summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11239: Use ${REALM} for the realm in rootdse.ldifAndrew Bartlett8-100/+740
Add the kpasswd server to our KDC, implementing the 'original' and Microsoft versions of the protocol. This works with the Heimdal kpasswd client, but not with MIT, I think due to ordering issues. It may not be worth the pain to have this code go via GENSEC, as it is very, very tied to krb5. This gets us one step closer to joins from Apple, Samba3 and other similar implementations. Andrew Bartlett (This used to be commit ab5dbbe10a162286aa6694c7e08de43b48e34cdb)
2007-10-10r11226: Cope with Samba3's behaviour on LDAP with GSS-SPNEGO.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit 4d9667f5a037eb15f6f0e4329314a37f148e9db7)
2007-10-10r11225: Remove pointless goto.Andrew Bartlett1-2/+0
Andrew Bartlett (This used to be commit 30f4ece4d2e55d2d50061f74a491d3f77551a6ae)
2007-10-10r11223: Only pass around the ldb handle (make this code easier to seperateAndrew Bartlett1-21/+21
into a general lib). Andrew Bartlett (This used to be commit e3abbfca4ae3c06f34774edab5ed38ebd5ebc097)
2007-10-10r11222: Small provision fixes: canonicalName is now generated, and the DC=Andrew Bartlett2-2/+1
list should be from the dnsdomain (ie lowercae). Andrew Bartlett (This used to be commit 10d692a1c216134b301b5851ce1e71ed93cc6164)
2007-10-10r11221: I don't quite know how I tested this before, but clearly I didn't.Andrew Bartlett1-3/+4
The samdb_set_password_sid helper function now works. Andrew Bartlett (This used to be commit 629595f27c3f721c4b317df871814ac5ba06be9c)
2007-10-10r11220: Add the ability to handle the salt prinicpal as part of theAndrew Bartlett5-29/+51
credentials. This works with the setup/secrets.ldif change from the previous patch, and pretty much just re-invents the keytab. Needed for kpasswdd work. Andrew Bartlett (This used to be commit cc9d167bab280eaeb793a5e7dfdf1f31be47fbf5)
2007-10-10r11219: Now that we have the credentials hooked in here, we have a much moreAndrew Bartlett1-1/+10
reasonable value to fill in for the mechListMIC. Andrew Bartlett (This used to be commit 51d78de2b79f4ab75c86c3255c23a478c6822a0e)
2007-10-10r11218: Always return the mutual authentication reply (needed for kpasswd),Andrew Bartlett2-45/+13
and remove now duplicated unwrap_pac(). Andrew Bartlett (This used to be commit 90642d54e02e09edc96b9498e66befda20dbb68d)
2007-10-10r11217: Ensure the realm is substituted in UPPER case.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 0c29f0e30d64be09baad792eb2850aa0b8fa9981)
2007-10-10r11216: Upgrade to gd's PAC extraction code from Samba3. While I still wantAndrew Bartlett4-47/+140
to make some this the kerberos library's problem, we may as well use the best code that is around. Andrew Bartlett (This used to be commit a7fe3078a65f958499779f381731b408f3e6fb1f)
2007-10-10r11215: Remove no-op prompter intended to work around bugs in old kerberos libs.Andrew Bartlett1-27/+1
I'm also worried this might cause loops, if we get a 'force password change', and the prompter tries to 'deal with it'. Andrew Bartlett (This used to be commit 5bc10c4e472b45c5b5b0ea0c3dd100be6f4dabca)
2007-10-10r11214: Remove scons files (see ↵Jelmer Vernooij53-1243/+0
http://lists.samba.org/archive/samba-technical/2005-October/043443.html) (This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
2007-10-10r11212: Enable sealing of data with raw krb5, consolidate some code into theAndrew Bartlett1-61/+63
main gensec_krb5_start and always ask for sequence numbers. Andrew Bartlett (This used to be commit 801cd6c6ffa96ac79eb425adf7c97eb2cfcbed4a)
2007-10-10r11211: Append an error message to COL_INFO if the RPC call returned an error.Tim Potter1-2/+8
(This used to be commit b70dd7a757e7341d90c89dffa7e1c4eab790020a)
2007-10-10r11210: Log registry open function name when starting hive tests.Tim Potter1-6/+12
(This used to be commit 3416a6d78f205f9d3fd73161cbed6dcd9c2bfdf8)
2007-10-10r11209: We can't read the priorSecret unless we ask for it.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit ee9a93688d31d8da91b81e9b0f6fac3fa4894c13)
