summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11995: A big kerberos-related update.Andrew Bartlett27-295/+633
This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10r11994: This function no longer needs a special declaration.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 88a7b7805c11cb3a1be3222d3e4b0b3ad8aff2aa)
2007-10-10r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to ↵Andrew Bartlett1-98/+321
be updated. This allows a new password to be written in, and old entries removed (we keep kvno and kvno-1). Clean up the code a lot, and add comments on what it is doing... Andrew Bartlett (This used to be commit 0a911baabad60a43741269d29a96fdd74e54331a)
2007-10-10r11992: Potentially allow SPNEGO to be disabled (as occours on WinXPAndrew Bartlett1-13/+22
standalone), and use only NTLMSSP. (But doing so would break Samba3's client). Andrew Bartlett (This used to be commit e74ca624e74ed82788817e302a516208dc1421bd)
2007-10-10r11991: Null termainte the list of backends. (Makes it easier to walk the ↵Andrew Bartlett1-2/+2
list). Andrew Bartlett (This used to be commit fc4202dea88a72de061cb2e1caa7847fae37018f)
2007-10-10r11990: Set the password set time as 'now', so it isn't expired back in 2004.Andrew Bartlett1-2/+1
Andrew Bartlett (This used to be commit b3929230b210bd6f0b12f90f48767aa861fd08fa)
2007-10-10r11989: Rather than grabbing the machine account details at this point, grabAndrew Bartlett1-10/+1
them 'later'. We will need to handle the errors when we call the get_* methods. Andrew Bartlett (This used to be commit c6e572f87022b57cdfd8178eb5c23df67a92c453)
2007-10-10r11988: Setup the sessionInfo just before the connect, rather than earlierAndrew Bartlett1-4/+6
when we havn't finished popt. Andrew Bartlett (This used to be commit e5c5eb97a0ab841442b2c3fb5ea67f0d21b42932)
2007-10-10r11987: Clarify the accountExpires behaviour in the KDC.Andrew Bartlett1-4/+5
Andrew Bartlett (This used to be commit 05334e98fb1658965a822517365a86bc3906378b)
2007-10-10r11984: LGPL on header and testsuite as wellAndrew Tridgell2-22/+30
(This used to be commit ed90975bf50644f00da681eb7cc41123abc60f81)
2007-10-10r11983: make talloc LGPL. This makes more sense given that ldb depends onAndrew Tridgell1-11/+15
talloc, and ldb is now LGPL (This used to be commit 5bdd50fa38b1be28cf7bcddc561c743437e70cae)
2007-10-10r11982: ensure the fde event gets freed before the socket itself, as otherwiseAndrew Tridgell2-5/+5
we get a error from epoll about disabling events for a file descriptor that is closed (This used to be commit f32739307464a1f0c835cff886b8c4b960778900)
2007-10-10r11981: we should allocate request specific memory in ldb modules off theAndrew Tridgell1-1/+1
request strucutre. It will take a while for this to happen everywhere. (This used to be commit b1d38153b8c1d2d5be2d41005eadb0e0aa46bd72)
2007-10-10r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and thatAndrew Tridgell7-27/+30
it only appeared to be like a SMBtrans request as it was being called with function 0x11c017 which is "named pipe read write" I wonder if this means we could do DCE/RPC over SMB using ntioctl calls as well? (This used to be commit f2b8857797328be64b0b85e875ae6d108e2aeaaa)
2007-10-10r11974: only look at $pl->{POINTER_TYPE} when $pl is definedStefan Metzmacher1-7/+6
metze (This used to be commit 271d0af16d50bc89a384b56db70d569914273f6c)
2007-10-10r11973: make it easier to find bugsStefan Metzmacher2-2/+7
metze (This used to be commit 247f90c28d845fd2224cb07ed30d3e8122ba5644)
2007-10-10r11972: handle [noejs] property also on functionsStefan Metzmacher1-1/+2
