[Heimdal-source-changes] [heimdal/heimdal] be37f2: lib/ntlm: add missing dependency to libwind.la
GitHub
noreply at github.com
Fre Juli 31 08:03:08 CEST 2015
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: be37f24ef4911c1770bb06aed0f45b45921f66ae
https://github.com/heimdal/heimdal/commit/be37f24ef4911c1770bb06aed0f45b45921f66ae
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/ntlm/Makefile.am
Log Message:
-----------
lib/ntlm: add missing dependency to libwind.la
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: 20da6cad02d5b57ce081b8bf28c41cedb70c00bb
https://github.com/heimdal/heimdal/commit/20da6cad02d5b57ce081b8bf28c41cedb70c00bb
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
A doc/standardisation/rfc6806.txt
Log Message:
-----------
doc/standardisation: add rfc6806.txt
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: ae4d222f586b7e93800b902b6823ab3a3978ff54
https://github.com/heimdal/heimdal/commit/ae4d222f586b7e93800b902b6823ab3a3978ff54
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/krb5/pac.c
Log Message:
-----------
lib/krb5: verify_logonname() to handle multi component principal
FreeIPA can generate tickets with a client principal of
'host/hostname.example.com'.
verify_logonname() should just verify the principal name
in the PAC_LOGON_NAME is the same as the principal of
the client principal (without realm) of the ticket.
Samba commit b7cc8c1187ff967e44587cd0d09185330378f366
break this. We try to compare ['host']['hostname.example.com']
with ['host/hostname.example.com]' (as we interpret it as enterprise principal)
this fail if we don't compare them as strings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Commit: bbff216dc659954a76bb395ee36aa1a1c8571941
https://github.com/heimdal/heimdal/commit/bbff216dc659954a76bb395ee36aa1a1c8571941
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/krb5/init_creds_pw.c
Log Message:
-----------
lib/krb5: correctly follow KRB5_KDC_ERR_WRONG_REALM client referrals
An AS-REQ with an enterprise principal will always directed to a kdc of the local
(default) realm. The KDC directs the client into the direction of the
final realm. See rfc6806.txt.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: 25f3db919fa73f0ad4caa31dff2275da6730f266
https://github.com/heimdal/heimdal/commit/25f3db919fa73f0ad4caa31dff2275da6730f266
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/krb5/libkrb5-exports.def.in
M lib/krb5/mk_error.c
M lib/krb5/version-script.map
Log Message:
-----------
lib/krb5: add krb5_mk_error_ext() helper function
This gives the caller the ability to skip the client_name
and only provide client_realm. This is required for
KDC_ERR_WRONG_REALM messages.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: a873e21d7c06f22943a90a41dc733ae76799390d
https://github.com/heimdal/heimdal/commit/a873e21d7c06f22943a90a41dc733ae76799390d
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M kdc/fast.c
M kdc/kerberos5.c
M kdc/krb5tgs.c
Log Message:
-----------
kdc: base _kdc_fast_mk_error() on krb5_mk_error_ext()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: 81f9ed4a6cd1ad71d1af25a2883bcff431e74a69
https://github.com/heimdal/heimdal/commit/81f9ed4a6cd1ad71d1af25a2883bcff431e74a69
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M kdc/krb5tgs.c
Log Message:
-----------
kdc: generic support for 3part servicePrincipalNames
This is not DRSUAPI specific, it works for all 3 part principals.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: 078e6f5dd2fcf50b40ed32e9178afa7c708a19fa
https://github.com/heimdal/heimdal/commit/078e6f5dd2fcf50b40ed32e9178afa7c708a19fa
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M kdc/kerberos5.c
M kdc/krb5tgs.c
M kdc/misc.c
M lib/hdb/hdb_err.et
Log Message:
-----------
kdc: add support for HDB_ERR_WRONG_REALM
A backend can return this if asked with HDB_F_GET_CLIENT|HDB_F_FOR_AS_REQ
for a KRB5_NT_ENTERPRISE_PRINCIPAL record or for HDB_F_GET_SERVER | HDB_F_FOR_TGS_REQ.
entry_ex->entry.principal->realm needs to return the real realm of the principal
(or at least a the realm of the next cross-realm trust hop).
This is needed to route enterprise principals between AD domain trusts.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: 63ed9620416744b044281b5c8b1e951cbaa65568
https://github.com/heimdal/heimdal/commit/63ed9620416744b044281b5c8b1e951cbaa65568
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/gssapi/krb5/decapsulate.c
Log Message:
-----------
lib/gssapi/krb5: make _gssapi_verify_pad() more robust
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: e33e47650a9734ed159308b0de268f4717ae2280
https://github.com/heimdal/heimdal/commit/e33e47650a9734ed159308b0de268f4717ae2280
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/gssapi/krb5/aeap.c
Log Message:
-----------
lib/gssapi/krb5: fix indentation in _gk_wrap_iov()
Now it matches _gk_unwrap_iov() and _gk_wrap_iov_length().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: 5f79ac2bb989fd29cd52447d44b6ac7eddb726f1
https://github.com/heimdal/heimdal/commit/5f79ac2bb989fd29cd52447d44b6ac7eddb726f1
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/gssapi/krb5/arcfour.c
Log Message:
-----------
lib/gssapi/krb5: clear temporary buffer with cleartext data.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: ef0059b8b6d18d562954f023c98abb4f8e01986b
https://github.com/heimdal/heimdal/commit/ef0059b8b6d18d562954f023c98abb4f8e01986b
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/gssapi/krb5/arcfour.c
Log Message:
-----------
lib/gssapi/krb5: add const to arcfour_mic_key()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: bafefad87fe9766dd8c8c755f5d78bb7d8f93578
https://github.com/heimdal/heimdal/commit/bafefad87fe9766dd8c8c755f5d78bb7d8f93578
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/gssapi/krb5/arcfour.c
Log Message:
-----------
lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Commit: ad3acc2aef955c3c1d28607629cc9e6140ad3efd
https://github.com/heimdal/heimdal/commit/ad3acc2aef955c3c1d28607629cc9e6140ad3efd
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
M lib/gssapi/krb5/aeap.c
M lib/gssapi/krb5/arcfour.c
Log Message:
-----------
lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Commit: 411da1fb3175f890c23b1471b105c1aa925a2a1e
https://github.com/heimdal/heimdal/commit/411da1fb3175f890c23b1471b105c1aa925a2a1e
Author: Andrew Bartlett <abartlet at samba.org>
Date: 2015-07-31 (Fri, 31 Jul 2015)
Changed paths:
A doc/standardisation/rfc6806.txt
M kdc/fast.c
M kdc/kerberos5.c
M kdc/krb5tgs.c
M kdc/misc.c
M lib/gssapi/krb5/aeap.c
M lib/gssapi/krb5/arcfour.c
M lib/gssapi/krb5/decapsulate.c
M lib/hdb/hdb_err.et
M lib/krb5/init_creds_pw.c
M lib/krb5/libkrb5-exports.def.in
M lib/krb5/mk_error.c
M lib/krb5/pac.c
M lib/krb5/version-script.map
M lib/ntlm/Makefile.am
Log Message:
-----------
Merge pull request #138 from abartlet/lorikeet-heimdal-for-upstream
Samba Cross-realm support patches from metze
These patches were posted to heimdal-discuss by metze, and there were no objections there.
Compare: https://github.com/heimdal/heimdal/compare/71c95fb38d1e...411da1fb3175
More information about the Heimdal-source-changes
mailing list