2007-10-10r11208: Add DNS entries for finding the kpasswd server to the default zone.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 7e01ff11fdcd70b54e30b438076bf1293638c61e)
2007-10-10r11207: Correct principal search defineAndrew Bartlett1-1/+1
(This used to be commit 90cf4f8e1a1051a58635e126d56118701875bc5d)
2007-10-10r11206: It appears to me that any account may operate as a server.Andrew Bartlett1-1/+5
Andrew Bartlett (This used to be commit 3b6c9c7cbc1d5c4dd32d3c1db18ddbccbb8cf17a)
2007-10-10r11205: Another test for cracknames.Andrew Bartlett1-1/+10
Andrew Bartlett (This used to be commit 3810282a24b8aea36627f43321e76f34057e3135)
2007-10-10r11204: Allow us to read credentials from secrets.ldb without aAndrew Bartlett1-6/+2
secureChannelType (non machine join records). Andrew Bartlett (This used to be commit 3dddf497ccf246af435e6e2802d8f3745f2e4fd3)
2007-10-10r11203: Use different variable names to make it easier to tell which assert ↵Andrew Bartlett1-4/+4
fired. Andrew Bartlett (This used to be commit df6a40c2d261804f1cd4feb24572135a4c62a802)
2007-10-10r11202: Add more structs to structs.hAndrew Bartlett1-0/+3
(This used to be commit b0f11d85214fe83a8ce738cfa597f5cf9f5d3897)
2007-10-10r11201: New filters for searching in secrets.ldbAndrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit b48c6df60c15ee6134a49d163bed90ea8b85550b)
2007-10-10r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5Andrew Bartlett17-286/+389
authentication. This pulls the creating of the keytab back to the credentials code, and removes the special case of 'use keberos keytab = yes' for now. This allows (and requires) the callers to specify the credentials for the server credentails to GENSEC. This allows kpasswdd (soon to be added) to use a different set of kerberos credentials. The 'use kerberos keytab' code will be moved into the credentials layer, as the layers below now expect a keytab. We also now allow for the old secret to be stored into the credentials, allowing service password changes. Andrew Bartlett (This used to be commit 205f77c579ac8680c85f713a76de5767189c627b)
2007-10-10r11199: Push an objectSid into the schannel state database, to match the new ↵Andrew Bartlett1-10/+2
header. Andrew Bartlett (This used to be commit a665b56085cbf89c6deaeef0deaed31fcbc07458)
2007-10-10r11198: The recent changes to netlogon changed this from a RID to a SID.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 24dbf3435277a51dd49c5e2189fc6655260eddf4)
2007-10-10r11197: indentAndrew Bartlett1-2/+2
(This used to be commit a432ba105cbf2ea7b9010365c0a7d1dcc9ff5f7f)
2007-10-10r11196: Clean up memory leaks (pointed out by vl), and handle the case whereAndrew Bartlett1-11/+47
the client doesn't guess correctly on the mech to use. It must back off and try the mech the server selected from the list. I'm not particularly attached to our SPNEGO parser, so while I can't easily use the SPNEGO application logic in Heimdal, I'm going to look closely at using the asn1 routines to avoid some pain here. Andrew Bartlett (This used to be commit 929217387449270b60c3f825dca3b3cae5a4f9d1)
2007-10-10r11195: Add a new helper function (needed by my kpasswdd work, but hooked inAndrew Bartlett2-242/+136
for netlogon as well) to change/set a user's password, given only their SID. This avoids the callers doing the lookups, and also performs the actual 'set', as these callers do not wish any further buisness with the entry. Andrew Bartlett (This used to be commit 060a2a7bcca6b58d50bc4e0930c13616742a55d3)
2007-10-10r11194: Use the special ldb attribute "canonicalName" (therefore testing thatAndrew Bartlett1-11/+20
codepath) in DRSUAPI CrackNames. Fix the NT4 account return value. Andrew Bartlett (This used to be commit 2513c02c64b489ebf167e33fdb4ac51ce8783c04)
2007-10-10r11193: Implement wbinfo -mVolker Lendecke6-8/+173
(This used to be commit 12a800bc8541c4160a534d1edcaeb6774776e18d)
2007-10-10r11192: Too many contexts around... :-)Volker Lendecke1-1/+1
(This used to be commit 134e104c3ff39e5f3ebdaf9168df78a156490ed7)
2007-10-10r11189: add some more special group vs. special group tests,Stefan Metzmacher2-2/+15
