summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6819: More notes on krb5 requirementsAndrew Bartlett1-18/+66
Andrew Bartlett (This used to be commit dbd845998723987c75dc0e6a427330116dce0bf4)
2007-10-10r6817: - fixed empty ldap search elements in filtersAndrew Tridgell5-11/+41
- added support for guids in cldap netlogon searches. the cldap server now passes the LDAP-CLDAP torture test (This used to be commit eb7979d9def389942fa1c54693d2dfcb8828f544)
2007-10-10r6816: - fixed debug display of ndr netlogon unionAndrew Tridgell1-2/+5
- send a username when scanning to make structure elements clearer (This used to be commit 7d19eb9433b615fdf789cb07aeb331df92b05abd)
2007-10-10r6815: fill in values in cldap server as wellAndrew Tridgell1-2/+2
(This used to be commit 50cac2ce845b7408d83f18e13544b950b2a5a65b)
2007-10-10r6814: fill in two more unknown values in cldap responsesAndrew Tridgell1-2/+2
(This used to be commit 5ee46b44be45763bfaa11dc0b0c9f53b7ee30a51)
2007-10-10r6812: more talloc portability tweaksAndrew Tridgell3-6/+3
(This used to be commit 450ac2e4dea25910ee5384747bdb6ad7323e967d)
2007-10-10r6811: Another attempt at better kerberos/gssapi headers.Andrew Bartlett1-5/+7
Andrew Bartlett (This used to be commit f4b7484516b956baabb3eba3f233da29fc101100)
2007-10-10r6810: Rename auth/{ntlmssp,gensec,kerberos} mk and m4 files to be calledTim Potter7-5/+10
config.mk and config.m4 to be consistent with the rest of Samba. (This used to be commit f377c71e4f0d60684326906dfb65e4581294ec34)
2007-10-10r6809: ifeq is not portable in make - jelmer, you'll need to find some other ↵Andrew Tridgell1-6/+1
way of doing this if you want detection of socket wrapper :-) (This used to be commit f4bfc3a80e0986d48ea8f6ece5432732f5738f32)
2007-10-10r6808: - test for gcov not neededAndrew Tridgell3-15/+10
- samba malloc wrapper avoidance not needed now we don't use includes.h - make testsuite work when BOOL, True, False already defined (This used to be commit c8a274c8735957a8a8dd21421abd65a8a1af20f7)
2007-10-10r6807: Fix in-tree build of talloc testsuiteJelmer Vernooij1-7/+0
(This used to be commit 3541ebe31bef8ccae7a8a1ea4f451ddfbd24460a)
2007-10-10r6806: Try again to fix the build on various kerberos libs.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 5749b63f171acb99c63bfe24312050b316644082)
2007-10-10r6805: Remove two remaining references to gensec_gsskrb5Jelmer Vernooij2-5/+0
(This used to be commit a02e07739781eb00b521d050ab06d6b0aedf47bc)
2007-10-10r6804: Add config.h for talloc (and use it)Jelmer Vernooij5-9/+31
(This used to be commit c2ce09d38003fd43212de9cd08e4a781cc2aff88)
2007-10-10r6803: Try to bring in the correct GSSAPI headers for the krb5 mech. ThisAndrew Bartlett4-33/+16
should allow us to ditch the local static storage for OIDs, as well as fix the build on non-heimdal platforms. Andrew Bartlett (This used to be commit a7e2ecfac9aaacd673e3583b62139e4f4e114429)
2007-10-10r6802: - fixed CFLAGSAndrew Tridgell1-6/+4
- don't fail if we don't have xsltproc (This used to be commit 235f5c510b4b68edf2a36d049bc0ff2afb73fd72)
2007-10-10r6801: It appears that krb5_make_principal, while convenient, is not portable.Andrew Bartlett1-4/+13
Andrew Bartlett (This used to be commit c8e8fa129ed0c80bcd289445935047c28d48da64)
2007-10-10r6800: A big GENSEC update:Andrew Bartlett11-335/+558
