Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 43f07e9de70ad9993265e28a54239caba0121ab6)
|
|
keys for kerberos authentication.
Andrew Bartlett
(This used to be commit 8b798f03dbbdd670ff9af4eb46f7b0845c611e0f)
|
|
(This used to be commit ff2b5b2f85f2d9dade67077cea1b68719cf65352)
|
|
inline the call to prs_copy_all_data_out() so that we can know we are not
overrunning our buffer.
Also check more return values.
Andrew Bartlett
(This used to be commit e3b73d5d658584428c81c9ef3ccf024687a56e2f)
|
|
(This used to be commit 4c52d7bd933f61bdba3d4159a204fe16db3d4f0f)
|
|
(This used to be commit 9874b233d55a0b1aea7eb033848f4b63a531833b)
|
|
compare push_* returns with (size_t)-1, not < 0.
Andrew Bartlett
(This used to be commit 63f5e92536c6bcac54b796d6e91b755e7d328f66)
|
|
- Provide generic functions for
- get valid encryption types
- free encryption types
- Add encryption type parm to generic function create_kerberos_key_from_string()
- Try to merge the two versions (between HEAD and SAMBA_3_0) of kerberos_verify.c
I think this should work for both MIT and heimdal, in HEAD. If all goes smooth,
I'll move it over to 3.0 soon...
(This used to be commit 45e409fc8da9f26cf888e13d004392660d7c55d4)
|
|
pull_ucs2_talloc function takes char** pointer, not (here
explicitly casted) void** one.
Rafal
(This used to be commit e77c44efd95d42a8194f5c3d36c043f8e84dfd1d)
|
|
users w/o full administrative access on computer accounts to join a
computer into AD domain.
The patch and detailed changelog is available at:
http://www.itcollege.ee/~aandreim/samba
This is a list of changes in general:
1. When creating machine account do not fail if SD cannot be changed.
setting SD is not mandatory and join will work perfectly without it.
2. Implement KPASSWD CHANGEPW protocol for changing trust password so
machine account does not need to have reset password right for itself.
3. Command line utilities no longer interfere with user's existing
kerberos ticket cache.
4. Command line utilities can do kerberos authentication even if
username is specified (-U). Initial TGT will be requested in this case.
I've modified the patch to share the kinit code, rather than copying it,
and updated it to current CVS. The other change included in the original patch
(local realms) has been left out for now.
Andrew Bartlett
(This used to be commit ce52f1c2ed4d3ddafe8ae6258c90b90fa434fe43)
|
|
Needed to move to disk based i/o later.
Jeremy.
(This used to be commit 4c3ee228fcdb089eaeead95e79532a9cf6cb0de6)
|
|
(not implemented yet)
(This used to be commit 8a8cca78adebba640c6ce971d8888515bf0ea4be)
|
|
Jeremy.
(This used to be commit 4e33e3f37fd548b9b1ed3c84f673a853b0dc4818)
|
|
blame for the realloc() stuff.
Plus a couple of minor updates to libads.
Andrew Bartlett
(This used to be commit 34b2e558a4b3cfd753339bb228a9799e27ed8170)
|
|
Jeremy.
(This used to be commit 193cc4f4fc876c66e97ea6b82bae431d0247c1fa)
|
|
(This used to be commit ec26877f0b4fbe2c651a6069d22b9ac0637aa2d1)
|
|
* added container option to net command (patch from SuSE)
* Makefile patch for examples/VFS from SuSE
(This used to be commit 4a6d8280ea27ca7a6998219aacc4b15b1227a659)
|
|
to figure out if we have got our ticket yet.
Andrew Bartlett
(This used to be commit a66ced2cf69145c0a5be5ed91ac306db50c313d1)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
Check return in ldap.
Jeremy.
(This used to be commit e789edbb287319f52f49f2999917a610565144d9)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a665ae678eea239759bb2de1a0d7b33)
|
|
- Add published attribute to info2, needed for win clients to work properly
- Return proper info on getprinter 7
This means you can now look at the sharing tab of a printer and get correct
info about whether it is published or not, and change it.
