summaryrefslogtreecommitdiff
path: root/source3/libads
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r24042: add support for krb5 sign and seal in LDAP via "GSS-SPNEGO"Stefan Metzmacher1-1/+309
metze (This used to be commit 34ab84aceb86195743abd26c46a631640409725e)
2007-10-10r24037: only setup sasl wrapping after a successful bindStefan Metzmacher1-2/+4
metze (This used to be commit 85d6cd3dfb5cbd9e899957265e352583ff608ed4)
2007-10-10r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, ↵Günther Deschner1-1/+1
renew, pac). Guenther (This used to be commit 4cada7c1485c9957e553d6e75cb6f30f4338489f)
2007-10-10r23970: Allow to set the debuglevel at which to dump the PAC logon info.Günther Deschner1-18/+18
Guenther (This used to be commit 7d321aad83cb7b9cc766bc89a886676337a2bad8)
2007-10-10r23969: Some helper routines to retrieve a PAC and PAC elements.Günther Deschner1-0/+160
Guenther (This used to be commit d4c87c792a955be7d5ef59fc683fc48e3d8afe16)
2007-10-10r23953: Some C++ warningsVolker Lendecke2-4/+7
(This used to be commit 8716edf157bf8866328f82eb6cf25e71af7fea15)
2007-10-10r23951: Fix segfault.Günther Deschner1-1/+1
Guenther (This used to be commit 1a5c8780ae79e5ae4e6a36bfb66cd92ae7d3aa88)
2007-10-10r23948: add gsskrb5 sign and seal support for LDAP connectionsStefan Metzmacher1-5/+135
NOTE: only for the "GSSAPI" SASL mech yet metze (This used to be commit a079b66384b15e9d569dded0d9d6bd830e1a6dfa)
2007-10-10r23946: add support for NTLMSSP sign and sealStefan Metzmacher1-1/+122
NOTE: windows servers are broken with sign only... metze (This used to be commit 408bb2e6e2171196a2bd314db181d9b124e931a1)
2007-10-10r23945: add infrastructure to select plain, sign or seal LDAP connectionStefan Metzmacher2-2/+23
metze (This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6)
2007-10-10r23943: - always provide ads_setup_sasl_wrapping() functionStefan Metzmacher1-4/+10
- read/write returning 0 means EOF and we need to return direct metze (This used to be commit 885d557ae746c318df0aabc0a03dce1587918cce)
2007-10-10r23937: Use ads_config_path() when we need to know the configration context.Günther Deschner1-26/+11
Guenther (This used to be commit 1a62c731c6259bf4285d3735bff8b191002553f7)
2007-10-10r23933: - implement ctrl SASL wrapping hookStefan Metzmacher1-6/+26
- pass down sign or seal hooks - some sasl wrapping fixes metze (This used to be commit 8c64ca3394489b28034310fe64d6998e49827196)
2007-10-10r23926: implement output buffer handling for the SASL write wrapperStefan Metzmacher1-1/+67
metze (This used to be commit 65ce6fa21adec704b3cde30c57001e5620f048e4)
2007-10-10r23922: implement input buffer handling for the SASL read wrapperStefan Metzmacher1-2/+129
metze (This used to be commit 7d8518ebd9470062b499b7074a940e14520e99f2)
2007-10-10r23918: not all ldap libraries support debuggingStefan Metzmacher1-18/+0
metze (This used to be commit 3f68189c9a319ac9cae76f6d2b586cbde6d31e3c)
2007-10-10r23916: use the correct io operations for debuggingStefan Metzmacher1-4/+6
metze (This used to be commit d745a1a71991f306c29b3c62f43d619177f79725)
2007-10-10r23898: rename HAVE_ADS_SASL_WRAPPING -> HAVE_LDAP_SASL_WRAPPINGStefan Metzmacher1-2/+2
metze (This used to be commit 873eaff8febb50f00f9dac64c57b2a22c16f4f9b)
2007-10-10r23893: add dummy callbacks for LDAP SASL wrapping,Stefan Metzmacher1-0/+109
they're not used yet... metze (This used to be commit a3b97cdce719d9d5e82f26096c0e8c3a86ff3965)
2007-10-10r23888: move elements belonging to the current ldap connection to aStefan Metzmacher4-55/+55
substructure. metze (This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
2007-10-10r23886: add ads_disconnect() functionStefan Metzmacher3-8/+14
metze (This used to be commit ba70737b7043cae89dd90f8668a24881212ac6fb)
2007-10-10r23869: Protect against partial security descriptors.Günther Deschner1-8/+25
Guenther (This used to be commit 0a96a11f01dd8c0d29fff1d97c3d666c32b33b59)
2007-10-10r23861: Fix return code in ads_find_samaccount().Günther Deschner1-1/+1
Guenther (This used to be commit 684fcf39dcc08bcf571272549222fdeb11d2725f)
2007-10-10r23842: Attempt to fix the build with LDAP.Günther Deschner1-1/+3
Guenther (This used to be commit efd817ae118da51058106ae97854572547e113d3)
2007-10-10r23839: Try to get the attribute name from schema GUIDs or the display name fromGünther Deschner2-7/+48
extended rights GUID from ad while dumping the security descriptors's aces. This would perform much better with a guid cache, but for the rare cases where it is used net ads search cn=mymachine ntSecurityDescriptor -U user%pass it should be ok for now. Guenther (This used to be commit b36913433eb74203b29f2b7d412a86e60591ea22)
2007-10-10r23838: Allow to store schema and config path in ADS_STRUCT config.Günther Deschner1-0/+2
