summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
| | | * Fix typoHenryJacques2015-07-20
| | | |
| | | * Allow to use more than one token HenryJacques2015-07-20
| | | | | | | | | | | | This is needed if the first is not usable
| | | * add error codes related to User PINHenryJacques2015-07-20
| | | |
| | | * Fix typoHenryJacques2015-07-20
| | | |
| | | * Add new error codes related to PIN HenryJacques2015-07-20
| | |/ | | | | | | Not all error codes have been added, only the most common ones.
| | * heimdal:krb5.asn1: remove KRB5_PADATA_CLIENT_CANONICALIZED handlingStefan Metzmacher2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt and the final rfc6806.txt. The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
| | * lib/krb5: Remove KRB5_PADATA_CLIENT_CANONICALIZED from ticket.cAndrew Bartlett2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will shortly be removed from krb5.asn1. This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt and the final rfc6806.txt. The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt. Andrew Bartlett based on work by metze to remove it from othert parts of the code Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| | * kdc: remove KRB5_PADATA_CLIENT_CANONICALIZED handlingStefan Metzmacher2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt and the final rfc6806.txt. The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt. (Samba commit 9ebd10b3432c271625db9fbc1987759c02b23f83 forward-ported to Heimdal master by Andrew Bartlett)
| | * heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAYStefan Metzmacher2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An ENTERPRISE principal should result in 'administrator@S4XDOM.BASE' instead of 'administrator\@S4XDOM.BASE'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
| | * heimdal:lib/krb5: allow enterprise principals in verify_logonname()Stefan Metzmacher2015-06-17
| | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
| | * heimdal: Fix the developer O3 buildVolker Lendecke2015-06-17
| | | | | | | | | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
| | * heimdal: Ensure that HDB_ERR_NOT_FOUND_HERE, critical for the RODC, is not ↵Andrew Bartlett2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | overwritten This change ensures that our RODC will correctly proxy when asked to provide a ticket for a service or user where the keys are not on this RODC. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| | * s4-heimdal: fix krb5_get_init_creds_opt_set_process_last_req().Günther Deschner2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | Most probably just a copy/paste error. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| | * heimdal: Use krb5_free_default_realm() for free()Santosh Kumar Pradhan2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The resource allocated by krb5_default_default_realm() should be free()'d by krb5_free_default_realm() instead of plain free() for better readability. Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
| | * heimdal: remove checking of KDC PAC signature, delegate to wdc pluginAndrew Bartlett2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The checking of the KDC signature is more complex than it looks, it may be of a different enc type to that which the ticket is encrypted with, and may even be prefixed with the RODC number. This is better handled in the plugin which can easily look up the DB for the correct key to verify this with, and can also quickly determine if this is an interdomain trust, which we cannot verify the PAC for. Andrew Bartlett
| | * Fix shell syntax in COVERITY_SCAN_BRANCH testAndrew Bartlett2015-06-17
| | | | | | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| | * kdc: Preserve error code from Pre Authentication .validate hookAndrew Bartlett2015-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is required to ensure the client still gets errors like KRB5KDC_ERR_PREAUTH_FAILED, rather than KRB5KDC_ERR_PREAUTH_REQUIRED, which become a confusing KRB5_GET_IN_TKT_LOOP. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
| | * Add test for incorrect passwordAndrew Bartlett2015-06-17
| | | | | | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
| | * (patch) man page syntax errorsSergio Gelato2015-05-26
| | | | | | | | | | | | | | | | | | A few fixes for syntax errors in man pages, as reported by lintian: Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
| | * iprop slave: try incremental after complete xferNicolas Williams2015-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following sequence of events results in slave B having a stale HDB: - slave A connects to master, master dumps HDB for the slave - kadm5 operations - slave B connects to master, master sends previously dumped HDB slave B won't discover any updates until the next transaction. The fix is simple: the slave should immediately call ihave() after receiving a complete HDB.
