Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill
in just the kdc_name if we have it and let the krb5 lib figure out the
appropriate ipv6 address
ipv6 gurus, please check.
Guenther
|
|
Guenther
|
|
Passing NULL as dest_realm for cli_session_setup_spnego() was
always using our own realm (as for a NetBIOS name). Change this
to look for the mapped realm using krb5_get_host_realm() if
the destination machine name is a DNS name (contains a '.').
Could get fancier with DNS name detection (length, etc.) but
this will do for now.
Jeremy.
|
|
This seems to be the only way to deal with mixed heimdal/MIT setups during
merged build.
Guenther
|
|
Guenther
|
|
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
|
|
the system one is broken.
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
Guenther
|
|
instead of manually doing an asprintf with lp_lockdir()
Michael
squash
|
|
Michael
|
|
Also eliminates name conflicts with OneFS system libraries
|
|
otherwise (to clarify we can also pass in structs smaller than
sockaddr_storage, such as sockaddr_in).
|
|
Guenther
(This used to be commit 18a26f08b6fab4119a1421a7ca59c32dde8bb8cb)
|
|
Guenther
(This used to be commit b5aaf5aa0f280f69e05b613271c96473a79b812e)
|
|
Jeremy.
(This used to be commit 201bcc8ed291b51be6f4508c6aa1cb17ce6dcbe3)
|
|
(This used to be commit 30956c784f58870ad552a3869d80f99872c31375)
|
|
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
|
|
Correctly return if we can't create the temporary krb5.conf
Jeremy, please check!
(This used to be commit c2401811aa3d02a9e27969687b9ea035407000c3)
|
|
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result
(This used to be commit ad37b7b0aee265a3e4d8b7552610f4b9a105434d)
|
|
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain. We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
(This used to be commit 8039a2518caae54bc876368c73ec493f3cd4eb73)
|
|
Jeremy.
(This used to be commit 79b7972de4c2a8c71e37642ddf7e5bbed53dd58a)
|
|
for a name '[<ipv6 addr>'.
Jeremy.
(This used to be commit f2aa921505e49f894bfed4e5e2f9fc01918b1bb0)
|
|
Guenther
(This used to be commit 44d67e84625a2a1a93baecef0e418b48e982443b)
|
|
correct way is to copy only 'length' bytes.
Simo.
(This used to be commit 814c1b0e0034fb67c7718760dfcf913904f3e7fa)
|
|
Jeremy.
(This used to be commit 44918f39c0598eec681eb9e5c65452f04809c375)
|
|
to cause us to behave like Vista when looking for remote
machine principal. Modified by me.
Jeremy.
(This used to be commit d0e33840fb4cfc85990d3ee327428b0854a22722)
|
|
Jeremy.
(This used to be commit 809f5ab4c595740b28425e1667e395a6058b76a8)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
in any
case.
(This used to be commit 287604a1c7dc7dede4b278de92ad8233f597d0b6)
|
|
This prevents a segfault when get_kdc_ip_string() is called
with sitename == NULL.
Michael
(This used to be commit 58d31e057b57bc69a96e63aabba9aa1da5418d83)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
data to krb5_prompter.
Jeremy.
(This used to be commit 232fc5d69d44404df13f6516864352f9a5721552)
|
|
winbindd's kerberized pam_auth use that.
Guenther
(This used to be commit 0f436eab5b2e5891c341c27cb22db52a72bf1af7)
|
|
NTSTATUS
codes directly out of the krb5_error edata.
Guenther
(This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
|
|
Guenther
(This used to be commit 997ded4e3f0dc2199b9a66a9485c919c16fbabc6)
|
|
(This used to be commit 4f6c2826aa1ac240b02122a40fe9a1ccabaaaf27)
|
|
calling convention in the latest MIT changes. Apparantly Heimdal
is also changing to this calling convention.
(This used to be commit c29c69d2df377fabb88a78e6f5237de106d5c2c5)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
Guenther
(This used to be commit 4df582fa1049afe96bbee7e8cab93cfa82208ba3)
|
|
Guenther
(This used to be commit ea38e1f8362d75e7ac058a7c4aa06f1ca92ec108)
|
|
ask for the list of DCs twice.
Guenther
(This used to be commit a9baf27e1348dd6dadd7a2fafdf9c269087b80ac)
|