summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter2-34/+24
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r25328: When using ldap sasl wrapping with gssapi it's important to receive ↵Günther Deschner1-0/+5
warnings for clock-skew errors. Guenther (This used to be commit 53c99d415d605ab03e3646f6096aff794457dd33)
2007-10-10r25165: Use talloc_asprintf_append_buffer with an unmodifiedJeremy Allison1-2/+2
string. Jeremy. (This used to be commit fe30a523dfc77cc373145624246fd3ad5c62b9ac)
2007-10-10r25133: Fix sasl wrapping (for ldap sign&seal).Günther Deschner1-46/+5
The gss_import_name() broke as we switched from the internal MIT OID "gss_nt_krb5_principal" to "GSS_KRB5_NT_PRINCIPAL_NAME" and didn't switch from passing the krb5_principal (or better: a pointer to that, see MIT's "*HORRIBLE* bug") to pass the string principal directly. Jerry, Jeremy, neither I could figure out the need of passing in a krb5_principal at all nor could I reproduce the crash you were seeing. I sucessfully tested the code (now importing a string) with MIT 1.2.7, 1.3.6, 1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0, 1.0.1. Guenther (This used to be commit cb2dc715e33467c8b588161e816e72a948f6860c)
2007-10-10r25109: Remove obsolete argument from ads_guess_service_principal().Günther Deschner2-4/+2
Guenther (This used to be commit 2dea9464bba76af4315a8207ccd3e564ec19d146)
2007-10-10r25108: Make ifdef labyrinth in sasl code a bit more readable.Günther Deschner1-2/+2
Guenther (This used to be commit f31949ec3456134de474a0219a8cd5dcd15adea6)
2007-10-10r25080: Once we decrypted the packet but have timing problems (closkew, tkt ↵Günther Deschner1-1/+9
not yet or no longer valid) there is no point to bother the keytab routines. Guenther (This used to be commit 7e4dcf8e7ecfd35668e86e22bed5a9280ae83959)
2007-10-10r25030: ip_srv_nonsite and count_nonsite are initialized in get_kdc_list() ↵Lars Müller1-2/+2
in any case. (This used to be commit 287604a1c7dc7dede4b278de92ad8233f597d0b6)
2007-10-10r24836: Initialize some uninitialized variables.Michael Adam1-3/+5
This prevents a segfault when get_kdc_ip_string() is called with sitename == NULL. Michael (This used to be commit 58d31e057b57bc69a96e63aabba9aa1da5418d83)
2007-10-10r24833: Move locator to nsswitch (does not belong to libads anymore).Günther Deschner1-395/+0
Guenther (This used to be commit af90c6949c929c82d4390b2f87a420bd598275dd)
2007-10-10r24832: In the winbind-locator recursion case, try to pick up the kdc from theGünther Deschner1-3/+22
environment. Guenther (This used to be commit 7f42fe4e08c0899f5e8addbc5135d87af193ee68)
2007-10-10r24804: As a temporary workaround, also try to guess the server's principal ↵Günther Deschner2-41/+70
in the "not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds succeed with windows server 2008. Guenther (This used to be commit f5b3de4d3069eaa750240e3422bac5cb169b6c0a)
2007-10-10r24769: Merge error handling for locator plugin.Günther Deschner1-17/+5
Guenther (This used to be commit b83626676ca37437e62b826923fbd1d985eb7ce6)
2007-10-10r24752: Make sure to return properly when the locator is called from within ↵Günther Deschner1-6/+9
winbindd. Guenther (This used to be commit 6cf7187e88b4d4c1dfe90fcab459e39a0dbd3a11)
2007-10-10r24748: Remove all dependencies to samba internals and convert the krb5 ↵Günther Deschner1-100/+96