| | * Fix HDB rename/close order in iprop slaveNicolas Williams2015-05-20
| | |
| | * Tolerate some time-travel by slavesNicolas Williams2015-05-20
| | |
| | * iprop master: Don't ignore flock() resultNicolas Williams2015-05-20
| | |
| | * start-realm: don't write NULNicolas Williams2015-05-20
| | |
| | * roken: fix 0acef7729f664cfe591ff86964651bb0bbf5d6b0Jeffrey Altman2015-05-20
| | | | | | | | | | | | | | | | | | Should have used -- instead of == in the prior commit. Change-Id: I90f8886b754dda19970c6579ffa477634e8dc4a5
| | * roken: fix append_string "%.s" non-nul terminationJeffrey Altman2015-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | It should be possible to pass a format string of "%.s" to permit a non-nul terminated string to be used as input. The test of remaining precision and the test for NUL needs to be reversed to permit this behavior to function correctly. Change-Id: I200f9c2886419dc4c3870f5f44bc10e81245f56c
| | * Merge pull request #128 from kiransj/patch-1Love Hörnquist Åstrand2015-04-30
| | |\ | | | | | | | | Fix compilation error in dlfcn.h
| | | * Fix compilation error when in dlfcn.hKiran S J2015-04-30
| | |/ | | | | | | When dlfcn.h is included from a C++ file causes a compilation error due to missing '{'.
| | * call hdb_auth_status when password is wrong in the ENC-CHAL case too, thanks ↵Love Hörnquist Åstrand2015-04-28
| | | | | | | | | | | | Andrew Bartlett for pointing this out
| | * Merge pull request #124 from Sp1l/masterLove Hörnquist Åstrand2015-04-28
| | |\ | | | | | | | | Fix build when OpenSSL has no EGD support
| | | * Refactor EGD conditional supportBernard Spil2015-04-21
| | | | | | | | | | | | | | | | | | | | | | | | As per Jeremy's request in #124 Windows does not define HAVE_RAND_EGD resulting in the same conditional support for EGD.
| | | * Fix build when OpenSSL has no EGD supportBernard2015-04-10
| | | |
| | * | remove always true conditionLove Hörnquist Åstrand2015-04-28
| | | |
| | * | Merge pull request #127 from jelmer/typo-fixesvdukhovni2015-04-25
| | |\ \ | | | | | | | | | | Typo: enviroment -> environment.
| | | * | Typo: enviroment -> environment.Jelmer Vernooij2015-04-25
| | | | |
| | * | | YFS Coverity 11034Jeffrey Altman2015-04-21
| | | | | | | | | | | | | | | | | | | | Change-Id: I5037b7e6d804e6a61e02258927f06d24cc0b2051
| | * | | YFS Coverity 11631Jeffrey Altman2015-04-21
| | | | | | | | | | | | | | | | | | | | Change-Id: I0848303e123ec07ac8c552c736510e7be2dd5598
| | * | | YFS Coverity 11745Jeffrey Altman2015-04-21
| | | | | | | | | | | | | | | | | | | | Change-Id: I4172f81a187cf398c4538de36067ae19eb2534e3
| | * | | YFS Coverity 11475Jeffrey Altman2015-04-21
| | | | | | | | | | | | | | | | | | | | Change-Id: I3b6cde99859979e5db866c3f707f194144251ee1
| | * | | YFS Coverity 11738Jeffrey Altman2015-04-21
| | | | | | | | | | | | | | | | | | | | Change-Id: I553c310afbefb50521d90e0aa7121cae359ee311
| | * | | YFS Coverity 11694Jeffrey Altman2015-04-21
| | | | | | | | | | | | | | | | | | | | Change-Id: If43c93b8dc1088710a0cd48987cb9e69acb6ec23
| | * | | YFS Coverity 11525Jeffrey Altman2015-04-21
| | | | | | | | | | | | | | | | | | | | Change-Id: I1e0a33ee1ae1a61dbdecc731451852590aa3883c
| | * | | coverity 1164162Nicolas Williams2015-04-19
| | | | |
| | * | | coverity 1164093Nicolas Williams2015-04-19
| | | | |
| | * | | fixup coverity 1164099Nicolas Williams2015-04-19
| | | | |
| | * | | coverity 1164091Nicolas Williams2015-04-18
| | | | |
| | * | | coverity 1164092Nicolas Williams2015-04-18
| | | | |
| | * | | coverity 1164099Nicolas Williams2015-04-18
| | | | |
| | * | | coverity 745495Nicolas Williams2015-04-18
| | | | |
| | * | | coverity 745505Nicolas Williams2015-04-18
| | | | |
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 07:02:06 +0000