Age | Commit message (Collapse) | Author | Files | Lines |
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
(This used to be commit d99c9e2817fbbe2a0a34910672c8473889bc6176)
|
|
dissector compiling and linking. It's really an enum defined in
security.idl.
(This used to be commit b62811afcb85accf9ea0cf12f4b659cd9898e275)
|
|
a FT_UINT64. Not sure about a NTTIME_hyper though.
(This used to be commit 42568d3f286679656417301d1cf29d3f0cd71030)
|
|
(This used to be commit 5b8b956887f80e99894e5732568ee65d670aaa72)
|
|
return here.
Andrew Bartlett
(This used to be commit 73bd6c75343808952d97e32be9f624aba11c78d1)
|
|
support.microsoft.com/?kbid=832572
(It inhbits the generation of a PAC).
Andrew Bartlett
(This used to be commit 330f351085089cc8f72eb350ec8b017b35e7e59c)
|
|
(This used to be commit de9830979788528754175b17fe45477e6ce9ce9e)
|
|
'make clean gcov' to generate a set of files describing the test coverage
of the Samba 4 code.
(This used to be commit 72bb84add469ad4f027ddbd8d73bb846b0609fa2)
|
|
(This used to be commit 8d246fac49332426699e797f52ef694083b5e2ea)
|
|
'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a
merge from lorikeet-heimdal, where I removed this)
This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred()
function, as this allows us to specify the target principal, regardless
of which alias the client may use.
This patch also tries to simplify some principal handling and fixes some
error cases.
Posted to samba-technical, reviewed by metze, and looked over by lha on IRC.
Andrew Bartlett
(This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00)
|
|
(This used to be commit c1e9fb24e1b53fb2c5ee6e32454350dff710c627)
|
|
(This used to be commit 0e358de93a007db921ad5e9a892114122254de39)
|
|
Remove save_hive() function (there is a flush_key function already).
Fixes for the allocation mechanism in the REGF backend
(This used to be commit 499d03bc90382bcd33c8c3a1577a58d2c76e5129)
|
|
(This used to be commit a924bec84b6d0a84db05c4315126474c9248fe2d)
|
|
Add support for showing security descriptor in regshell
Add support for saving files in NT4 registry backend
(This used to be commit 47cecd4726e6568f1aafb404646d2664f630a9bb)
|
|
(This used to be commit bcd433bfc1450317b75e22942dee1c42bb24ae79)
|
|
lorikeet-heimdal
to Samba4.
Andrew Bartlett
(This used to be commit 6835e427907bf52f7fdd332b726ffa47041853de)
|
|
(This used to be commit f36e657a416d7ec7146d84da88b28c2606ff838a)
|
|
Initial support for adding keys (still broken though)
(This used to be commit ff8d3a27c1b9bb37de39e7d7b974702b2b8c4437)
|
|
(This used to be commit ea92959209fa256a8190df19e8c27b368169724f)
|
|
(This used to be commit b349e902c7b0140cd94e241ba9f81c83fa54f603)
|
|
(This used to be commit 0ad46ef804c0654e927f9c14ea93c45f9e3c718c)
|
|
(This used to be commit 6a549f35583e71531bea56ce717635ad9499441a)
|
|
(This used to be commit cf3be71c33ec8e43c883ce05fd1a63d1178446ad)
|
|
(This used to be commit c0bae9b0b5cb56aea98e33b4d0a9d29c6622dd27)
|
|
(This used to be commit abb0db12185a3b3ef7da16fa3d742336afeb8ef0)
|
|
Fix handling of REG_DWORD in the LDB backend.
Fix a couple of warnings
(This used to be commit 709fdc7ebf5a77cfb50359fad978884777decc3b)
|
|
(This used to be commit dfa45ec1b329ad01daf81beeb31985811ce4f5af)
|
|
(This used to be commit d5c12a02af1d86de08109efddd2a588893dffbcc)
|
|
(used in reg_backend_nt4.c rewrite)
(This used to be commit 5e1a16eda28d432b94dc933b44da3ca556f92fdf)
|
|
(This used to be commit ce4902f8dea2b6f3568960278e08395ea3927146)
|
|
(This used to be commit 908ba892598af83ae2fbe661d40e9f10ff3e34a0)
|
|
(This used to be commit cda829f0d9476bd8b057a7019f55fac206205825)
|
|
too hard to fix right now. (-:
(This used to be commit a64b813ff70ccf203e65ddb9d5ee3f5dc3495a15)
|
|
(This used to be commit dd148451d7d554dc0b102023e6a22439fd3b4b81)
|
|
(This used to be commit 73dffade2c008b26eaf3924d31693c27328b8586)
|
|
emit any dissectors for this IDL.
(This used to be commit 55a98b3dfdef21df172dac6cff4ebc114b35df00)
|
|
can use the typedef names in the IDL rather than the autogenerated
function names. This means you can say "NOEMIT security_descriptor"
instead of "NOEMIT dissect_security_descriptor_type" or whatever.
(This used to be commit ec80c5ceec3c96dc847d171967472cce99edcdc7)
|
|
(This used to be commit 716011dd92d65caacb31ae399b580defa4e6fb2d)
|
|
[charset]
(This used to be commit b17478229e8e9220858fcc85a19ec751450f969d)
|
|
(This used to be commit 351149d160e893a3fdd4a5b11ec4b4b2bbf264a9)
|
|
(maybe we need to disable this binary when EXT_LIB_XATTR isn't enabled)
metze
(This used to be commit 0e5cac10cbcf0d3576cc042f6c0298b10b537464)
|
|
Convert Samba3 policy "refuse machine pw change" to registry value.
(This used to be commit a143234ac7622ef3ef87c80224927551a1452e4b)
|
|
(This used to be commit 994093b08ee463066c6bae494b10374bd700b0b0)
|
|
(This used to be commit 071dba2d0ae964e9901adf0c4870894deed43650)
|
|
try and pass it down as a parameter.
Andrew Bartlett
(This used to be commit 530d91de7ca4d3763326bc9f5b0e79e77b823778)
|
|
DRSUAPI CrackNames.
We can't pass the full cracknames test until the initial provision is
updated, the seperate DomainControllerInfo and canonical names support
is added.
Andrew Bartlett
(This used to be commit ed24d88f0e8c6371acf6638a1c5f2112bc0bf285)
|
|
Andrew Bartlett
(This used to be commit 664736e73df60ccfd24a41fda75031cb6b7d08cd)
|
|
(This used to be commit 0300f2329c71429e43ed18e6f411985a76e5aad5)
|