locator plugin into a tiny winbindd DsGetDcName client. This still does not solve the case of using the locator from within winbindd itself but at least gencache.tdb and others are no longer corrupted. Guenther (This used to be commit 908e7963b8b2dd9b149f526a53dbb5dc7662bbef)
2007-10-10r24739: With resolve_ads() allow to query for PDCs as well.Günther Deschner1-28/+109
Also add dns query functions to find GCs and DCs by GUID. Guenther (This used to be commit cc469157f6684ec507bf1c3a659fc36a53d304a1)
2007-10-10r24654: Adapt to coding conventions.Günther Deschner1-21/+25
Guenther (This used to be commit a669ac2bc45dc6f261a789050a021d625c083829)
2007-10-10r24432: Expand kerberos_return_pac() so that it can be used in winbindd.Günther Deschner1-6/+72
Guenther (This used to be commit e70bf0ecc3ec6d3ba8ba384024bbdf9a783072ea)
2007-10-10r24424: Fix the build.Günther Deschner1-5/+5
Guenther (This used to be commit 029bf26f8a571ae060f7be60fd3e8c61d86004f7)
2007-10-10r24252: Dump guid of msExchMailboxGuid when returned.Günther Deschner1-0/+1
Guenther (This used to be commit 1142f3df546cbf4780c6f54667f7ed31b1a7621b)
2007-10-10r24251: Neverending fun:Günther Deschner1-1/+1
Heimdal doesn't accept all OIDs and gss_import_name() fails with GSS_S_BAD_NAMETYPE using this one. Use the GSS_KRB5_NT_PRINCIPAL_NAME OID instead (which works with at least MIT 1.6.1 and Heimdal 1.0.1). Guenther (This used to be commit f783b32b65ee50e3730ae2d039ca04c9fc5a201a)
2007-10-10r24166: Fix Coverity ID 391Volker Lendecke1-1/+1
(This used to be commit 461974d2cc18c729f152356a9c30cc776f288906)
2007-10-10r24158: SE_GROUP_RESOURCE in the other_sids list apparently means aGerald Carter1-1/+1
domain local group. Fix a typo in the PAC debugging routine (This used to be commit b0b66b2e7af133b199868b946fad70016e1cefbd)
2007-10-10r24131: - make it more clear what the different min and max fields meanStefan Metzmacher2-37/+48
- with the "GSSAPI" sasl mech the plain, sign or seal negotiation is independed from the req_flags and ret_flags - verify the server supports the wrapping type we want - better handling on negotiated buffer sizes metze (This used to be commit d0ec7323870ca16b28d458ff5f7dacce278b7d54)
2007-10-10r24128: fix double free in error pathStefan Metzmacher1-6/+7
metze (This used to be commit 29e2d8e044c9213643a2f5f29891ce853a839347)
2007-10-10r24104: fix the build, sorry...Stefan Metzmacher1-3/+4
metze (This used to be commit a5e1f9fd293fab26d664a72ee652eb8ca72128b7)
2007-10-10r24103: add some useful debug messages, as not all LDAPStefan Metzmacher1-3/+19
libraries support wrapping hooks... metze (This used to be commit 581a1d3a20ffed42ccc7f35f163fd343ed12ccd3)
2007-10-10r24098: - make use of the ads_service_principal abstractionStefan Metzmacher1-61/+32
also for the "GSSAPI" sasl mech. - also use the ads_kinit_password() fallback logic from the "GSS-SPNEGO" sasl mech. metze (This used to be commit cbaf44de1e1f8007dc4ca249791ea30d2902c7c4)
2007-10-10r24095: add one more fallback alternative toStefan Metzmacher1-0/+20
construct the principal metze (This used to be commit b545667d2a45a79bba05c9fe9e93a19951d60af7)
2007-10-10r24093: move gssapi/krb5 principal handling into a functionStefan Metzmacher1-88/+146
metze (This used to be commit 83de27968d434d67d23851b0c285221c870ff75e)
2007-10-10r24072: Add "client ldap sasl wrapping" parameter.Stefan Metzmacher1-0/+8
Possible values are "plain" (default), "sign" or "seal". metze (This used to be commit 26ccbad7212e9acd480b98789f04b71c1e940ea8)