to make sure that replicas from the same owner are blinding overwritten in all cases metze (This used to be commit 466baf737aedf240ff372ab8e8c708299102d1fa)
2007-10-10r11188: - add multi homed vs. multi homed sectionStefan Metzmacher2-6/+183
metze (This used to be commit 838323e58fe4e748a17100c4cd13788059dd12c6)
2007-10-10r11187: in case the msDS-KeyVersionNumber is replicated (I didn't assume ↵Stefan Metzmacher2-0/+4
this...) show the string in the debug output, and show it with --option="dssync:print_pwd_blobs=yes" metze (This used to be commit 98c1e8e3df90c05691a12bb25357fd75da419c5c)
2007-10-10r11186: - get rid of some .extra = True casesStefan Metzmacher2-8/+190
- add multihomed vs unique section - update conflict handling for the above case metze (This used to be commit c043e56efd3d72cdd5b17c78512e12285c87f221)
2007-10-10r11185: - resolve attid for "supplementalCredentials" into a nameStefan Metzmacher2-18/+22
- print "supplementalCredentials" also when --option="dssync:print_pwd_blobs=yes" is used abartlet: this field may contain the krb5 keys... metze (This used to be commit 26c69348ca3ae10128df9832f8b4d9c1024631e2)
2007-10-10r11184: Remove test that checks whether ftruncate() needs root, because I can'tJelmer Vernooij1-7/+0
find the file it tries to use (build/tests/ftruncroot.c) and the value it defines is not used anywhere. (This used to be commit 97bbf4a46035becaee50d242364146e3529cf631)
2007-10-10r11182: Explicitly add "." to perl include path so that perl doesn't use theJelmer Vernooij1-1/+1
Config module instead of the configure-generated config.pm on case-insensitive filesystems (MacOSX, OpenVMS) (This used to be commit 47b8095a0a0e7f352860999df3b131cab3e8a2b9)
2007-10-10r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large ↵Volker Lendecke19-240/+1422
because --user-sids required the extension to trusted domains. Implement "winbind sealed pipes" parameter for debugging purposes. Volker (This used to be commit 3821a17bdb68b2f1389b5a150502c057d28569d2)
2007-10-10r11179: revert to the old code, till jelmer find a solution how toStefan Metzmacher1-1/+1
handle a UTF16 string in a uint8 array metze (This used to be commit d13315f3b135228febcbe9b99d3550363c21da81)
2007-10-10r11178: add some logic functions for the replica_vs_replica conflict handlingStefan Metzmacher1-0/+259
to our winsrepl server, but it handles only the simple cases (without merging) and we still didn't apply records to our wins.ldb, we just print out what we would do metze (This used to be commit e4edeeaa0a808c6bcdf022eec1257e796c1c0700)
2007-10-10r11177: move unique vs * and normal group vs * into this formStefan Metzmacher1-338/+113
ACTIVE vs ACTIVE ACTIVE vs TOMBSTONE RELEASED vs ACTIVE RELEASED vs TOMBSTONE TOMBSTONE vs ACTIVE TOMBSTONE vs TOMBSTONE as it seems that is all we need to test, and w2k3 only decides between ACTIVE and NON-ACTIVE (REALEASED or TOMBSTONE) when it gets new replica objects also I have removed all the extra test, we only test the worst cases now, and this will make the algorithms more clear when you look at the output of the NBT-WINSREPLICATION torture test metze (This used to be commit 7545e4e7160864f5feedd35cf90507e47d7cf469)
2007-10-10r11176: - add multi homed vs. special group sectionStefan Metzmacher1-1/+179
metze (This used to be commit 62ddca0e1f3d7484b32df7f5a56eca4761289c00)
2007-10-10r11175: - add multi homed vs. normal group sectionStefan Metzmacher1-1/+178
metze (This used to be commit 891416b79eeec3d6c9391181f86b104b887774a2)
2007-10-10r11174: - add special group vs. multi homed sectionStefan Metzmacher1-1/+179
- disable special group vs. special group, I need to look closer at this, as I'm getting strange timeouts randomly, so the server might be doing some challegnes while doing the merging of special group records, witch reaches timeouts metze (This used to be commit 7479760cbf5fe818c31b7795dc43b413800a63bd)
2007-10-10r11173: print out the correct messagesStefan Metzmacher1-2/+20
metze (This used to be commit d8e7e914bf29f7ae0b7cc1f47ea9f8cca210d8df)
2007-10-10r11172: - start with special group vs. special group testingStefan Metzmacher1-4/+143
metze (This used to be commit ba2c100be6eb1d352df762d213fc197f11f69da5)