(This used to be commit adda04379ee46f105436262663652f3f576fa3cf)
|
|
(This used to be commit 82f3a786bf01878629fe4c05b028ae8d58eb4394)
|
|
dsspooler/dsdriver info existence.
(This used to be commit ca8735532cb656a09c1586326cdce33984fe38b4)
|
|
90% fix for CR 1076. The password server parameter will no take things
like
password server = DC1 *
which means to contact DC1 first and the go to auto lookup if it
fails.
jerry
(This used to be commit c31a17889e3e4daf7c1e807038efc2c0fba78be3)
|
|
(This used to be commit a148e4c290820a48c8b51e0e0459b2171b32c258)
|
|
net ads printer publish <printername> [servername]
Will retreive the DsSpooler and DsDriver info by rpc for a remote server
then publish it.
Next comes doing it within smbd
(This used to be commit 64951938cc5666a757683cbe9bee3a2c20a05323)
|
|
(This used to be commit f5d8afc626b8f7792aa7dd7fa7082f55725b539c)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
(This used to be commit 69dba08c40c9739137b4f01d38be5228edc6dd6e)
|
|
than the version in APPLIANCE so watch out for boogs.
(This used to be commit 1e054e3db654801fbb5580211529cdfdea9ed686)
|
|
(This used to be commit 6ec5dce69834e72e458a8acff7d1790cbdd46d67)
|
|
(This used to be commit d5d0d0de50482ed16c594b1cc4cc113e2526a915)
|
|
(This used to be commit 7eaf7e7115c75e682b1b9368c6f28c60429885e5)
|
|
do type 23
(This used to be commit c0612272e8eea3d741854c0b4834bc687d787218)
|
|
decode a type 23 ticket when the machine account is setup for non-DES
tickets
(This used to be commit 144d4429d7d91e8597263da6abc8041098f2a4c3)
|
|
record
(This used to be commit 8ff6d40d7fe4dc11e9ba194a55995c0926202df9)
|
|
(This used to be commit 9615ab10c006d8027f6a8b7dd3770eb77304dbdc)
|
|
This module, primarilly the work of "Stefan (metze) Metzmacher"
<metze@metzemix.de>, uses the Active Directory schema to store the
user/group/other information. I've been testing it against a real AD server,
and it is intended to work with OpenLDAP as well.
I've moved a few functions around in our other libads code, which has made it
easier to tap into that existing code.
Also, I've made some changes to the SAM interface, I hope there are not too
many objections... To ensure we don't get silly bugs in the skel module, it
is now in the default compile. This way you should not forget to update it :-)
Andrew Bartlett
(This used to be commit 24fb0cde2f0b657df1c99474cd694438c94a566e)
|
|
(This used to be commit 2b54a2fc2c85ea139e2acdbbc2f14b969c0c6315)
|
|
like metze's sam_ads can also use them.
Also add error checking etc to a few more functions.
Andrew Bartlett
(This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)
|
|
sane prototype for the push_utf8_allocate code.
Andrew Bartlett
(This used to be commit ce00a3238ed8a82639c4d0ee3e960f7000b1a7b0)
|
|
See mx-ldap.sf.net for his current progress.
(This used to be commit 9c62d1312fdf0aa7b1978e8bbb56fc076ba7e9d0)
|
|
back to NTLMSSP. We need to get the password out of the user, and this
eventually does.
Andrew Bartlett
(This used to be commit bb518a3bae3bf91a589021fcc5b1e715247c5ded)
|
|
the DC being out of sync with the local machine.
(This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
|
|
(This used to be commit 443d5ebafad46a9a62527642628aff8e5d9dc10c)
|
|
Oh well, here it is...
Andrew Bartlett
(This used to be commit 7c2a667640b01a0f19ddc3515c5ca7ac43d26e25)
|
|
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.
I've also added some extra failure mode DEBUG()s to parts of the code.
NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...
Andrew Bartlett
(This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
|
|
(This used to be commit ad3c8da13b9d510f78fd56364cd0987de88a9b9f)
|
|
we now do this:
- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP
This change also means that we no longer rely on having a gssapi
library to do ADS.
todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
|