summaryrefslogtreecommitdiff
path: root/source3/libads/util.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-21/+33
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-33/+21
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r25109: Remove obsolete argument from ads_guess_service_principal().Günther Deschner1-1/+0
Guenther (This used to be commit 2dea9464bba76af4315a8207ccd3e564ec19d146)
2007-10-10r24804: As a temporary workaround, also try to guess the server's principal ↵Günther Deschner1-0/+58
in the "not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds succeed with windows server 2008. Guenther (This used to be commit f5b3de4d3069eaa750240e3422bac5cb169b6c0a)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke1-3/+1
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke1-1/+3
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r16952: New derive DES salt code and Krb5 keytab generationGerald Carter1-8/+0
Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
2007-10-10r16115: Make "net ads changetrustpw" work again.Günther Deschner1-7/+3
(adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)
2007-10-10r3796: Patch from Jay Fenlason <fenlason@redhat.com>. Don't free static buffers.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 53acf222a86a1420abbba08a2cde27a86debe403)
2007-10-10r3451: Finish off kerberos salting patch. Needs testing !Jeremy Allison1-26/+32
Jeremy. (This used to be commit ff4cb6b5e80731856d6f3f7eebd8fc23902e3580)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-3/+5
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-02-24Merge from HEAD client-side authentication changes:Andrew Bartlett1-4/+6
- new kerberos code, allowing the account to change it's own password without special SD settings required - NTLMSSP client code, now seperated from cliconnect.c - NTLMv2 client code - SMB signing fixes Andrew Bartlett (This used to be commit 837680ca517982f2e5944730581a83012d4181ae)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-1/+1
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with headJelmer Vernooij1-1/+1
(This used to be commit 3928578b52cfc949be5e0ef444fce1558d75f290)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-20forgot to commit this file from remusAndrew Tridgell1-0/+59
(This used to be commit 7984ae0121ba327309ca5c52674e03fc1ad7e923)