summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12062: SASL negotiation now requires a gensec_security context, so that weAndrew Bartlett1-1/+1
only try permitted mechanims. Andrew Bartlett (This used to be commit 0f50239dc40ee128e4985f8aec5bb5f440a4f3f0)
2007-10-10r12061: Add missing file to previous commit. This provides a hook on which toAndrew Bartlett1-0/+31
attach a restriction on available GENSEC mechanisms. Andrew Bartlett (This used to be commit 8154f2421f828be65ee89f21ed7ac0f5e2132ca9)
2007-10-10r12060: Work towards allowing the credentials system to allow/deny certainAndrew Bartlett5-65/+105
GENSEC mechansims. This will allow a machine join to an NT4 domain to avoid even trying kerberos, or a sensitive operation to require it. Andrew Bartlett (This used to be commit 11c7a89e523f85afd728d5e5f03bb084dc620244)
2007-10-10r12059: Use random keytab names (so we get different keytabs, rather thanAndrew Bartlett1-1/+15
share the MEMORY: keytab). Andrew Bartlett (This used to be commit 6c43de27086d3c463891598eb55a44877194cb0d)
2007-10-10r12058: Set an anonymous fallback, if the machine account isn't available.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 55cb72f5cfe9a2c520c30e11ab34896588e91730)
2007-10-10r12057: fixed authentication in ldb client toolsAndrew Tridgell1-0/+3
(This used to be commit 020de11a61a1aa2c77c0a308186c85960c10fe32)
2007-10-10r12056: Some clarification fixes for the keytab code, and use the rightAndrew Bartlett1-14/+15
function for enctype to string. Andrew Bartlett (This used to be commit ae6c968cb27f451e5f8cea62be7f33b4b4716f82)
2007-10-10r12037: Fix malloc corruption caused by double-free(), where realloc(ptr, 0)Andrew Bartlett1-3/+9
is equivilant to free(). This is the issue tridge was seeing in the MEMORY: keytab code. Andrew Bartlett (This used to be commit d5a2de8ef06a08274d25ab005f2a68ec32e226f0)
2007-10-10r12036: Fix more KDC memory leaks (and there are probably still more...).Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit 0c4ea6f6413e260a15c0afe331a066ea7051fd9f)
2007-10-10r12035: Fix memory leaks in the KDC.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit b60531b109cf9539a9d58d46436f397346352cee)
2007-10-10r12024: do some extra sleeping to give the server the chance to handle our replyStefan Metzmacher1-0/+2
metze (This used to be commit 144bde91b3ccbf40494b3f235a2f2699e32f9ad8)
2007-10-10r12023: use the NBTD IRPC proxy calls for implementing the challenge and ↵Stefan Metzmacher1-4/+115
release demand conflict cases metze (This used to be commit 9e84c85b3de178e0dd093ed9344d30d4c9ea6730)
2007-10-10r12022: add NBTD IRPC proxy calls for wins challenge and wins release demand,Stefan Metzmacher4-1/+403
used for replication conflicts metze (This used to be commit d7d14cb2bd9823d7e7d81266ca4014ea5263c714)
2007-10-10r12021: remove shortpath for winsdb_lookup, this isn't neededStefan Metzmacher2-7/+6
metze (This used to be commit 8fb07b1ea8fdf353da832212289aceef20495bda)
2007-10-10r12020: fix memory hierachieStefan Metzmacher1-1/+1
metze (This used to be commit 2433800834293a95669c3c48eb2462b76d1b3029)
2007-10-10r12019: - let us only reference libblkid stuff in one fileStefan Metzmacher3-54/+58
- and make it it bit simpler, by caching the GUID struct instead of the device name - and this also removes all compiler warnings... metze (This used to be commit f4f0d626e00116e85a91962bf8534c1fbb69334c)
2007-10-10r12016: fixed a valgrind errorAndrew Tridgell1-1/+1
(This used to be commit 482548031e69ba4bddac999ca9f2cb6ad8359953)
