Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-08-27 | s3-netlogon: use shared credential and schannel storage infrastructure for ↵ | Günther Deschner | 3 | -196/+146 | |
netlogon server. Guenther | |||||
2009-08-27 | s3-netlogon: add netr_creds_server_step_check() convenience wrapper. | Günther Deschner | 1 | -0/+34 | |
Guenther | |||||
2009-08-27 | s3-schannel: add simple wrappers to fetch and store schannel auth info. | Günther Deschner | 4 | -1/+79 | |
Guenther | |||||
2009-08-27 | s3-schannel: make open_schannel_session_store() public. | Günther Deschner | 2 | -1/+2 | |
Guenther | |||||
2009-08-27 | libcli/auth: add tdb backend for schannel state. | Günther Deschner | 4 | -1/+242 | |
Guenther | |||||
2009-08-27 | libcli/auth: move netlogon_creds_CredentialState out of libcli. | Günther Deschner | 2 | -13/+1 | |
Guenther | |||||
2009-08-27 | schannel: add netlogon_creds_CredentialState to IDL. | Günther Deschner | 4 | -0/+142 | |
Guenther | |||||
2009-08-27 | s4-schannel: add ldb suffix to schannel functions. | Günther Deschner | 4 | -43/+43 | |
Guenther | |||||
2009-08-27 | libcli/auth: rename schannel_state.c to schannel_state_ldb.c. | Günther Deschner | 2 | -14/+14 | |
Guenther | |||||
2009-08-27 | s3-build: add SCHANNEL_OBJ to Makefile.in. | Günther Deschner | 1 | -2/+5 | |
Guenther | |||||
2009-08-27 | s3:winbind: Convert WINBINDD_GETUSERSIDS to the new API | Volker Lendecke | 6 | -255/+130 | |
2009-08-27 | s3:winbind: Fix a typo | Volker Lendecke | 1 | -1/+1 | |
2009-08-27 | s3:winbind: Remove the manual caching for the async wb_ functions | Volker Lendecke | 6 | -80/+15 | |
The generic NDR-based cache in winbindd_dual_ndr.c replaces this. | |||||
2009-08-27 | s3:winbind: Some calls are not cacheable | Volker Lendecke | 1 | -0/+19 | |
2009-08-27 | s3:winbind: Factor out wcache_store_seqnum() | Volker Lendecke | 2 | -19/+34 | |
2009-08-27 | s3:winbind: Add a generic cache for NDR based parent-child requests | Volker Lendecke | 7 | -21/+157 | |
2009-08-27 | s3:winbind: Factor out wcache_fetch_seqnum | Volker Lendecke | 1 | -14/+39 | |
2009-08-27 | s4-smbtorture: do not hard code BDC secure channel type into RPC-NETLOGON tests. | Günther Deschner | 1 | -9/+12 | |
Guenther | |||||
2009-08-27 | s4-smbtorture: add test_SetPassword_flags to RPC-NETLOGON-S3 testsuite. | Günther Deschner | 1 | -0/+101 | |
Guenther | |||||
2009-08-27 | s4:python Add helper to get at the domain SID | Andrew Bartlett | 2 | -0/+33 | |
2009-08-26 | s3/smbd: open the share_info.tdb on startup instead of tconx | Steven Danneman | 3 | -1/+11 | |
This is a small performance optimization. Instead of opening the tdb on every smb connection in the forked child process, we now open it in the parent and share the fd. This also reduces the total fd usage in the system. | |||||
2009-08-26 | s3/debug: make SPENGO OID list appear under one debug header | Steven Danneman | 1 | -1/+4 | |
2009-08-26 | s3/winbindd: Remove unnecessary check for NULL SID | Steven Danneman | 2 | -8/+7 | |
There's a known bug in some Windows implementations of DsEnumerateDomainTrusts() where domain SIDs are not returned for transitively trusted domains within the same forest. Jerry originally worked around this in the winbindd parent by checking for S-0-0 and converting it to S-1-0 in 8b0fce0b. Guenter later moved these checks into the child process in commit 3bdfcbac making the initial patch unecessary. I've removed it and added a clarifying comment to the child process. If ever this SID is needed we could add an extra DsEnumerateDomainTrusts() call in trusted_domains() as suggested by the Microsoft KB. | |||||
2009-08-26 | s3-selftest: enable running RPC-NETLOGON-S3 against samba3. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-08-26 | s4-smbtorture: add RPC-NETLOGON-S3 to test samba3 netlogon server. | Günther Deschner | 2 | -0/+19 | |
Guenther | |||||
2009-08-26 | s3 onefs: Canonicalize the ACL in the correct order | tprouty | 1 | -4/+8 | |
2009-08-26 | s3: Allow full_audit to play nice with smbd if it's using syslog | tprouty | 2 | -1/+17 | |
Explictly pass the facility from both smbd and full_audit to syslog. Really the only major change is to not call openlog() in full_audit if WITH_SYSLOG is defined, which implies that smbd is already using syslog. This allows full audit to piggy-back on the same ident as smbd, while still differentiating the logging via the facility. | |||||
2009-08-26 | s3 audit: Change create_file in full_audit to print whether a directory or ↵ | tprouty | 1 | -2/+28 | |
file was requested full_audit will now print out whether the createfile was requested for a file or directory. The create disposition is also printed out. | |||||
2009-08-26 | s3:winbind: Fix Coverity ID 942: Resource Leak | Volker Lendecke | 1 | -0/+2 | |
