summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12006: don't require callers to fill in pad bytes in SMB2 callsAndrew Tridgell4-4/+4
(This used to be commit 6935765fda99a6efb19f6f72358d4d48fc35ad5e)
2007-10-10r12005: added a SDDL (Security Descriptor Description Language) parser. NotAndrew Tridgell2-0/+316
all flags are covered yet, and object aces aren't done yet. This is needed for ACL support in ldb, as the default security descriptor for each object class is given by the defaultSecurityDescriptor attribute in the schema, which is stored in SDDL format (This used to be commit dbdeecea01a8b362a9a525a3689cb03662a86776)
2007-10-10r12004: added some SEC_ADS_* security flags. Needed for a SDDL parser.Andrew Tridgell1-0/+11
(This used to be commit dc1b83cc13e0324139c6b756a6f135534be7be79)
2007-10-10r12001: Replace smbcli_full_connection call with composite connect usedRafal Szczesniak1-8/+25
in sync version. This step makes it easer to move further to async dcerpc connect routine. rafal (This used to be commit 87b016d55315190fa3f6083c75cb783ad45ddd0b)
2007-10-10r12000: Update to current lorikeet-heimdal, including in particular supportAndrew Bartlett12-26/+504
for referencing an existing in-MEMORY keytab (required for the new way we push that to GSSAPI). Andrew Bartlett (This used to be commit 2426581dfb9f5f0f9367f846c01dfd3c30fea954)
2007-10-10r11997: for multidimentional array like this:Stefan Metzmacher1-2/+3
uint32 [num_level2][num_level1][num_level0] fix the order they're pushed and pulled, it should be like this for (l2=0; l2 < num_level2; l2++) { for (l1=0; l1 < num_level1; l1++) { for (l0=0; l0 < num_level0; l0++) { ndr_pull_uint32(...); } } } metze (This used to be commit c10195f31383f51911edd8a32f8b5d5857d5bf2d)
2007-10-10r11996: don't overwrite the buffercodeStefan Metzmacher1-1/+1
metze (This used to be commit fee5b6f40784e75a469320a584423c5030b69400)
2007-10-10r11995: A big kerberos-related update.Andrew Bartlett27-295/+633
This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10r11994: This function no longer needs a special declaration.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 88a7b7805c11cb3a1be3222d3e4b0b3ad8aff2aa)
2007-10-10r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to ↵Andrew Bartlett1-98/+321
be updated. This allows a new password to be written in, and old entries removed (we keep kvno and kvno-1). Clean up the code a lot, and add comments on what it is doing... Andrew Bartlett (This used to be commit 0a911baabad60a43741269d29a96fdd74e54331a)
2007-10-10r11992: Potentially allow SPNEGO to be disabled (as occours on WinXPAndrew Bartlett1-13/+22
standalone), and use only NTLMSSP. (But doing so would break Samba3's client). Andrew Bartlett (This used to be commit e74ca624e74ed82788817e302a516208dc1421bd)
2007-10-10r11991: Null termainte the list of backends. (Makes it easier to walk the ↵Andrew Bartlett1-2/+2
list). Andrew Bartlett (This used to be commit fc4202dea88a72de061cb2e1caa7847fae37018f)
2007-10-10r11990: Set the password set time as 'now', so it isn't expired back in 2004.Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit b3929230b210bd6f0b12f90f48767aa861fd08fa)
2007-10-10r11989: Rather than grabbing the machine account details at this point, grabAndrew Bartlett1-10/+1
them 'later'. We will need to handle the errors when we call the get_* methods. Andrew Bartlett (This used to be commit c6e572f87022b57cdfd8178eb5c23df67a92c453)
2007-10-10r11988: Setup the sessionInfo just before the connect, rather than earlierAndrew Bartlett1-4/+6
when we havn't finished popt. Andrew Bartlett (This used to be commit e5c5eb97a0ab841442b2c3fb5ea67f0d21b42932)
2007-10-10r11987: Clarify the accountExpires behaviour in the KDC.Andrew Bartlett1-4/+5
Andrew Bartlett (This used to be commit 05334e98fb1658965a822517365a86bc3906378b)