Finally remove the distinction between 'krb5' and 'ms_krb5'. We now don't do kerberos stuff twice on failure. The solution to this is slightly more general than perhaps was really required (as this is a special case), but it works, and I'm happy with the cleanup I achived in the process. All modules have been updated to supply a NULL-terminated list of OIDs. In that process, SPNEGO code has been generalised, as I realised that two of the functions should have been identical in behaviour. Over in the actual modules, I have worked to remove the 'kinit' code from gensec_krb5, and placed it in kerberos/kerberos_util.c. The GSSAPI module has been extended to use this, so no longer requires a manual kinit at the command line. It will soon loose the requirement for a on-disk keytab too. The general kerberos code has also been updated to move from error_message() to our routine which gets the Heimdal error string (which may be much more useful) when available. Andrew Bartlett (This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
2007-10-10r6799: Remove a rudundent variable from the context structure - we can figureAndrew Bartlett4-10/+14
this out by asking GENSEC, just like everybody else. Andrew Bartlett (This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
2007-10-10r6798: Valgrind pain is not something I look forward to - if we ever fallAndrew Bartlett1-2/+6
back to the 'not /dev/urandom' method of random number generation, I don't want to be chasing down 'use of uninitialised value' though all the crypto code. Andrew Bartlett (This used to be commit 31ff2cd8e11dee36c42f82dcfd85338d3ff704d3)
2007-10-10r6797: Typo fix.Rafal Szczesniak1-1/+1
rafal (This used to be commit 0f9a2aef6c87bd53c962b33bf78bf773d2319b97)
2007-10-10r6796: Remove the gensec_gsskrb5 module, which had had all of it's specialAndrew Bartlett2-594/+0
features merged back into gensec_gssapi. (Removed because I've made some API changes, and it isn't worth 'fixing' the rudundent code to cope with changes) Andrew Bartlett (This used to be commit e8cf3d58ec956e41fc8d3e38363db3d5d838fe1d)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij23-159/+65
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6794: spellfixSimo Sorce1-3/+3
(This used to be commit f5956d150154cb4393dc323ae8ae1f936adee355)
2007-10-10r6793: Move auth_sam to use the dnsDomain rather than theAndrew Bartlett2-1/+7
soon-to-be-depricated 'realm'. Add torture test for this behaviour. Andrew Bartlet (This used to be commit 6b9020661a13fd5ec6c5d1e21344d9f654978987)
2007-10-10r6792: Allow a mech to fail on the first pass at the packet, and still fallAndrew Bartlett1-0/+2
back to the other options. Andrew Bartlett (This used to be commit 9153d7306124d5e4ffc0467728210e2e2235059f)
2007-10-10r6791: My early notes on the particular things I have discovered as I learnAndrew Bartlett1-0/+176
kerberos, and how Microsoft constructs their kerberos implementation. Andrew Bartlett (This used to be commit 5fa9be75d987af106fd798f6d5379b637a170b00)
2007-10-10r6790: Use config.h file for ldb and add test for stdint.hJelmer Vernooij4-2/+10
(This used to be commit c1f1b5a9455c827f7baf382d919ab8a0eab49bb3)
2007-10-10r6787: Use debhelper for the debian packagesJelmer Vernooij5-40/+49
(This used to be commit 9f1b15832d4a8bc9914751811fd10f6a35265b8d)
2007-10-10r6781: -add some comments on how attributes and objectClasses are identified ↵Stefan Metzmacher1-2/+83
in DRSUAPI -and some comments on what the attribute syntaxes matches what internal datatypes metze (This used to be commit 58c6887da48c2ebdec14529cb81e7589101f7aae)
2007-10-10r6776: make the cldap torture test not dependent on the realm being setAndrew Tridgell1-27/+54
correctly - it gets the realm from an initial no-attribute search (This used to be commit 52d10c8d99521f9dd02891a30688472d96860aef)
2007-10-10r6768: Fix wrong commentSimo Sorce1-1/+1
(This used to be commit 2f80b2070f1fc99151f0a583271cd9047d53bab6)
2007-10-10r6767: Fix compiler warning.Tim Potter1-0/+1
(This used to be commit 45a0692be10a03032f9a4e26da3de08696c03464)
2007-10-10r6766: some more cldap tests ...Andrew Tridgell2-5/+36
my best guess now is that w2k3 converts the & in the cldap query to an | for the ldap search. at least it behaves roughly like that. (This used to be commit 1d6ab9aaefee71e3d0f87c1afae8ccdbae1f0e04)
