[Heimdal-source-changes] [heimdal/heimdal] 960fa4: Add test for incorrect password
GitHub
noreply at github.com
Tors Juni 18 01:21:16 CEST 2015
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: 960fa481bedbe8485b1be18ba7b61481eeff32ed
https://github.com/heimdal/heimdal/commit/960fa481bedbe8485b1be18ba7b61481eeff32ed
Author: Andrew Bartlett <abartlet at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M tests/kdc/check-kdc.in
Log Message:
-----------
Add test for incorrect password
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Commit: 95256a612961939f09ab2cfd72cd93c411a9673f
https://github.com/heimdal/heimdal/commit/95256a612961939f09ab2cfd72cd93c411a9673f
Author: Andrew Bartlett <abartlet at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: Preserve error code from Pre Authentication .validate hook
This is required to ensure the client still gets errors like KRB5KDC_ERR_PREAUTH_FAILED, rather than
KRB5KDC_ERR_PREAUTH_REQUIRED, which become a confusing KRB5_GET_IN_TKT_LOOP.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Commit: 5c8e3c6108434d31fe6056a1dcc200c9f6f8a70d
https://github.com/heimdal/heimdal/commit/5c8e3c6108434d31fe6056a1dcc200c9f6f8a70d
Author: Andrew Bartlett <abartlet at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M .travis.yml
Log Message:
-----------
Fix shell syntax in COVERITY_SCAN_BRANCH test
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Commit: 324ac13b32cc381f4d2c5b581f3b499147535d0a
https://github.com/heimdal/heimdal/commit/324ac13b32cc381f4d2c5b581f3b499147535d0a
Author: Andrew Bartlett <abartlet at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M kdc/krb5tgs.c
Log Message:
-----------
heimdal: remove checking of KDC PAC signature, delegate to wdc plugin
The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.
This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.
Andrew Bartlett
Commit: e5144acab084f999bf351a4b151aa8ccc2f4ef7c
https://github.com/heimdal/heimdal/commit/e5144acab084f999bf351a4b151aa8ccc2f4ef7c
Author: Santosh Kumar Pradhan <spradhan at redhat.com>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M lib/krb5/principal.c
Log Message:
-----------
heimdal: Use krb5_free_default_realm() for free()
The resource allocated by krb5_default_default_realm() should be
free()'d by krb5_free_default_realm() instead of plain free()
for better readability.
Signed-off-by: Santosh Kumar Pradhan <spradhan at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Commit: 0f19fdec83da166b4d685e4c21b5bf7b0c503f5e
https://github.com/heimdal/heimdal/commit/0f19fdec83da166b4d685e4c21b5bf7b0c503f5e
Author: Günther Deschner <gd at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M lib/krb5/init_creds.c
Log Message:
-----------
s4-heimdal: fix krb5_get_init_creds_opt_set_process_last_req().
Most probably just a copy/paste error.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Commit: c450abd01ac6d1bd7b4f460806dc3d3ee8cd1815
https://github.com/heimdal/heimdal/commit/c450abd01ac6d1bd7b4f460806dc3d3ee8cd1815
Author: Andrew Bartlett <abartlet at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M kdc/misc.c
Log Message:
-----------
heimdal: Ensure that HDB_ERR_NOT_FOUND_HERE, critical for the RODC, is not overwritten
This change ensures that our RODC will correctly proxy when asked to provide
a ticket for a service or user where the keys are not on this RODC.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Commit: 02616866e54692c9cf0537d62cb50e8259ef84fc
https://github.com/heimdal/heimdal/commit/02616866e54692c9cf0537d62cb50e8259ef84fc
Author: Volker Lendecke <vl at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M lib/krb5/store.c
Log Message:
-----------
heimdal: Fix the developer O3 build
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Commit: 2e6318f09ac0dc40c8fa058cc20108d6b5e591e7
https://github.com/heimdal/heimdal/commit/2e6318f09ac0dc40c8fa058cc20108d6b5e591e7
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M lib/krb5/pac.c
Log Message:
-----------
heimdal:lib/krb5: allow enterprise principals in verify_logonname()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Commit: 8c8a39b0b7dc8c24cad1c2dcf68d2c7b238b19fe
https://github.com/heimdal/heimdal/commit/8c8a39b0b7dc8c24cad1c2dcf68d2c7b238b19fe
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M lib/krb5/pac.c
Log Message:
-----------
heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY
An ENTERPRISE principal should result in 'administrator at S4XDOM.BASE'
instead of 'administrator\@S4XDOM.BASE'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11142
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Commit: 358e2b7b0a460962f8d8da4492270c65fec79d1a
https://github.com/heimdal/heimdal/commit/358e2b7b0a460962f8d8da4492270c65fec79d1a
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M kdc/kerberos5.c
Log Message:
-----------
kdc: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
(Samba commit 9ebd10b3432c271625db9fbc1987759c02b23f83 forward-ported
to Heimdal master by Andrew Bartlett)
Commit: 29f6290fe60cebb4ad08860214e324af0c8b23b1
https://github.com/heimdal/heimdal/commit/29f6290fe60cebb4ad08860214e324af0c8b23b1
Author: Andrew Bartlett <abartlet at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M lib/krb5/ticket.c
Log Message:
-----------
lib/krb5: Remove KRB5_PADATA_CLIENT_CANONICALIZED from ticket.c
This will shortly be removed from krb5.asn1.
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
Andrew Bartlett based on work by metze to remove it from othert parts of the code
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Commit: be63a2914adcbea7d42d56e674ee6edb4883ebaf
https://github.com/heimdal/heimdal/commit/be63a2914adcbea7d42d56e674ee6edb4883ebaf
Author: Stefan Metzmacher <metze at samba.org>
Date: 2015-06-17 (Wed, 17 Jun 2015)
Changed paths:
M lib/asn1/krb5.asn1
Log Message:
-----------
heimdal:krb5.asn1: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
This got removed between draft-ietf-krb-wg-kerberos-referrals-11.txt
and the final rfc6806.txt.
The number 133 was reassigned to PA-FX-COOKIE in rfc6113.txt.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Compare: https://github.com/heimdal/heimdal/compare/50e2a5ce95f4...be63a2914adc
More information about the Heimdal-source-changes
mailing list