Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 040d798a88ad6e6d56179de2b9036e3d0c36afc8)
|
|
(This used to be commit 5c81986bff06efeacf95d3d64254d566181c30bb)
|
|
rafal
(This used to be commit 7aa40e3a3ff7a655c5ed8ee67c55af92193815f1)
|
|
metze
(This used to be commit 82fa27da0725b1d84688e26ca189b445c4a08f4e)
|
|
NBT-WINSREPLICATION
test
metze
(This used to be commit 224dab45ab8de9fd4288c473b141541614cde422)
|
|
up what address the client has used, as the socket is maybe bound to '0.0.0.0'
metze
(This used to be commit 81d322f91aa7097a51c13648211a0556b0424fa4)
|
|
and don't assume out_len is >= sizeof(*in_addr)
metze
(This used to be commit 61dbe9e5070085117b12b5b37cf0e7fe4342e2a3)
|
|
metze
(This used to be commit 47ce4286dec3df9eb22ac2efde18af807ecf9cfa)
|
|
- implement late release demands
we now pass the full NBT-WINSREPLICATION torture test
but only with non-socket_wrapper mode
metze
(This used to be commit bd78c97cfff7e2d3a053e4bb4d6459afad5fba5c)
|
|
metze
(This used to be commit 4be3b576f2926279686ecada52144b9df8165a03)
|
|
metze
(This used to be commit 3c442ccb594d1a781e42f2268a3582578ae82d76)
|
|
metze
(This used to be commit 7b20f8e66d55774877ec1441175fb707856c6609)
|
|
metze
(This used to be commit 8207969a5727e54877752be5168931f609591be1)
|
|
we respond with the replicas address to the challenge
- fix some skip checks
metze
(This used to be commit a37aaa93cb25c559b27f4c1a7c48285d4223b9aa)
|
|
metze
(This used to be commit c60bac5baa572a597ce6e1c2e3639be4c7daeefc)
|
|
NT_STATUS_CONNECTION_REFUSED when a KDC is not listening)
(This used to be commit 0f85fc204c6018f8403c2e8f75f683aed38ba83b)
|
|
error out immediatelly. This prevents a long timeout
(This used to be commit f6c0fccc06060582ef870a0ac590dabeec2f2e6a)
|
|
only try permitted mechanims.
Andrew Bartlett
(This used to be commit 0f50239dc40ee128e4985f8aec5bb5f440a4f3f0)
|
|
attach a restriction on available GENSEC mechanisms.
Andrew Bartlett
(This used to be commit 8154f2421f828be65ee89f21ed7ac0f5e2132ca9)
|
|
GENSEC mechansims. This will allow a machine join to an NT4 domain to
avoid even trying kerberos, or a sensitive operation to require it.
Andrew Bartlett
(This used to be commit 11c7a89e523f85afd728d5e5f03bb084dc620244)
|
|
share the MEMORY: keytab).
Andrew Bartlett
(This used to be commit 6c43de27086d3c463891598eb55a44877194cb0d)
|
|
Andrew Bartlett
(This used to be commit 55cb72f5cfe9a2c520c30e11ab34896588e91730)
|
|
(This used to be commit 020de11a61a1aa2c77c0a308186c85960c10fe32)
|
|
function for enctype to string.
Andrew Bartlett
(This used to be commit ae6c968cb27f451e5f8cea62be7f33b4b4716f82)
|
|
is equivilant to free().
This is the issue tridge was seeing in the MEMORY: keytab code.
Andrew Bartlett
(This used to be commit d5a2de8ef06a08274d25ab005f2a68ec32e226f0)
|
|
Andrew Bartlett
(This used to be commit 0c4ea6f6413e260a15c0afe331a066ea7051fd9f)
|
|
Andrew Bartlett
(This used to be commit b60531b109cf9539a9d58d46436f397346352cee)
|
|
metze
(This used to be commit 144bde91b3ccbf40494b3f235a2f2699e32f9ad8)
|
|
release demand
conflict cases
metze
(This used to be commit 9e84c85b3de178e0dd093ed9344d30d4c9ea6730)
|
|
used for replication conflicts
metze
(This used to be commit d7d14cb2bd9823d7e7d81266ca4014ea5263c714)
|
|
metze
(This used to be commit 8fb07b1ea8fdf353da832212289aceef20495bda)
|
|
metze
(This used to be commit 2433800834293a95669c3c48eb2462b76d1b3029)
|
|
- and make it it bit simpler, by caching the GUID struct instead of the device name
- and this also removes all compiler warnings...
metze
(This used to be commit f4f0d626e00116e85a91962bf8534c1fbb69334c)
|
|
(This used to be commit 482548031e69ba4bddac999ca9f2cb6ad8359953)
|
|
to match all other _recv functions we have
metze
(This used to be commit bd4f85ab5f60c7430ac88062fa6a9f6cffa9596f)
|
|
metze
(This used to be commit 4d35c2b8e671cc8fe44971cf2a577236afd1abbd)
|
|
metze
(This used to be commit e5654f9791a2786e45108216344b2daea3ad9d91)
|
|
(This used to be commit 1eca19d597ea21a073361fc6fc550919abf97574)
|
|
- added a bunch more tests to LOCAL-SDDL (all the ones from our schema)
- fixed 'mixed coded declarations' bug
(This used to be commit c30e7698e8e1d9991d35bf86c0d4041a1814ad92)
|
|
standard tests for the build farm
(This used to be commit 9d6d9b6e50dfe5513f332668b860e6a55af3a39c)
|
|
filled in with more examples as I expand the sddl parsing code.
(This used to be commit 8f80e483a3aa07bb5a16eeccde5af5cd7fb5a975)
|
|
(This used to be commit 0c3223ab7db93a31121667c65956f30a5b0ec9f8)
|
|
(This used to be commit 6935765fda99a6efb19f6f72358d4d48fc35ad5e)
|
|
all flags are covered yet, and object aces aren't done yet.
This is needed for ACL support in ldb, as the default security
descriptor for each object class is given by the
defaultSecurityDescriptor attribute in the schema, which is stored in
SDDL format
(This used to be commit dbdeecea01a8b362a9a525a3689cb03662a86776)
|
|
(This used to be commit dc1b83cc13e0324139c6b756a6f135534be7be79)
|
|
in sync version. This step makes it easer to move further to async
dcerpc connect routine.
rafal
(This used to be commit 87b016d55315190fa3f6083c75cb783ad45ddd0b)
|
|
for referencing an existing in-MEMORY keytab (required for the new way
we push that to GSSAPI).
Andrew Bartlett
(This used to be commit 2426581dfb9f5f0f9367f846c01dfd3c30fea954)
|
|
uint32 [num_level2][num_level1][num_level0]
fix the order they're pushed and pulled, it should be like this
for (l2=0; l2 < num_level2; l2++) {
for (l1=0; l1 < num_level1; l1++) {
for (l0=0; l0 < num_level0; l0++) {
ndr_pull_uint32(...);
}
}
}
metze
(This used to be commit c10195f31383f51911edd8a32f8b5d5857d5bf2d)
|
|
metze
(This used to be commit fee5b6f40784e75a469320a584423c5030b69400)
|
|
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
|