Age | Commit message (Collapse) | Author | Files | Lines |
|
Mewburn <lukem@NetBSD.org> and close Bugzilla #1661.
Leaving the old define for KRB5_KPASSWD_VERS_SETPW (added by Antti
Andreimann) as fallback when the library does not provide one.
Guenther
(This used to be commit 00598877dfb7aab48d1b5d58b3a69ed2dd8a36a8)
|
|
memcpy's into fqdn names. I think the original intent was to create
MYNAME.fqdn.tail.part.
Will need testing to see I haven't broken keytab support.
Jeremy.
(This used to be commit 82acf83040654eb8b7e261518a3e5eb9caea7750)
|
|
Dahyabhai <nalin@redhat.com>
(bugid #1717).
Jeremy.
(This used to be commit 30b8807cf6d5c3c5b9947a7e841d69f0b22eb019)
|
|
<nalin@redhat.com>
for bug #1717.The rest of the code needed to call this patch has not yet been
checked in (that's my next task). This has not yet been tested - I'll do this
once the rest of the patch is integrated.
Jeremy.
(This used to be commit 7565019286cf44f43c8066c005b1cd5c1556435f)
|
|
Jeremy.
(This used to be commit 0f3f7b035b37bfc51d3a59d0472003c3d4ac1511)
|
|
User-, Group- and Machine-Accounts in Active Directory (this got lost
during the last trunk-merge).
This way we match e.g. default containers moved by redircmp.exe and
redirusr.exe in Windows 2003 and don't blindly default to cn=Users or
cn=Computers.
Further wkguids can be examied via "net ads search wellknownobjects=*".
This should still keep a samba3-client joining a samba4 dc. Fixes
Bugzilla #1343.
Guenther
(This used to be commit 8836621694c95779475fa9a1acf158e5e0577288)
|
|
- fix typo in libads/ldap_printer.c:39, ads_find_printer_on_server()
(originally libads-typo.patch)
- fix leak in printing/nt_printing.c, is_printer_published()
(originally is_printer_published-leak.patch)
- fix double print_backend_init() calls, now only called from main()
- restructuring in printing/nt_printing.c
- replaced (un)publish_it() with ads-specific functions
- moved common code to nt_printer_publish()
- improved error handling in several places
- added check_published_printers() in printing/nt_printing.c, to verify
that each published printer is actually in the directory at startup
- changed calling semantics of mod_a_printer, dump_a_printer, and
update_driver_init to be more consistent with the rest of the api and
reduce some copying
(This used to be commit 50a5a3dbd02acb0d09133b6e42cc37d091ea901d)
|
|
winbindd (lookup_name() only works with the sAMAccountName) -- *please* test this change. My tests all pass but there is probably something I missed
(This used to be commit 2bf08aaa37f41681b3154514792bf29a3abfdbfd)
|
|
Guenther
(This used to be commit 86a61c86a49a7e4d67e61201458c9b0229fb0825)
|
|
(This used to be commit 7e44193be103fad273796218c8f5e5f9a1657c3c)
|
|
userPrincipalName value (host/hostname@REALM) and not the servicePrincipalName (host/fqdn@REALM) in the SASL binds
(This used to be commit 959da6e176da9f6a687265e50489b7db3d6712c0)
|
|
Jeremy.
(This used to be commit de80e8b1698d34637cf9c105a8fe02f435d83b02)
|
|
is not invalid.
Jeremy.
(This used to be commit 4bdf914cba2a63d186138d1341a7260ad79da1f5)
|
|
(This used to be commit b7267121af45d7173c310299bb52ae031ae1d501)
|
|
add a timeout to the ldap open calls. New parameter, ldap timeout
added.
Jeremy.
(This used to be commit e5b3094c4cc75eb07f667dd1aeb73921ed7366ac)
|
|
Volker
(This used to be commit e8786506b86f129ba6401c09b89a26bfb335440e)
|
|
(DEBUG).
Volker
(This used to be commit b491e76625f0d20fa9db2a3dbb22adc34ca7d414)
|
|
Jeremy.
(This used to be commit b462b8fa2f264bef62ed4cd2aaacb2f21e135068)
|
|
CHECK THIS !
Jeremy.
(This used to be commit d4abeefe3e307ff226fba481ca2c743cde153e4b)
|
|
Jeremy.
(This used to be commit 92a5dc1880a4fe0f3c3b56fc0958dbac77506b4f)
|
|
struct not a pointer).
Jeremy.
(This used to be commit 940f893d485a01e73afe714a70d724c2d41c7ad4)
|
|
it compiles with Heimdal.
Jeremy.
(This used to be commit dd07278b892770ac51750b87a4ab902d4de3a960)
|
|
Jeremy.
(This used to be commit 5a1d8c3c9b8daa435f6eb5bc1652bab138e05dbf)
|
|
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
(This used to be commit ad440213aaae58fb5bff6e8a6fcf811c5ba83669)
|
|
<dperry@pppl.gov>,
fixed valgrind detected mem corruption in libads/kerberos_keytab.c.
Jeremy.
(This used to be commit 286f4c809cb1532b3f8ae7ddf92349c68cc8ce31)
|
|
haven't broken krb5 ticket verification in the mainline code path,
also need to check with valgrind. Everything now compiles (MIT, need
to also check Heimdal) and the "net keytab" utility code will follow.
