| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The KDC sets different flags for the AS-REQ (this is client-depenent)
and the TGS-REQ to determine if the realm should be forced to the
canonical value. If we do this always, or do this never, we get into
trouble, so it's much better to honour the flags we are given.
Andrew Bartlett
|
|
This avoids setting these values when the caller simply does not care
Andrew Bartlett
|
|
This will allow these calls to honour the flags passed in from the KDC
Andrew Bartlett
|
|
if you use --git-local-changes then the version number that waf
extracts from git will have a '+' on the end if you have local
changes, as determined by running 'git diff'.
This used to be the default, but unfortunately it is far too slow on
some systems. On a NFS build system I was using the first line of
configure took about 2 minutes.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Nov 16 01:51:54 UTC 2010 on sn-devel-104
|
|
We should never get a cross-realm ticket that was not issued by a full
DC, but if someone claims to have such a thing, reject it rather than
segfaulting on the NULL client pointer.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 23:59:34 UTC 2010 on sn-devel-104
|
|
The PAC was being regenerated on all normal DCs, because they don't
have a msDS-SecondaryKrbTgtNumber attribute. Instead we need to check
if it's set and not equal to our RODC number, allowing RODCs to trust
the full DCs and itself, but not other RODCs.
Andrew Bartlett
|
|
By checking the client principal here, we compare the realm based on
the normalised realm, but do so early enough to validate the PAC (and
regenerate it if required).
Andrew Bartlett
|
|
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 15 23:14:57 UTC 2010 on sn-devel-104
|
|
"time_t" is generally "long int".
|
|
modifications
Pointed out by abartlet
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 22:28:16 UTC 2010 on sn-devel-104
|
|
This provides a script that allows testing of most of the steps of the
Samba4 HOWTO. The big difference between this and 'make test' is that
it test against windows, using pexpect to control windows boxes via
telnet.
The info about VMs and other parameters are in separate conf
files. I've included a sample config file that I use on my laptop.
|
|
typo spotted by Michael Wood
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Mon Nov 15 21:44:39 UTC 2010 on sn-devel-104
|
|
on Windows 2000 forest function level
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Mon Nov 15 13:10:05 UTC 2010 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 12:26:53 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
the fancier cmd_output() broke git versioning
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 11:33:41 UTC 2010 on sn-devel-104
|
|
this is useful for manual testing
|
|
bitten by python object references again!
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Samba4 may modify the case of the realm in a returned entry, but will no longer modify the case of the prinicipal components.
The easy way to keep this test passing is to consider also what we
need to do to get the krbtgt account for the PAC signing - and to use
krbtgt/<this>/@REALM component to fetch the real krbtgt, and to use
that resutl for realm comparion.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 08:47:44 UTC 2010 on sn-devel-104
|
|
we should reset the realm part of the principal, but not the lowercase
realm embedded in the 'krbtgt/realm@REALM'.
Andrew Bartlett
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Nov 15 02:09:40 UTC 2010 on sn-devel-104
|
|
We should check the errors from krb5_kdc_windc_init and we now need to
additionally run krb5_kdc_pkinit_config()
Andrew Bartlett
|
|
This remains an abuse, because it relies on setting into the krb5_principal
structure, but at least it causes less trouble for the server.
Andrew Bartlett
|
|
|
|
|
|
Heimdal uses HEIMDAL_NORETURN_ATTRIBUTE and HEIMDAL_PRINTF_ATTRIBUTE,
and we need to provide a link between these and Samba's function
attribute handling.
Andrew Bartlett
|
|
5734d03c20e104c8f45533d07f2a2cbbd3224f29)
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Nov 15 00:57:27 UTC 2010 on sn-devel-104
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 00:13:59 UTC 2010 on sn-devel-104
|
|
We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.
Making them a child of the task allows the task to terminate and take
all its sockets with it.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
the source_dsa_obj_dn can be NULL
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Nov 14 17:58:05 UTC 2010 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Nov 14 14:07:29 UTC 2010 on sn-devel-104
|
|
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Nov 14 10:24:02 UTC 2010 on sn-devel-104
|
|
transaction id of packets it was requested to send via a client, and
only store replies that match these ids. On the client side change
clients to always attempt to ask nmbd first for name_query and
node_status calls, and then fall back to doing socket calls if
we can't talk to nmbd (either nmbd is not running, or we're not
root and cannot open the messaging tdb's). Fix readers of unexpected.tdb
to delete packets they've successfully read.
This should fix a long standing problem of unexpected.tdb
growing out of control in noisy NetBIOS envioronments with
lots of bradcasts, yet still allow unprivileged client apps
to work mostly as well as they already did (nmblookup for
example) in an environment when nmbd isn't running.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
|
