Age | Commit message (Collapse) | Author | Files | Lines |
|
patch from Steven Edwards
(This used to be commit 82be4978116b73cd6d964da4fad59b5c5b11217e)
|
|
Andrew Bartlett
(This used to be commit dbd845998723987c75dc0e6a427330116dce0bf4)
|
|
- added support for guids in cldap netlogon searches.
the cldap server now passes the LDAP-CLDAP torture test
(This used to be commit eb7979d9def389942fa1c54693d2dfcb8828f544)
|
|
- send a username when scanning to make structure elements clearer
(This used to be commit 7d19eb9433b615fdf789cb07aeb331df92b05abd)
|
|
(This used to be commit 50cac2ce845b7408d83f18e13544b950b2a5a65b)
|
|
(This used to be commit 5ee46b44be45763bfaa11dc0b0c9f53b7ee30a51)
|
|
(This used to be commit 450ac2e4dea25910ee5384747bdb6ad7323e967d)
|
|
Andrew Bartlett
(This used to be commit f4b7484516b956baabb3eba3f233da29fc101100)
|
|
config.mk and config.m4 to be consistent with the rest of Samba.
(This used to be commit f377c71e4f0d60684326906dfb65e4581294ec34)
|
|
way of doing
this if you want detection of socket wrapper :-)
(This used to be commit f4bfc3a80e0986d48ea8f6ece5432732f5738f32)
|
|
- samba malloc wrapper avoidance not needed now we don't use includes.h
- make testsuite work when BOOL, True, False already defined
(This used to be commit c8a274c8735957a8a8dd21421abd65a8a1af20f7)
|
|
(This used to be commit 3541ebe31bef8ccae7a8a1ea4f451ddfbd24460a)
|
|
Andrew Bartlett
(This used to be commit 5749b63f171acb99c63bfe24312050b316644082)
|
|
(This used to be commit a02e07739781eb00b521d050ab06d6b0aedf47bc)
|
|
(This used to be commit c2ce09d38003fd43212de9cd08e4a781cc2aff88)
|
|
should allow us to ditch the local static storage for OIDs, as well as
fix the build on non-heimdal platforms.
Andrew Bartlett
(This used to be commit a7e2ecfac9aaacd673e3583b62139e4f4e114429)
|
|
- don't fail if we don't have xsltproc
(This used to be commit 235f5c510b4b68edf2a36d049bc0ff2afb73fd72)
|
|
Andrew Bartlett
(This used to be commit c8e8fa129ed0c80bcd289445935047c28d48da64)
|
|
Finally remove the distinction between 'krb5' and 'ms_krb5'. We now
don't do kerberos stuff twice on failure. The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process. All modules have been updated to supply a
NULL-terminated list of OIDs.
In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.
Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.
The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line. It will soon loose the
requirement for a on-disk keytab too.
The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.
Andrew Bartlett
(This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
|
|
this out by asking GENSEC, just like everybody else.
Andrew Bartlett
(This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
|
|
back to the 'not /dev/urandom' method of random number generation, I
don't want to be chasing down 'use of uninitialised value' though all
the crypto code.
Andrew Bartlett
(This used to be commit 31ff2cd8e11dee36c42f82dcfd85338d3ff704d3)
|
|
rafal
(This used to be commit 0f9a2aef6c87bd53c962b33bf78bf773d2319b97)
|
|
features merged back into gensec_gssapi.
(Removed because I've made some API changes, and it isn't worth
'fixing' the rudundent code to cope with changes)
Andrew Bartlett
(This used to be commit e8cf3d58ec956e41fc8d3e38363db3d5d838fe1d)
|
|
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
|
|
(This used to be commit f5956d150154cb4393dc323ae8ae1f936adee355)
|
|
soon-to-be-depricated 'realm'.
Add torture test for this behaviour.
Andrew Bartlet
(This used to be commit 6b9020661a13fd5ec6c5d1e21344d9f654978987)
|
|
back to the other options.