Guenther (This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
2007-10-10r23837: Pass ADS_STRUCT and TALLOC_CTX down to ads_disp_sd.Günther Deschner2-7/+9
Guenther (This used to be commit ad0a6d5703c35d48ab5bbfa8d6506d42e0cfb61d)
2007-10-10r23836: Add ads_config_path() and ads_get_extended_right_name_by_guid().Günther Deschner1-0/+93
Guenther (This used to be commit 4d62f1191b52569fcdbe674773b07a44aa469520)
2007-10-10r23835: Pass down a struct GUID to ads_get_attrname_by_guid() directly.Günther Deschner1-7/+2
Guenther (This used to be commit a4d5206d0bcbee713790834f119b182e0b419e8c)
2007-10-10r23834: Allow to pass an ADS_STRUCT pointer down to the dump function ↵Günther Deschner1-13/+13
callback in libads. Guenther (This used to be commit 311bbbafa6d860b7b632beac6d9249b0a2fafb86)
2007-10-10r23833: Document ads_find_samaccount().Günther Deschner1-0/+9
Guenther (This used to be commit 3effd1c3461301f9ccf7c55386810c36f4ee3ccc)
2007-10-10r23829: Add ads_get_attrname_by_guid().Günther Deschner1-2/+51
Guenther (This used to be commit a84fd8300661fd895ed7a8a104b743628718dfc8)
2007-10-10r23826: Fix gpo security filtering by matching the security descriptor ace's ↵Günther Deschner1-2/+0
for the extended apply group policy right. Guenther (This used to be commit d832014a6fef657f484412372b5d09047552b183)
2007-10-10r23820: Display security_ace_object in LDAP security descriptors for debugging.Günther Deschner1-0/+18
Guenther (This used to be commit 3925e85812b2aded356866925382b1beb718cd44)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell19-38/+19
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison20-20/+20
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23772: Add ads_find_samaccount() helper function.Günther Deschner1-0/+60
Guenther (This used to be commit 6fafa64bea4ce6a7a5917fa02ed9c564a7c93ffb)
2007-10-10r23654: Remove misleading inline comment.Günther Deschner1-4/+2
Guenther (This used to be commit a3441c22b342e2802bd9766b7046073db3895a29)
2007-10-10r23651: Always, always, always compile before commit...Günther Deschner1-1/+1
Guenther (This used to be commit accb40446ad3f872c5167fc2306d892553293b7b)
2007-10-10r23650: Fix remaining callers of krb5_kt_default().Günther Deschner1-3/+4
Guenther (This used to be commit b9d7a2962a472afb0c6b8e3ac5c2c819d4af2b39)
2007-10-10r23649: Fix the build (by moving smb_krb5_open_keytab() to clikrb5.c).Günther Deschner1-137/+1
Guenther (This used to be commit 19020d19dca7f34be92c8c2ec49ae7dbde60f8c1)
2007-10-10r23648: Allow to list a custom krb5 keytab file with:Günther Deschner1-2/+2
net ads keytab list /path/to/krb5.keytab Guenther (This used to be commit a2befee3f240543ea02ea99cebad886b54ae64eb)
2007-10-10r23647: Use smb_krb5_open_keytab() in smbd as well.Günther Deschner1-2/+2
Guenther (This used to be commit d22c0d291e1b4a1412164d257310bbbb99de6500)
2007-10-10r23646: Generalize our internal keytab handling to support a broader range ↵Günther Deschner1-47/+140
of default keytabnames (like "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab"). This also fixes keytab support with Heimdal (which supports the WRFILE pragma as well now). Guenther (This used to be commit 7ca002f4cc9ec4139c0c48952ebf05f89b5795ef)
2007-10-10r23607: Add legacy support for Services for Unix (SFU) 2.0.Günther Deschner1-17/+55
Guenther (This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
2007-10-10r23514: Remove unused function ads_get_dn_from_extended_dn().Jeremy Allison1-29/+0
Jeremy. (This used to be commit 03763bc5287fef5f100c911041668e23d4305f8d)
2007-10-10r23477: Build farm fix: Use int rather than MIT's krb5_int32 when setting ↵Gerald Carter1-1/+1
context flags. (This used to be commit 903145e957cd05b219fdf7d5fc1e35430938a24e)
2007-10-10r23474: Here's a small patch that disables the libkrb5.so replay cacheGerald Carter1-39/+63
when verifying a ticket from winbindd_pam.c. I've found during multiple, fast, automated SSH logins (such as from a cron script) that the replay cache in MIT's krb5 lib will occasionally fail the krb5_rd_req() as a replay attack. There seems to be a small window during which the MIT krb5 libs could reproduce identical time stamps for ctime and cusec in the authenticator since Unix systems only give back milli-seconds rather than the micro-seconds needed by the authenticator. Checked against MIT 1.5.1. Have not researched how Heimdal does it. My thinking is that if someone can spoof the KDC and TDS services we are pretty hopeless anyways. (This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
2007-10-10r23251: whoops! Fix compile errorGerald Carter1-2/+6
(This used to be commit 22a3ea40ac69fa3722abf28db845ab284a65ad97)
generated by cgit (git 2.34.1) at 2024-11-07 10:35:54 +0000