samba.git/source4/heimdal/lib, branch talloc-2.3.3 Unnamed repository; edit this file 'description' to name the repository. heimdal_build: Use lib/asn1/rfc2459.opt rather than hard-coded 2021-06-15T23:25:27+00:00 Andrew Bartlett abartlet@samba.org 2021-06-15T03:24:17+00:00 1f724a9f9bb5cf133bb21222cdc23eaad57eed85 Based on patch by Stefan Metzmacher in his Heimdal upgrade branch lib/asn1/rfc2459.opt imported from lorikeet-heimdal-abartlet/lorikeet-heimdal-201107241840-plus-recent-changes which is the closest tree I could find, and matches the options being removed from the wscript_build file. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 15 23:25:27 UTC 2021 on sn-devel-184 
Based on patch by Stefan Metzmacher in his Heimdal upgrade branch

lib/asn1/rfc2459.opt imported from
lorikeet-heimdal-abartlet/lorikeet-heimdal-201107241840-plus-recent-changes
which is the closest tree I could find, and matches the options being
removed from the wscript_build file.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 15 23:25:27 UTC 2021 on sn-devel-184
build: Use bison at build time rather than lexyacc.sh to build the embedded heimdal 2021-04-28T03:43:34+00:00 Andrew Bartlett abartlet@samba.org 2021-03-29T20:39:00+00:00 e45980ff5de27b4558e7dfe0ce4c7af39d9c8b6b Because the filenames are changed to the *.tab.{h,c} format a transitional header is added. While the built compilers differ, the output of the compilers and the resulting .o files have been verified not to have changed on Ubuntu 20.04. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Because the filenames are changed to the *.tab.{h,c} format
a transitional header is added.

While the built compilers differ, the output of the compilers
and the resulting .o files have been verified not to have changed
on Ubuntu 20.04.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
heimdal: use correct prototype of yyparse() 2021-04-28T03:43:34+00:00 Andrew Bartlett abartlet@samba.org 2021-04-18T19:03:47+00:00 c2c09113e5598ae87dcf470cb85aaf1a62d03ba4 As noted in 92c6891c368cae5c2402727c1f66f1c60778199d in upstream Heimdal yyparse() returns an int. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
As noted in 92c6891c368cae5c2402727c1f66f1c60778199d in upstream
Heimdal yyparse() returns an int.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
HEIMDAL: Avoid yydebug compiler warning 2021-04-28T03:43:34+00:00 Viktor Dukhovni viktor@twosigma.com 2016-11-13T19:51:17+00:00 2ccd5c096aa77f3b81a60d01e1c97464f2681d43 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry-picked from Heimdal commit 17d6d0ac1e8597e91d723399cbe9af9ea2e13f42) 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry-picked from Heimdal commit 17d6d0ac1e8597e91d723399cbe9af9ea2e13f42)
HEIMDAL: krb5_storage_free(NULL) should work 2021-02-09T03:09:34+00:00 Paul Wise pabs3@bonedaddy.net 2016-02-29T17:58:45+00:00 f9ed4f7028a5ed29026ac8ef1b47b63755ba98f8 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505 Signed-off-by: Paul Wise <pabs3@bonedaddy.net> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Original-author: Nicolas Williams <nico@twosigma.com> (cherry-picked from heimdal commit b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af) 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505

Signed-off-by: Paul Wise <pabs3@bonedaddy.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Original-author: Nicolas Williams <nico@twosigma.com>
(cherry-picked from heimdal commit b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af)
Compile .l files (flex) with the waf rule at runtime 2020-08-07T03:23:44+00:00 Andrew Bartlett abartlet@samba.org 2020-05-27T09:31:43+00:00 c51c15144e3fbdd3ebed301a077c687e23882e09 Other parts of Samba already compile these directly. This makes these files compile with modern compiler warnings. The primary difference (other than being built with a newer flex) is the loss of the #include "config.h" but this is not used in the other .l files elsewehre and does not seem to matter on modern systems. The generated output from compile_et asn1_compile has not changed (so I think the hx509 case is safe). The mdssvc case just has changed file locations and line numbers. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Other parts of Samba already compile these directly.

This makes these files compile with modern compiler warnings.

The primary difference (other than being built with a newer
flex) is the loss of the #include "config.h" but
this is not used in the other .l files elsewehre and does not
seem to matter on modern systems.

The generated output from compile_et asn1_compile has not changed
(so I think the hx509 case is safe).

The mdssvc case just has changed file locations and line numbers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
heimdal: Exclude more of plugin.c if HAVE_DLOPEN (which Samba unsets) is not set 2020-08-07T03:23:43+00:00 Andrew Bartlett abartlet@samba.org 2020-05-27T10:18:31+00:00 1663ada9751d35f10c92149801c5b209b0361ac1 This allows us to avoid warnings and errors due to unsued variables and functions. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
This allows us to avoid warnings and errors due to unsued variables
and functions.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
heimdal: Use #ifdef HAVE_DLOPEN around function used by HAVE_DLOPEN 2020-08-07T03:23:43+00:00 Gary Lockyer gary@catalyst.net.nz 2017-09-25T00:58:10+00:00 1687813ec2d2609b2f9d65ef2917983d8f255af9 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
heimdal: Use #ifdef HAVE_DLOPEN around functions used only by HAVE_DLOPEN 2020-08-07T03:23:43+00:00 Gary Lockyer gary@catalyst.net.nz 2017-09-25T01:15:28+00:00 4e8f3fdf82ab1ed4ecb8edcc284168dc85dadc49 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
kdc: allow checksum of PA-FOR-USER to be HMAC_MD5 2020-06-11T02:48:58+00:00 Isaac Boukris iboukris@gmail.com 2018-11-12T10:26:25+00:00 6095a4f0d58cad3dde6e76cadd7bcae0a240c9e6 even if the tgt session key uses different hmac. Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and that's what windows 7 client and MIT client send. In heimdal both the client and kdc use the checksum of the tgt key instead and therefore work with each other but windows and MIT clients fail against heimdal KDC. Windows KDC allows either checksum (HMAC_MD5 or from tgt) so we should do the same to support all clients. Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184 
even if the tgt session key uses different hmac.

Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.

In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.

Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184