metze (This used to be commit e5fef8519b28f66ce8a401fc866c8b9bf08c584d)
2007-10-10r11971: add nbt specific continue wrapperStefan Metzmacher1-0/+11
metze (This used to be commit b8c5978df18b98db89069e02597d483f893e39ae)
2007-10-10r11970: fixed a valgrind error. The auth info from the alter_context reply wasAndrew Tridgell1-1/+1
being freed before being given to gensec_update() (This used to be commit cf2cb4279e2b31989eee2fec848982b10fcc2136)
2007-10-10r11969: got rid of the very annoying 'failed to open /secrets.tdb'Andrew Tridgell1-1/+5
messages. As discussed with Andrew, this will soon be replaced with a system that marks the credentials to use the machine accout from the database rather than pre-loading the machine account details here. The reason we got the annoying messages is this was being called before smb.conf is loaded, so the code doesn't yet know the location of the private directory (This used to be commit 6aeb4bf3fe224a6f81962237bdda329ba828b493)
2007-10-10r11968: More warning fixes. We're on track to getting to double digits forTim Potter7-14/+14
the number of warnings generated now. (This used to be commit d479f2d7607adc698d71c5ba26932c72a26dcaab)
2007-10-10r11967: Fix more 64-bit warnings.Tim Potter18-57/+65
(This used to be commit 9c4436a124f874ae240feaf590141d48c33a635f)
2007-10-10r11965: Try to fix some 64-bit warnings.Tim Potter1-1/+1
(This used to be commit e98c28941a6002042e0e429f99f14e7dd4920aa6)
2007-10-10r11959: Use DOS_errors array for displaying WERROR valuesJelmer Vernooij1-1/+1
(This used to be commit 0830ed0d60cdbd00e6f42dae2c7e295363bca17d)
2007-10-10r11958: - fixed memory leaks in the ldb_result handling in ldb operationsAndrew Tridgell9-100/+108
- removed an unnecessary level of pointer in ldb_search structure (This used to be commit b8d4afb14a18dfd8bac79882a035e74d3ed312bd)
2007-10-10r11957: fixed up code meant for debuggingAndrew Tridgell1-3/+3
(This used to be commit 8ca85842579a8a1d8f60259812d04eb7ee27d7aa)
2007-10-10r11956: removed the old rootdse.ldif, and the provision.js code that uses itAndrew Tridgell2-35/+0
(This used to be commit 4b56c129c6f1654f9dbe37bc950a836f15c48b3d)
2007-10-10r11955: got rid of the old rootDSE code in the ldap server.Andrew Tridgell5-394/+0
The partitioning logic is still there, but we only have one partition. If we need partitioning in the future it might be better to remove this partitioning code and use a partitioning module instead (This used to be commit f4685e7dc9bdc3b9e240c9f5891b9da9251f82e5)
2007-10-10r11954: add the static rootdse content to the sam ldb,and enable the rootdseAndrew Tridgell1-1/+21
module in @MODULES (This used to be commit cfab88fcc2c740a6d3fd456a009fbb60061b3a53)
2007-10-10r11953: enabled the rootdse module in the ldb modules codeAndrew Tridgell1-0/+1
(This used to be commit 7d8b11174c97a3797673254c351c94436aa716b7)
2007-10-10r11952: added a rootdse module. This will replace the existing rootdse code inAndrew Tridgell3-40/+202
the ldap server. The reason for the change is that ldb modules need some way to get at the static info stored in the rootDSE (such as the location of the schema) but they can't do that right now (This used to be commit 7e226383f2cd2ce9bb3983ab6a3de454649f8a15)
2007-10-10r11949: make sure we ask gensec to give us a session keyAndrew Tridgell1-0/+2
andrew, this answers your question on irc about whether the same session key mechanisms are used in smb2. They are - the RPC-LSA secret tests pass fine over ncacn_np on SMB2, which means the session key must be working (This used to be commit 91327885a2b6432ba20a8dd1370b632240d3263d)