Andrew Bartlett
(This used to be commit 9153d7306124d5e4ffc0467728210e2e2235059f)
|
|
kerberos, and how Microsoft constructs their kerberos implementation.
Andrew Bartlett
(This used to be commit 5fa9be75d987af106fd798f6d5379b637a170b00)
|
|
(This used to be commit c1f1b5a9455c827f7baf382d919ab8a0eab49bb3)
|
|
(This used to be commit 9f1b15832d4a8bc9914751811fd10f6a35265b8d)
|
|
in DRSUAPI
-and some comments on what the attribute syntaxes matches what internal datatypes
metze
(This used to be commit 58c6887da48c2ebdec14529cb81e7589101f7aae)
|
|
correctly - it gets the realm from an initial no-attribute search
(This used to be commit 52d10c8d99521f9dd02891a30688472d96860aef)
|
|
(This used to be commit 2f80b2070f1fc99151f0a583271cd9047d53bab6)
|
|
(This used to be commit 45a0692be10a03032f9a4e26da3de08696c03464)
|
|
my best guess now is that w2k3 converts the & in the cldap query to an |
for the ldap search. at least it behaves roughly like that.
(This used to be commit 1d6ab9aaefee71e3d0f87c1afae8ccdbae1f0e04)
|
|
AAC, and User attributes in cldap netlogon queries
interestingly, while WinXP generated cldap filters with these set, the
w2k3 cldap server seems to completely ignore them, so I didn't need to
alter our cldap server at all to pass the test :-)
(This used to be commit 177c8becd2051c9d1f261358baf4b85ca89700d8)
|
|
cldap netlogon queries
(This used to be commit 7c1d0f449d3922a309fc86e5d9cb1e962a39805d)
|
|
ldap friendly filter strings
(This used to be commit 8890dd3ac331cffe83226a356c52df89c917c2b0)
|
|
(This used to be commit 6f4ad382d445c3cdb8e50727f09d79334076e02d)
|
|
- started adding support for the other cldap attributes that XP uses
(This used to be commit 1537558039b012a4124e6167ad7ebfd7486f05ff)
|
|
(This used to be commit 39c8acdaa5746bec9171a4624e24e4eea553bcb1)
|
|
attributes
example:
*: CASE_INSENSITIVE
by placing it in the @ATTRIBUTES object you make all the matching be case insensitive
to make an excepion to the general rule now you just need to create an entry like:
name: CASE_SENSITIVE
the key CASE_SENSITIVE currently does not exist but has the effect of making the code
ignore the wildcard default flag and being ldb case sensitive by default it let the
"name" attribute be case sensitive again
Tridge, can you look at this commit?
Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ?
Simo.
(This used to be commit 5f10707e8ac36db03f3aa3e1ee1c40a9d9da2016)
|
|
(This used to be commit 8d63cd33a223cccb21d808747e9c97da53629fbc)
|
|
query with this
in uppercase)
(This used to be commit f0c37555ff30c3e5ff4680d0b33bc105ebd3a0b1)
|
|
I can now join winxp -> samba4 DC using long name, and login. The nice
thing is there are no delays now, as the client likes the replies it gets
(This used to be commit 5aff7d36f3e535e305820ae42b023ae53cc0daf9)
|
|
support, and
filling in some of the returned parameters is quite rough, but it seems to work OK
(This used to be commit e564e3e596915414fad07c94f7ea8a0d9c3a1140)
|
|
(This used to be commit dc25be9d69a65680f7942ed29c2d791d6ce7248a)
|
|
- expose the ldap filter string parsing outside of ldap.c
(This used to be commit b644ff6fe164fbe359c47e4d34f5ad490ff61d5b)
|
|
(This used to be commit 992858e1b91c3ff05077afa8a7abe155198597d4)
|
|
giving valgrind errors
(This used to be commit 7af0c547e0c0da3bc78a1ee6c2ab29114d8625cc)
|