Age | Commit message (Collapse) | Author | Files | Lines |
|
fact that check_path_syntax() will convert '\\' characters to '/'.
When POSIX pathnames have been selected this doesn't happen, so we
must look for the unaltered separator of '\\' instead of the modified '/'.
Stevef please check this with the CIFSFS MS-DFS code !
Jeremy
(This used to be commit 883bb398e58f54ee79160487b49b79a4774ef939)
|
|
to be selected.
Jeremy.
(This used to be commit 2d8d4bd77bac6f5e7865657e12affd8b94aa85c3)
|
|
(This used to be commit 083ef11cc9be8f1299f233bde194173e092e2c3c)
|
|
when fetching the DES salting principal
(This used to be commit baf554c7934cbd591635196453c19d402358e073)
|
|
(This used to be commit bf701f51294dacd0d4077b5304772c40119460eb)
|
|
Reuse can_create() to prevent renameing a group to
an existing user or group.
(This used to be commit ce7091fda1eb3c7ea0900f455cec48c3b95a17f6)
|
|
(This used to be commit 7d619f127ee70fdd486ffaab4546a53d76a2288c)
|
|
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
The resulting keytab looks like:
ktutil: list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value. The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.
Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
|
|
Jeremy.
(This used to be commit 508ba05a8e4a7df8bf7f6ffe3d09a3c461026f78)
|
|
being used.
Jeremy.
(This used to be commit 441c289fd21d00398fb7c4c7c0338b03129a7545)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Jeremy.
(This used to be commit f131bf8f16fd8b7c49e6065ecbf6f8686b2f4269)
|
|
Thanks to Bjoern Jacke for the report and test-case.
Guenther
(This used to be commit f2ebc0e3de396f44f49dabbfe42cb3ad1c1a7ec1)
|
|
Guenther
(This used to be commit df10448e2c6166d1c129c2d9a9a74c5b4a42555f)
|
|
Guenther
(This used to be commit 4121ccfc3e39001d5b7b8288e3bc27d919f79167)
|
|
(This used to be commit 5b4c4928ac63d6872cf13c3cdc4a9a63405bbda4)
|
|
(This used to be commit 84913caebdb461fed2c94fadfa0039b32a83cb6d)
|
|
this is
what svn is for.
The idea is that we fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
Volker
(This used to be commit 9ec5ccfe851ac8a1f88b88c8c8461a5cf75b4c57)
|
|
sid_check_is_in_our_domain cases.
Volker
(This used to be commit dc403cec88d91fdeb09cbd04321d88bbdc0f490c)
|
|
Guenther
(This used to be commit 6257f9af93f2391940b2c60fe39c0bf106de15dd)
|
|
Guenther
(This used to be commit 863aeb621afa7dcec1bfef8e503ef8ed363e3742)
|
|
(This used to be commit ef6e9ca5276586c081fcf18bb178a2326309b539)
|
|
netbios domain name in server affinity cache.
Guenther
(This used to be commit 08958411eeff430fb523d9b73e0259d060bac17b)
|
|
info for our own domain.
Guenther
(This used to be commit ebd3c547e508e191d5e1b5bb001797666db7b269)
|
|
(This used to be commit c139a2293bfb66554e1be09c6824d04381de58e1)
|
|
dfs_Enum.
Guenther
(This used to be commit 4e5ea585c3482c38f2624e45f1268d3864a99faa)
|
|
Guenther
(This used to be commit 6bf350895a648ef9b824c94b894e8d7a8989eb97)
|
|
Guenther
(This used to be commit 48ab7f46814dfbd777f142cdd8f59e6c1962eb15)
|
|
read ea's from an msdfs link. Stop it from doing that.
Jerry please merge to 3.0.23.
Jeremy.
(This used to be commit 95e5ace6b4f348a3244b6a3ea0fd8badf55271f5)
|
|
password changes
Jeremy, please review.
(This used to be commit 154e4a281503f0cbc2e654640f1dfa4b4d35a3cd)
|
|
there are
vasprintf implementations that don't like a NULL format.
Volker
(This used to be commit 03c665c307e518c9ff66096904873266b145637c)
|
|
Solaris found this one that needs to go into 3.0.23, actually munlock the
password memory.
Volker
(This used to be commit 6fa928f96a70b7b063dd1bdbb08c6a3f5d942229)
|
|
(This used to be commit eac00a45efe96411ab8574b3a3d436a285b7e88a)
|
|
not the $(srcdir) to allow multiple concurrent compiles when the
source tree is shared via nfs.
(This used to be commit b79e1c011d577581eebb90b95dbdee11f8a96c3b)
|
|
checking for the builtin Administrators group membership.
security = server has no domain info in secrets.tdb
(This used to be commit fa477969fbbcd9f707461a2d9015bebf719ddfbb)
|
|
Jeremy.
(This used to be commit 0606c954668a7bbc08e2338e268405981aa0ad04)
|
|
and LDAP domain scope control.
Guenther
(This used to be commit 6df2a39110a3ae9d2729907472bad30f48896c86)
|
|
metze
(This used to be commit a558abb40d9a0bcce568a336ce7e9f4ae5e066db)
|
|
(This used to be commit 9ae1d016d44492327d180fe5e629f3a81ddfe6e4)
|
|
realm name in ads_init() in nt_printer_publish().
(This used to be commit a25e75e78db092b3992dfc6f7e2737023d43e2c3)
|
|
signing bug.
Jeremy.
(This used to be commit 3b7fbe856cea7cbb5bf91844f94f221be0a2c627)
|
|
Jeremy
(This used to be commit c4896b17faa6802f18cc1cec7fcc6168bde2eef0)
|
|
Jeremy.
(This used to be commit d48655d9c0b31d15327655140c021de29873d2c5)
|
|
Jeremy.
(This used to be commit 8c7e40f2a469df34aff0e63270a78e669d240b59)
|
|
Jeremy.
(This used to be commit 1cd9a0ef834f8062500d1aea6183e147fc5e42f4)
|
|
Jeremy.
(This used to be commit 5c5ea3152f8dbdfd7717b65e035191ffed3ec548)
|
|
for AIX.
Fix a configure.in output line
Volker
(This used to be commit 1a80266d77bb95edaa221c14652b2c6fa9932ab6)
|
|
closer at the wins server code. Firstly, it needs
to do the searches on the SELF_NAMES correctly,
secondly it needs to flush the in-memory cache
out before returning the 1b names - else it might
get duplicates returned if many 1b queries are
done in quick succession. Jerry, I hate to say
this but you might want to consider this for 3.0.23....
Jeremy.
(This used to be commit b36b9befbbc4ac318168b7788d3722710ecbf10f)
|
|
Jeremy.
(This used to be commit dfdb4ce89155dc1528b455252751616cc2c6708c)
|
|
bad cast warning.
Jeremy.
(This used to be commit d60e6e0abc17361fe180d6723b970552dc377741)
|