2007-10-10r11941: fix cut'n'paste bugStefan Metzmacher1-1/+1
metze (This used to be commit fd77cfa49016d403c3f4c60c2422d41498438c17)
2007-10-10r11940: Love has clarified why this code does what it does.Andrew Bartlett2-8/+6
Andrew Bartlett (This used to be commit 9b3dedbc0bb12897a8f9bd4ec864de26b3835981)
2007-10-10r11931: Add a short README explaining what this directory is all about.Andrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit eaf8777e449f70f5694f29199c18f26b9647d558)
2007-10-10r11930: Add socket/packet handling code for kpasswddAndrew Bartlett3-5/+52
Allow ticket requests with only a netbios name to be considered 'null' addresses, and therefore allowed by default. Use the netbios address as the workstation name for the allowed workstations check with krb5. Andrew Bartlett (This used to be commit 328fa186f2df5cdd42be679d92b5f07f7ed22d87)
2007-10-10r11929: Add static, comments.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 41f09ef9342d0c9f09475a189d2bbdb50e611528)
2007-10-10r11928: More Kerberos musings...Andrew Bartlett1-20/+64
Andrew Bartlett (This used to be commit 571f9c9c51b93946d23f2b35ef76ac881994b8cc)
2007-10-10r11913: if we have a UNIQUE name with more than 1 address,Stefan Metzmacher1-0/+5
it becomes implicit an MHOMED record metze (This used to be commit a5bced92a91f462ac6c41c04012aaeb3f77455de)
2007-10-10r11912: fix nbt_name_registration, there's still some minor stuff todo,Stefan Metzmacher2-56/+134
e.g. to return the first address of the 0x1B address as first address in the 0x1C reply, and handle sgroup merge overflow of 25 addresses metze (This used to be commit a80280e061c03f9d07f7d6df20228de7923bb000)
2007-10-10r11911: as we pass the owned_released vs. replica test now, run it with make ↵Stefan Metzmacher1-0/+1
test metze (This used to be commit d34580ec70dca145ea7911be718ad1fc13297a20)
2007-10-10r11910: fix nbt_name_release and nbt_name_query, so that we pass the ↵Stefan Metzmacher1-20/+70
owned_released vs. replica winsrepl torture test metze (This used to be commit c8c53593fc7831968499b5028417f0de0a7f421b)
2007-10-10r11908: implement SGROUP merging, that passes the different owner testsStefan Metzmacher1-14/+222
(but only without socket_wrapper, I need to look at that later and then add the different_owner test to NBT-WINSREPLICATION-QUICK so that it'll be runned by make test) metze (This used to be commit 9ef33580345f12fafbab0a09644451c8b7600f7f)
2007-10-10r11907: added testing of SMB2 keepaliveAndrew Tridgell1-1/+6
(This used to be commit 6096d23fe0e58b6c3e4174a70a0faebd88fd5f79)
2007-10-10r11906: opcode 13 appears to be keepalive. Metze guessed this one :-)Andrew Tridgell3-1/+70
(This used to be commit afe2323dc10748b97e6b30dc0c783dbe04446d8c)
2007-10-10r11905: added SMB2_FLUSH as opcode 7. Thanks to metze and volker for helpAndrew Tridgell6-1/+91
brainstorming this one. (This used to be commit a969ad592ae4cd8f7c66b1df4763fdc70328c967)
2007-10-10r11904: added smb2_tdis() testingAndrew Tridgell1-1/+13
(This used to be commit e2ed615a44d825f8c46755408a1a1657222a508b)
2007-10-10r11903: added smb2_tdis() (opcode 4)Andrew Tridgell2-1/+69
(This used to be commit d606b45b5b6065b5d06024bcce00a23084a20eac)
2007-10-10r11902: added smb2_logoff() testingAndrew Tridgell1-0/+13
(This used to be commit ff50377822fa48eab7f66275098782241ca50f40)
2007-10-10r11901: added smb2_logoff() support (metze correctly guessed opcode 2 wasAndrew Tridgell3-1/+70
logoff) (This used to be commit 6884ce66f2881eba834b419370f74111852fe022)