2007-10-10r24066: Fix memleak found by Volker. We don't leak keys now with MIT and ↵Günther Deschner1-0/+1
Heimdal. Guenther (This used to be commit 7755ad750facc44b6a5df2136cb536547048cd48)
2007-10-10r24065: According to gd, this breaks heimdal. Thanks for checking!Volker Lendecke1-3/+0
(This used to be commit ea5f53eac81e8a969587eb3996b16a1afd948877)
2007-10-10r24062: fix logic for broken krb5 libs which always forceStefan Metzmacher1-1/+2
sign and seal... metze (This used to be commit 4a4fc8cccbcbe17eebcefcd0107f7de60d751f5c)
2007-10-10r24058: Fix some memory leaks in ads_secrets_verify_ticket.Volker Lendecke1-0/+3
Jeremy, Günther, please review! Thanks, Volker (This used to be commit 000e096c277a71ca30c1c109aae62241ad466bee)
2007-10-10r24042: add support for krb5 sign and seal in LDAP via "GSS-SPNEGO"Stefan Metzmacher1-1/+309
metze (This used to be commit 34ab84aceb86195743abd26c46a631640409725e)
2007-10-10r24037: only setup sasl wrapping after a successful bindStefan Metzmacher1-2/+4
metze (This used to be commit 85d6cd3dfb5cbd9e899957265e352583ff608ed4)
2007-10-10r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, ↵Günther Deschner1-1/+1
renew, pac). Guenther (This used to be commit 4cada7c1485c9957e553d6e75cb6f30f4338489f)
2007-10-10r23970: Allow to set the debuglevel at which to dump the PAC logon info.Günther Deschner1-18/+18
Guenther (This used to be commit 7d321aad83cb7b9cc766bc89a886676337a2bad8)
2007-10-10r23969: Some helper routines to retrieve a PAC and PAC elements.Günther Deschner1-0/+160
Guenther (This used to be commit d4c87c792a955be7d5ef59fc683fc48e3d8afe16)
2007-10-10r23953: Some C++ warningsVolker Lendecke2-4/+7
(This used to be commit 8716edf157bf8866328f82eb6cf25e71af7fea15)
2007-10-10r23951: Fix segfault.Günther Deschner1-1/+1
Guenther (This used to be commit 1a5c8780ae79e5ae4e6a36bfb66cd92ae7d3aa88)
2007-10-10r23948: add gsskrb5 sign and seal support for LDAP connectionsStefan Metzmacher1-5/+135
NOTE: only for the "GSSAPI" SASL mech yet metze (This used to be commit a079b66384b15e9d569dded0d9d6bd830e1a6dfa)
2007-10-10r23946: add support for NTLMSSP sign and sealStefan Metzmacher1-1/+122
NOTE: windows servers are broken with sign only... metze (This used to be commit 408bb2e6e2171196a2bd314db181d9b124e931a1)
2007-10-10r23945: add infrastructure to select plain, sign or seal LDAP connectionStefan Metzmacher2-2/+23
metze (This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6)
2007-10-10r23943: - always provide ads_setup_sasl_wrapping() functionStefan Metzmacher1-4/+10
- read/write returning 0 means EOF and we need to return direct metze (This used to be commit 885d557ae746c318df0aabc0a03dce1587918cce)
2007-10-10r23937: Use ads_config_path() when we need to know the configration context.Günther Deschner1-26/+11
Guenther (This used to be commit 1a62c731c6259bf4285d3735bff8b191002553f7)
2007-10-10r23933: - implement ctrl SASL wrapping hookStefan Metzmacher1-6/+26
- pass down sign or seal hooks - some sasl wrapping fixes metze (This used to be commit 8c64ca3394489b28034310fe64d6998e49827196)
2007-10-10r23926: implement output buffer handling for the SASL write wrapperStefan Metzmacher1-1/+67
metze (This used to be commit 65ce6fa21adec704b3cde30c57001e5620f048e4)
2007-10-10r23922: implement input buffer handling for the SASL read wrapperStefan Metzmacher1-2/+129
metze (This used to be commit 7d8518ebd9470062b499b7074a940e14520e99f2)