Jeremy.
(This used to be commit f0f2e28958cb9abfed216c71f291f19ea346d630)
|
|
krb5_free_keytab_entry_contents
Jeremy.
(This used to be commit be8a2dc00dd876c4b596600ae72d4ac05f9ebe64)
|
|
Jeremy.
(This used to be commit af5a08f5ad895cb33c9134771da19ba5e709e742)
|
|
if compiles yet,
but will soon :-).
Jeremy.
(This used to be commit 0d982956f6ba2f284ffa4313a9e7581a79dbf397)
|
|
Jeremy.
(This used to be commit 57c037c6c92d28b70e36859a639c53979126ff01)
|
|
Jeremy.
(This used to be commit 786a440c189556d5c122b2c9ddca9fdf6bd65d1d)
|
|
Work in progress !
It seems the krb5 interfaces are so horrible it's impossible to write good error checking
code :-(.
Jeremy.
(This used to be commit 03f8c8bc07c9d8a378a34c271dcc088d17adb342)
|
|
Jeremy.
(This used to be commit 858e849af697bba67ebaa970257d93b6cff7d9e0)
|
|
Jeremy.
(This used to be commit 9647394e7c79c81ac4cf276a2c4b9e16eb053ec2)
|
|
Jeremy.
(This used to be commit ac501348f473045a7846ffd9bc6b9eb4682b8987)
|
|
heimdal; also initialize some pointers
(This used to be commit be74e88d9a4b74fcaf25b0816e3fa8a487c91ab5)
|
|
valgrind winbindd with these in....
Jeremy.
(This used to be commit fa4774b73d338a0c0df09f23cd738279bf4e71a2)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
* updateing WHATSNEW with vl's change
(This used to be commit a7e2730ec4389e0c249886a8bfe1ee14c5abac41)
|
|
Winbind tickets expired. We now check the expiration time, and acquire
new tickets. We couln't rely on renewing them, because if we didn't get
a request before they expired, we wouldn't have renewed them. Also, there
is a one-week limit in MS on renewal life, so new tickets would have been
needed after a week anyway. Default is 10 hours, so we should only be
acquiring them that often, unless the configuration on the DC is changed (and
the minimum is 1 hour).
(This used to be commit c2436c433afaab4006554a86307f76b6689d6929)
|
|
memory (not the members though)
(This used to be commit 4449e0e251190b741f51348819669453f0758f36)
|
|
hardcoded into it.
This didn't matter, as we only use it for 'member' so far...
Andrew Bartlett
(This used to be commit 8621899112e720411715ea53558d5146ff04eeb0)
|
|
memory keytab code which has no effect. Driven by bug report from
"Rob J. Caskey" <rcaskey@uga.edu>.
Jeremy.
(This used to be commit 4cb8facbf9fa6fa5233fdb363ceac4b304d263d4)
|
|
(This used to be commit ebabf72a78f0165521268b73e0fcabe1ea7834fd)
|
|
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.
The routines used for this behaviour have been upgraded to modern Samba
codeing standards.
This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.
This is in line with existing behaviour for native mode domains, and for
our primary domain.
As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values. These changes move more routines to ADS_STATUS to return
kerberos errors.
Also found when valgrinding the setup, fix a few memory leaks.
While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.
Andrew Bartlett
(This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
|
|
but security=ADS, we would attempt to free the principal name that krb5
never allocated.
Also fix the dump_data() of the session key, now that we use a data_blob to
store that.
Andrew Bartlett
(This used to be commit 4ad67f13404ef0118265ad66d8bdfa256c914ad0)
|
|
(This used to be commit 3a4c56e4c60854bbd291adc7d321d3869e6dedab)
|
|
could reproduce it, I would fix it, but for now just make sure we always
SAFE_FREE() and set our starting pointers to NULL.
Andrew Bartlett
(This used to be commit c279e178bc122e1e2aa519f7a373a3d93672a3ac)
|
|
rpc_parse/parse_lsa.c:
nsswitch/winbindd_rpc.c:
nsswitch/winbindd.h:
- Add const
libads/ads_ldap.c:
- Cleanup function for use
nsswitch/winbindd_ads.c:
- Use new utility function ads_sid_to_dn
- Don't search for 'dn=', rather call the ads_search_retry_dn()
nsswitch/winbindd_ads.c:
include/rpc_ds.h:
rpc_client/cli_ds.c:
- Fixup braindamage in cli_ds_enum_domain_trusts():
- This function was returning a UNISTR2 up to the caller, and
was doing nasty (invalid, per valgrind) things with memcpy()
- Create a new structure that represents this informaiton in a useful way
and use talloc.
Andrew Bartlett
(This used to be commit 06c3f15aa166bb567d8be0a8bc4b095b167ab371)
|
|
This introduces range retrieval of ADS attributes.
VL rewrote most of Günther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.
I rewrote that patch, to ensure that we can keep an eye on the USN
(sequence number) of the entry - this allows us to ensure the read was
atomic.
In particular, the range retrieval is now generic, for strings. It
could easily be made generic for any attribute type, if need be.
Andrew Bartlett
(This used to be commit 131bb928f19c7b1f582c4ad9ac42e5f3d9dfb622)
|