2007-10-10r6765: expanded the cldap test suite to test the usage of the DomainGuid,Andrew Tridgell1-5/+60
AAC, and User attributes in cldap netlogon queries interestingly, while WinXP generated cldap filters with these set, the w2k3 cldap server seems to completely ignore them, so I didn't need to alter our cldap server at all to pass the test :-) (This used to be commit 177c8becd2051c9d1f261358baf4b85ca89700d8)
2007-10-10r6764: added support for DomainGuid, DomainSid, AAC, and User attributes inAndrew Tridgell2-8/+40
cldap netlogon queries (This used to be commit 7c1d0f449d3922a309fc86e5d9cb1e962a39805d)
2007-10-10r6763: added functions in libcli/ldap/ to binary encode some NDR structures intoAndrew Tridgell4-2/+89
ldap friendly filter strings (This used to be commit 8890dd3ac331cffe83226a356c52df89c917c2b0)
2007-10-10r6762: with the zone right we don't need a fully qualified site name at allAndrew Tridgell1-2/+1
(This used to be commit 6f4ad382d445c3cdb8e50727f09d79334076e02d)
2007-10-10r6761: - not everyone is in my domain :-)Andrew Tridgell1-1/+19
- started adding support for the other cldap attributes that XP uses (This used to be commit 1537558039b012a4124e6167ad7ebfd7486f05ff)
2007-10-10r6760: Update debian packagesJelmer Vernooij3-9/+8
(This used to be commit 39c8acdaa5746bec9171a4624e24e4eea553bcb1)
2007-10-10r6759: let us have a wildcard attribute so that we can set a default for all ↵Simo Sorce1-1/+7
attributes example: *: CASE_INSENSITIVE by placing it in the @ATTRIBUTES object you make all the matching be case insensitive to make an excepion to the general rule now you just need to create an entry like: name: CASE_SENSITIVE the key CASE_SENSITIVE currently does not exist but has the effect of making the code ignore the wildcard default flag and being ldb case sensitive by default it let the "name" attribute be case sensitive again Tridge, can you look at this commit? Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ? Simo. (This used to be commit 5f10707e8ac36db03f3aa3e1ee1c40a9d9da2016)
2007-10-10r6752: Patch by Steven Edwards to improve portability to mingw32Jelmer Vernooij6-4/+25
(This used to be commit 8d63cd33a223cccb21d808747e9c97da53629fbc)
2007-10-10r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap ↵Andrew Tridgell1-0/+1
query with this in uppercase) (This used to be commit f0c37555ff30c3e5ff4680d0b33bc105ebd3a0b1)
2007-10-10r6750: some minor tweaks to the cldapd serverAndrew Tridgell2-8/+24
I can now join winxp -> samba4 DC using long name, and login. The nice thing is there are no delays now, as the client likes the replies it gets (This used to be commit 5aff7d36f3e535e305820ae42b023ae53cc0daf9)
2007-10-10r6747: first working version of cldapd server. It is missing 'sites' ↵Andrew Tridgell5-5/+252
support, and filling in some of the returned parameters is quite rough, but it seems to work OK (This used to be commit e564e3e596915414fad07c94f7ea8a0d9c3a1140)
2007-10-10r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOBAndrew Tridgell1-0/+23
(This used to be commit dc25be9d69a65680f7942ed29c2d791d6ce7248a)
2007-10-10r6745: - escape spaces in binary ldap blobsAndrew Tridgell2-3/+15
- expose the ldap filter string parsing outside of ldap.c (This used to be commit b644ff6fe164fbe359c47e4d34f5ad490ff61d5b)
2007-10-10r6744: added support for reply packets in libcli/cldap/Andrew Tridgell2-7/+184
(This used to be commit 992858e1b91c3ff05077afa8a7abe155198597d4)
2007-10-10r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,Andrew Tridgell1-1/+1
giving valgrind errors (This used to be commit 7af0c547e0c0da3bc78a1ee6c2ab29114d8625cc)
2007-10-10r6740: make gensec_gssapi.c compile againAndrew Tridgell1-1/+1
(This used to be commit 6d15e9511115cc30ee213ec91320a2dccde15b8f)