2009-08-26 | s4:heimdal_build: lib/hcrypto/evp-aes-cts.o belongs to HEIMDAL_HCRYPTO | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2009-08-26 | s3-netlogon: let get_md4pw() return a struct dom_sid. | Günther Deschner | 1 | -7/+5 | |
Guenther | |||||
2009-08-26 | schannel: add generated files. | Günther Deschner | 3 | -0/+339 | |
Guenther | |||||
2009-08-26 | schannel: move schannel.idl to main directory. | Günther Deschner | 2 | -1/+1 | |
Guenther | |||||
2009-08-26 | netlogon: make netr_NegotiateFlags a public bitmap. | Günther Deschner | 3 | -3/+5 | |
Guenther | |||||
2009-08-26 | Add a parameter to disable the automatic creation of krb5.conf files | Volker Lendecke | 4 | -1/+43 | |
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-) | |||||
2009-08-26 | cifs.upcall: make using ip address conditional on new option | Jeff Layton | 2 | -27/+50 | |
Igor Mammedov pointed out that reverse resolving an IP address to get the hostname portion of a principal could open a possible attack vector. If an attacker were to gain control of DNS, then he could redirect the mount to a server of his choosing, and fix the reverse resolution to point to a hostname of his choosing (one where he has the key for the corresponding cifs/ or host/ principal). That said, we often trust DNS for other reasons and it can be useful to do so. Make the code that allows trusting DNS to be enabled by adding --trust-dns to the cifs.upcall invocation. Signed-off-by: Jeff Layton <jlayton@redhat.com> | |||||
2009-08-26 | cifs.upcall: switch to getopt_long | Jeff Layton | 1 | -1/+7 | |
...to allow long option names. Signed-off-by: Jeff Layton <jlayton@redhat.com> | |||||
2009-08-26 | s4:provision Ensure that @OPTIONS is mirrored into each partition | Andrew Bartlett | 3 | -3/+7 | |
The previous patches to the provision system cut down on the number of reconnects, and disabled the partition handling for part of the process. This means we lost the setting of @OPTIONS as a replicated attribute into the partitions. Andrew Bartlett | |||||
2009-08-26 | s4:ldb Add ldb_ldif_write_string() and python wrappers | Andrew Bartlett | 4 | -1/+95 | |
This allows us to turn a python LdbMessage back into a string. Andrew Bartlett | |||||
2009-08-26 | s4:ldb Add hooks to get/set the flags on a ldb_message_element | Andrew Bartlett | 2 | -5/+65 | |
Also add tests to prove that we got this correct, and correct the existing tests which used the wrong constants. Andrew Bartlett | |||||
2009-08-26 | s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use talloc | Andrew Bartlett | 1 | -14/+20 | |
This changes dsdb_write_prefixes_from_schema_to_ldb() to use an internal talloc hirarchy, so we can safely give it a NULL context from the python. It also fixes manual construction of the ldb_message - we now use the right helper functions. Andrew Bartlett | |||||
2009-08-26 | s4:provison Add prefixes to ldb using same code a later modify will use | Andrew Bartlett | 4 | -8/+38 | |
This allows us to test out the code that will do the modify of the prefixMap, and to provide the bindings that may assist a future upgrade script. Andrew Bartlett | |||||
2009-08-26 | s4:provision Only create references to our server DN after the self join | Andrew Bartlett | 6 | -9/+39 | |
This will ensure that the GUID can be filled in correctly, and assist us to validate DN targets in the future. Andrew Bartlett | |||||
2009-08-26 | s4:scheam quiet a 'const' warning | Andrew Bartlett | 1 | -1/+1 | |
2009-08-26 | s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schema | Andrew Bartlett | 1 | -14/+13 | |
The aim is to create a function that is more easily wrapped for python, so that we can write the updated prefixMap in an upgrade script. Andrew Bartlett | |||||
2009-08-26 | s4:dsdb Use helper function to add 'show deleted' control | Andrew Bartlett | 1 | -20/+10 | |
This revises tridge's commit 61ca4c491e1c13eb7d97847f743b0f540f1117c4 to use ldb_request_add_control() instead of a manual construction. Andrew Bartlett | |||||
2009-08-26 | s3-netlogon: fix default case when _netr_LogonSamLogon is called from other ↵ | Günther Deschner | 1 | -1/+3 | |
opcodes. Guenther | |||||
2009-08-26 | Revert "s3: Fix uninitialized const char *" | Günther Deschner | 1 | -1/+0 | |
Tim, I am reverting this as this eliminates "_netr_LogonSamLogonEx" from the debug messages completely. Followup fix to come immediately. This reverts commit add9b4afb14d3426d1f3bf5b8e7c86926f462578. | |||||
2009-08-26 | s3-netlogon: get rid of init_net_r_req_chal(). | Günther Deschner | 1 | -13/+1 | |
Guenther | |||||
2009-08-26 | s3-netlogon: let get_md4pw() return a struct samr_Password. | Günther Deschner | 2 | -8/+7 | |
(in preparation of credential merge). Guenther |