2007-10-10r11984: LGPL on header and testsuite as wellAndrew Tridgell2-22/+30
(This used to be commit ed90975bf50644f00da681eb7cc41123abc60f81)
2007-10-10r11983: make talloc LGPL. This makes more sense given that ldb depends onAndrew Tridgell1-11/+15
talloc, and ldb is now LGPL (This used to be commit 5bdd50fa38b1be28cf7bcddc561c743437e70cae)
2007-10-10r11982: ensure the fde event gets freed before the socket itself, as otherwiseAndrew Tridgell2-5/+5
we get a error from epoll about disabling events for a file descriptor that is closed (This used to be commit f32739307464a1f0c835cff886b8c4b960778900)
2007-10-10r11981: we should allocate request specific memory in ldb modules off theAndrew Tridgell1-1/+1
request strucutre. It will take a while for this to happen everywhere. (This used to be commit b1d38153b8c1d2d5be2d41005eadb0e0aa46bd72)
2007-10-10r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and thatAndrew Tridgell7-27/+30
it only appeared to be like a SMBtrans request as it was being called with function 0x11c017 which is "named pipe read write" I wonder if this means we could do DCE/RPC over SMB using ntioctl calls as well? (This used to be commit f2b8857797328be64b0b85e875ae6d108e2aeaaa)
2007-10-10r11974: only look at $pl->{POINTER_TYPE} when $pl is definedStefan Metzmacher1-7/+6
metze (This used to be commit 271d0af16d50bc89a384b56db70d569914273f6c)
2007-10-10r11973: make it easier to find bugsStefan Metzmacher2-2/+7
metze (This used to be commit 247f90c28d845fd2224cb07ed30d3e8122ba5644)
2007-10-10r11972: handle [noejs] property also on functionsStefan Metzmacher1-1/+2
metze (This used to be commit e5fef8519b28f66ce8a401fc866c8b9bf08c584d)
2007-10-10r11971: add nbt specific continue wrapperStefan Metzmacher1-0/+11
metze (This used to be commit b8c5978df18b98db89069e02597d483f893e39ae)
2007-10-10r11970: fixed a valgrind error. The auth info from the alter_context reply wasAndrew Tridgell1-1/+1
being freed before being given to gensec_update() (This used to be commit cf2cb4279e2b31989eee2fec848982b10fcc2136)
2007-10-10r11969: got rid of the very annoying 'failed to open /secrets.tdb'Andrew Tridgell1-1/+5
messages. As discussed with Andrew, this will soon be replaced with a system that marks the credentials to use the machine accout from the database rather than pre-loading the machine account details here. The reason we got the annoying messages is this was being called before smb.conf is loaded, so the code doesn't yet know the location of the private directory (This used to be commit 6aeb4bf3fe224a6f81962237bdda329ba828b493)
2007-10-10r11968: More warning fixes. We're on track to getting to double digits forTim Potter7-14/+14
the number of warnings generated now. (This used to be commit d479f2d7607adc698d71c5ba26932c72a26dcaab)
2007-10-10r11967: Fix more 64-bit warnings.Tim Potter18-57/+65
(This used to be commit 9c4436a124f874ae240feaf590141d48c33a635f)
2007-10-10r11965: Try to fix some 64-bit warnings.Tim Potter1-1/+1
(This used to be commit e98c28941a6002042e0e429f99f14e7dd4920aa6)
2007-10-10r11959: Use DOS_errors array for displaying WERROR valuesJelmer Vernooij1-1/+1
(This used to be commit 0830ed0d60cdbd00e6f42dae2c7e295363bca17d)
2007-10-10r11958: - fixed memory leaks in the ldb_result handling in ldb operationsAndrew Tridgell9-100/+108
- removed an unnecessary level of pointer in ldb_search structure (This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd)
2007-10-10r11957: fixed up code meant for debuggingAndrew Tridgell1-3/+3
(This used to be commit 8ca85842579a8a1d8f60259812d04eb7ee27d7aa)
2007-10-10r11956: removed the old rootdse.ldif, and the provision.js code that uses itAndrew Tridgell2-35/+0
(This used to be commit 4b56c129c6f1654f9dbe37bc950a836f15c48b3d)
2007-10-10r11955: got rid of the old rootDSE code in the ldap server.Andrew Tridgell5-394/+0