2007-10-10r12014: free the irpc_request structure with the irpc_call_recv functions,Stefan Metzmacher5-9/+8
to match all other _recv functions we have metze (This used to be commit bd4f85ab5f60c7430ac88062fa6a9f6cffa9596f)
2007-10-10r12013: fix compiler warningsStefan Metzmacher2-6/+6
metze (This used to be commit 4d35c2b8e671cc8fe44971cf2a577236afd1abbd)
2007-10-10r12012: fix renaming smbsrv_trees -> smbsrv_tconsStefan Metzmacher1-6/+6
metze (This used to be commit e5654f9791a2786e45108216344b2daea3ad9d91)
2007-10-10r12011: fixed another 'mixed code and declarations' bugAndrew Tridgell1-1/+2
(This used to be commit 1eca19d597ea21a073361fc6fc550919abf97574)
2007-10-10r12010: - added support for domain specific SID codes in SDDL stringsAndrew Tridgell3-22/+101
- added a bunch more tests to LOCAL-SDDL (all the ones from our schema) - fixed 'mixed coded declarations' bug (This used to be commit c30e7698e8e1d9991d35bf86c0d4041a1814ad92)
2007-10-10r12009: made the LOCAL-SDDL test less verbose by default, and add it to theAndrew Tridgell2-2/+4
standard tests for the build farm (This used to be commit 9d6d9b6e50dfe5513f332668b860e6a55af3a39c)
2007-10-10r12008: added a simple LOCAL-SDDL test suite. Only one example so far. Will beAndrew Tridgell4-21/+85
filled in with more examples as I expand the sddl parsing code. (This used to be commit 8f80e483a3aa07bb5a16eeccde5af5cd7fb5a975)
2007-10-10r12007: fixed a valgrind error in the SMB2-SETINFO testAndrew Tridgell1-0/+2
(This used to be commit 0c3223ab7db93a31121667c65956f30a5b0ec9f8)
2007-10-10r12006: don't require callers to fill in pad bytes in SMB2 callsAndrew Tridgell4-4/+4
(This used to be commit 6935765fda99a6efb19f6f72358d4d48fc35ad5e)
2007-10-10r12005: added a SDDL (Security Descriptor Description Language) parser. NotAndrew Tridgell2-0/+316
all flags are covered yet, and object aces aren't done yet. This is needed for ACL support in ldb, as the default security descriptor for each object class is given by the defaultSecurityDescriptor attribute in the schema, which is stored in SDDL format (This used to be commit dbdeecea01a8b362a9a525a3689cb03662a86776)
2007-10-10r12004: added some SEC_ADS_* security flags. Needed for a SDDL parser.Andrew Tridgell1-0/+11
(This used to be commit dc1b83cc13e0324139c6b756a6f135534be7be79)
2007-10-10r12001: Replace smbcli_full_connection call with composite connect usedRafal Szczesniak1-8/+25
in sync version. This step makes it easer to move further to async dcerpc connect routine. rafal (This used to be commit 87b016d55315190fa3f6083c75cb783ad45ddd0b)
2007-10-10r12000: Update to current lorikeet-heimdal, including in particular supportAndrew Bartlett12-26/+504
for referencing an existing in-MEMORY keytab (required for the new way we push that to GSSAPI). Andrew Bartlett (This used to be commit 2426581dfb9f5f0f9367f846c01dfd3c30fea954)
2007-10-10r11997: for multidimentional array like this:Stefan Metzmacher1-2/+3
uint32 [num_level2][num_level1][num_level0] fix the order they're pushed and pulled, it should be like this for (l2=0; l2 < num_level2; l2++) { for (l1=0; l1 < num_level1; l1++) { for (l0=0; l0 < num_level0; l0++) { ndr_pull_uint32(...); } } } metze (This used to be commit c10195f31383f51911edd8a32f8b5d5857d5bf2d)
2007-10-10r11996: don't overwrite the buffercodeStefan Metzmacher1-1/+1
metze (This used to be commit fee5b6f40784e75a469320a584423c5030b69400)
2007-10-10r11995: A big kerberos-related update.Andrew Bartlett27-295/+633
This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10r11994: This function no longer needs a special declaration.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 88a7b7805c11cb3a1be3222d3e4b0b3ad8aff2aa)
