Bartlett
|
| | |
| | |
| | |
| | | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is required to ensure the client still gets errors like KRB5KDC_ERR_PREAUTH_FAILED, rather than
KRB5KDC_ERR_PREAUTH_REQUIRED, which become a confusing KRB5_GET_IN_TKT_LOOP.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
| | |
| | |
| | |
| | |
| | |
| | | |
A few fixes for syntax errors in man pages, as reported by lintian:
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The following sequence of events results in slave B having a stale HDB:
- slave A connects to master, master dumps HDB for the slave
- kadm5 operations
- slave B connects to master, master sends previously dumped HDB
slave B won't discover any updates until the next transaction.
The fix is simple: the slave should immediately call ihave() after
receiving a complete HDB.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
Should have used -- instead of == in the prior commit.
Change-Id: I90f8886b754dda19970c6579ffa477634e8dc4a5
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It should be possible to pass a format string of "%.s" to permit
a non-nul terminated string to be used as input. The test of remaining
precision and the test for NUL needs to be reversed to permit this
behavior to function correctly.
Change-Id: I200f9c2886419dc4c3870f5f44bc10e81245f56c
|
| | |\
| | | |
| | | | |
Fix compilation error in dlfcn.h
|
| | |/
| | |
| | | |
When dlfcn.h is included from a C++ file causes a compilation error due to missing '{'.
|
| | |
| | |
| | |
| | | |
Andrew Bartlett for pointing this out
|
| | |\
| | | |
| | | | |
Fix build when OpenSSL has no EGD support
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As per Jeremy's request in #124
Windows does not define HAVE_RAND_EGD resulting in the same conditional
support for EGD.
|
| | | | |
|
| | | | |
|
| | |\ \
| | | | |
| | | | | |
Typo: enviroment -> environment.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I5037b7e6d804e6a61e02258927f06d24cc0b2051
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I0848303e123ec07ac8c552c736510e7be2dd5598
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I4172f81a187cf398c4538de36067ae19eb2534e3
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I3b6cde99859979e5db866c3f707f194144251ee1
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I553c310afbefb50521d90e0aa7121cae359ee311
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: If43c93b8dc1088710a0cd48987cb9e69acb6ec23
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I1e0a33ee1ae1a61dbdecc731451852590aa3883c
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|