The partitioning logic is still there, but we only have one partition. If we need partitioning in the future it might be better to remove this partitioning code and use a partitioning module instead (This used to be commit f4685e7dc9bdc3b9e240c9f5891b9da9251f82e5)
2007-10-10r11954: add the static rootdse content to the sam ldb,and enable the rootdseAndrew Tridgell1-1/+21
module in @MODULES (This used to be commit cfab88fcc2c740a6d3fd456a009fbb60061b3a53)
2007-10-10r11953: enabled the rootdse module in the ldb modules codeAndrew Tridgell1-0/+1
(This used to be commit 7d8b11174c97a3797673254c351c94436aa716b7)
2007-10-10r11952: added a rootdse module. This will replace the existing rootdse code inAndrew Tridgell3-40/+202
the ldap server. The reason for the change is that ldb modules need some way to get at the static info stored in the rootDSE (such as the location of the schema) but they can't do that right now (This used to be commit 7e226383f2cd2ce9bb3983ab6a3de454649f8a15)
2007-10-10r11949: make sure we ask gensec to give us a session keyAndrew Tridgell1-0/+2
andrew, this answers your question on irc about whether the same session key mechanisms are used in smb2. They are - the RPC-LSA secret tests pass fine over ncacn_np on SMB2, which means the session key must be working (This used to be commit 91327885a2b6432ba20a8dd1370b632240d3263d)
2007-10-10r11941: fix cut'n'paste bugStefan Metzmacher1-1/+1
metze (This used to be commit fd77cfa49016d403c3f4c60c2422d41498438c17)
2007-10-10r11940: Love has clarified why this code does what it does.Andrew Bartlett2-8/+6
Andrew Bartlett (This used to be commit 9b3dedbc0bb12897a8f9bd4ec864de26b3835981)
2007-10-10r11931: Add a short README explaining what this directory is all about.Andrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit eaf8777e449f70f5694f29199c18f26b9647d558)
2007-10-10r11930: Add socket/packet handling code for kpasswddAndrew Bartlett3-5/+52
Allow ticket requests with only a netbios name to be considered 'null' addresses, and therefore allowed by default. Use the netbios address as the workstation name for the allowed workstations check with krb5. Andrew Bartlett (This used to be commit 328fa186f2df5cdd42be679d92b5f07f7ed22d87)
2007-10-10r11929: Add static, comments.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 41f09ef9342d0c9f09475a189d2bbdb50e611528)
2007-10-10r11928: More Kerberos musings...Andrew Bartlett1-20/+64
Andrew Bartlett (This used to be commit 571f9c9c51b93946d23f2b35ef76ac881994b8cc)
2007-10-10r11913: if we have a UNIQUE name with more than 1 address,Stefan Metzmacher1-0/+5
it becomes implicit an MHOMED record metze (This used to be commit a5bced92a91f462ac6c41c04012aaeb3f77455de)
2007-10-10r11912: fix nbt_name_registration, there's still some minor stuff todo,Stefan Metzmacher2-56/+134
e.g. to return the first address of the 0x1B address as first address in the 0x1C reply, and handle sgroup merge overflow of 25 addresses metze (This used to be commit a80280e061c03f9d07f7d6df20228de7923bb000)
2007-10-10r11911: as we pass the owned_released vs. replica test now, run it with make ↵Stefan Metzmacher1-0/+1
test metze (This used to be commit d34580ec70dca145ea7911be718ad1fc13297a20)
2007-10-10r11910: fix nbt_name_release and nbt_name_query, so that we pass the ↵Stefan Metzmacher1-20/+70
owned_released vs. replica winsrepl torture test metze (This used to be commit c8c53593fc7831968499b5028417f0de0a7f421b)
2007-10-10r11908: implement SGROUP merging, that passes the different owner testsStefan Metzmacher1-14/+222
(but only without socket_wrapper, I need to look at that later and then add the different_owner test to NBT-WINSREPLICATION-QUICK so that it'll be runned by make test) metze (This used to be commit 9ef33580345f12fafbab0a09644451c8b7600f7f)