2007-10-10r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to ↵Andrew Bartlett1-98/+321
be updated. This allows a new password to be written in, and old entries removed (we keep kvno and kvno-1). Clean up the code a lot, and add comments on what it is doing... Andrew Bartlett (This used to be commit 0a911baabad60a43741269d29a96fdd74e54331a)
2007-10-10r11992: Potentially allow SPNEGO to be disabled (as occours on WinXPAndrew Bartlett1-13/+22
standalone), and use only NTLMSSP. (But doing so would break Samba3's client). Andrew Bartlett (This used to be commit e74ca624e74ed82788817e302a516208dc1421bd)
2007-10-10r11991: Null termainte the list of backends. (Makes it easier to walk the ↵Andrew Bartlett1-2/+2
list). Andrew Bartlett (This used to be commit fc4202dea88a72de061cb2e1caa7847fae37018f)
2007-10-10r11990: Set the password set time as 'now', so it isn't expired back in 2004.Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit b3929230b210bd6f0b12f90f48767aa861fd08fa)
2007-10-10r11989: Rather than grabbing the machine account details at this point, grabAndrew Bartlett1-10/+1
them 'later'. We will need to handle the errors when we call the get_* methods. Andrew Bartlett (This used to be commit c6e572f87022b57cdfd8178eb5c23df67a92c453)
2007-10-10r11988: Setup the sessionInfo just before the connect, rather than earlierAndrew Bartlett1-4/+6
when we havn't finished popt. Andrew Bartlett (This used to be commit e5c5eb97a0ab841442b2c3fb5ea67f0d21b42932)
2007-10-10r11987: Clarify the accountExpires behaviour in the KDC.Andrew Bartlett1-4/+5
Andrew Bartlett (This used to be commit 05334e98fb1658965a822517365a86bc3906378b)
2007-10-10r11984: LGPL on header and testsuite as wellAndrew Tridgell2-22/+30
(This used to be commit ed90975bf50644f00da681eb7cc41123abc60f81)
2007-10-10r11983: make talloc LGPL. This makes more sense given that ldb depends onAndrew Tridgell1-11/+15
talloc, and ldb is now LGPL (This used to be commit 5bdd50fa38b1be28cf7bcddc561c743437e70cae)
2007-10-10r11982: ensure the fde event gets freed before the socket itself, as otherwiseAndrew Tridgell2-5/+5
we get a error from epoll about disabling events for a file descriptor that is closed (This used to be commit f32739307464a1f0c835cff886b8c4b960778900)
2007-10-10r11981: we should allocate request specific memory in ldb modules off theAndrew Tridgell1-1/+1
request strucutre. It will take a while for this to happen everywhere. (This used to be commit b1d38153b8c1d2d5be2d41005eadb0e0aa46bd72)
2007-10-10r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and thatAndrew Tridgell7-27/+30
it only appeared to be like a SMBtrans request as it was being called with function 0x11c017 which is "named pipe read write" I wonder if this means we could do DCE/RPC over SMB using ntioctl calls as well? (This used to be commit f2b8857797328be64b0b85e875ae6d108e2aeaaa)
2007-10-10r11974: only look at $pl->{POINTER_TYPE} when $pl is definedStefan Metzmacher1-7/+6
metze (This used to be commit 271d0af16d50bc89a384b56db70d569914273f6c)
2007-10-10r11973: make it easier to find bugsStefan Metzmacher2-2/+7
metze (This used to be commit 247f90c28d845fd2224cb07ed30d3e8122ba5644)
2007-10-10r11972: handle [noejs] property also on functionsStefan Metzmacher1-1/+2
metze (This used to be commit e5fef8519b28f66ce8a401fc866c8b9bf08c584d)
2007-10-10r11971: add nbt specific continue wrapperStefan Metzmacher1-0/+11
metze (This used to be commit b8c5978df18b98db89069e02597d483f893e39ae)