Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-06-02 | s3: Allow previous password to be stored and use it to check tickets | Matthieu Patou | 1 | -37/+58 | |
This patch is to fix bug 7099. It stores the current password in the previous password key when the password is changed. It also check the user ticket against previous password. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet() | Andrew Bartlett | 1 | -1/+5 | |
This ensures the results can't be easily left to leak. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | ntlmssp: Make the ntlmssp.h from source3/ a common header | Andrew Bartlett | 1 | -1/+1 | |
The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-31 | s3: use shared security defines. | Günther Deschner | 1 | -14/+14 | |
Guenther | |||||
2010-05-31 | s3: only use netlogon/nbt header when needed. | Günther Deschner | 3 | -0/+14 | |
Guenther | |||||
2010-05-28 | s3-build: use ndr_misc.h where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-26 | s3-printing: fix buildwarning in publishing code after registry changes. | Günther Deschner | 1 | -5/+5 | |
Guenther | |||||
2010-05-25 | s3:registry: move reg_objects.h to registry/ and use it only where needed | Michael Adam | 1 | -0/+1 | |
Every place outside of registry/ where this is used, should probably be changed to use pure reg_api.c code. | |||||
2010-05-25 | s3:libads:use regval_ctr/blob accessor functions in ldap_printer.c | Michael Adam | 1 | -34/+42 | |
2010-05-21 | s3:dom_sid Global replace of DOM_SID with struct dom_sid | Andrew Bartlett | 2 | -23/+23 | |
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-20 | s3-libads: add ads_set_sasl_wrap_flags(). | Günther Deschner | 1 | -0/+14 | |
Guenther | |||||
2010-05-18 | s3-rpc_client: move protos to cli_spoolss.h | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-18 | s3-secdesc: remove "typedef struct security_descriptor SEC_DESC". | Günther Deschner | 2 | -4/+5 | |
Guenther | |||||
2010-05-18 | s3-secdesc: remove "typedef struct security_acl SEC_ACL". | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-05-18 | s3-secdesc: remove "typedef struct security_ace SEC_ACE". | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-05-18 | s3: Remove use of iconv_convenience. | Jelmer Vernooij | 3 | -17/+10 | |
2010-05-18 | s3-registry: only include registry headers when really needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-05-17 | s3-kerberos: temporary fix for ipv6 in print_kdc_line(). | Günther Deschner | 1 | -5/+20 | |
Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill in just the kdc_name if we have it and let the krb5 lib figure out the appropriate ipv6 address ipv6 gurus, please check. Guenther | |||||
2010-05-17 | s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain(). | Günther Deschner | 1 | -7/+12 | |
Guenther | |||||
2010-05-11 | s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA | Andrew Bartlett | 2 | -121/+26 | |
All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-05-06 | Remove the copy of ldb from Samba 3. | Jelmer Vernooij | 1 | -1/+0 | |
There were two utility functions that other parts of Samba 3 still relied on; they have been moved to lib/ldb_compat.[ch]. | |||||
2010-05-06 | s3: only include gen_ndr headers where needed. | Günther Deschner | 1 | -0/+1 | |
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther | |||||
2010-05-04 | s3: Fix a memleak in check_pac_checksum | Volker Lendecke | 1 | -2/+8 | |
2010-04-27 | s3:libads/ldap.c - fix a build breakage | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-03-30 | s3:libads: retry with signing after getting LDAP_STRONG_AUTH_REQUIRED | Stefan Metzmacher | 1 | -0/+10 | |
If server requires LDAP signing we're getting LDAP_STRONG_AUTH_REQUIRED, if "client ldap sasl wrapping = plain", instead of failing we now autoupgrade to "client ldap sasl wrapping = sign" for the given connection. metze | |||||
2010-03-24 | s3:ntlmssp: pass names and use_ntlmv2 to ntlmssp_client_start() and store them | Stefan Metzmacher | 1 | -1/+6 | |
Inspired by the NTLMSSP merge work by Andrew Bartlett. metze Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-03-05 | s3-libads: fix get_remote_printer_publishing_data after ↵ | Günther Deschner | 1 | -26/+14 | |
spoolss_EnumPrinterDataEx IDL change. Guenther | |||||
2010-03-02 | s3:ads fix dn parsing name was always null | Simo Sorce | 1 | -19/+16 | |
While there also use ldap_exploded_dn instead of ldb_dn_validate() so we can remove a huge dependency that is hanging there only for one very minor marginal use. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-02-23 | s3 move the sitename cache in its own file | Simo Sorce | 4 | -113/+165 | |
2010-02-23 | s3-libads: Remove obsolete signal type cast. | Andreas Schneider | 1 | -5/+5 | |
2010-02-14 | s3-lib: use TYPESAFE_QSORT() in remaining s3 library code | Andrew Tridgell | 1 | -1/+1 | |
the sort_query_replies() in nmblib.c is a TODO. It uses a hack that treats a char* as a structure. I've left that one alone for now. | |||||
2010-01-30 | Fix bug #7079 - cliconnect gets realm wrong with trusted domains. | Jeremy Allison | 1 | -0/+52 | |
Passing NULL as dest_realm for cli_session_setup_spnego() was always using our own realm (as for a NetBIOS name). Change this to look for the mapped realm using krb5_get_host_realm() if the destination machine name is a DNS name (contains a '.'). Could get fancier with DNS name detection (length, etc.) but this will do for now. Jeremy. | |||||
2009-12-22 | s3:ntlmssp: only include ntlmssp.h where actually needed | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2009-12-04 | s3: bug #6967: Prevent glibc error on net ads join: | Jim McDonough | 1 | -1/+1 | |
talloc()ed memory should not be SAFE_FREE()ed. Signed-off-by: Jim McDonough <jmcd@samba.org> | |||||
2009-11-27 | s3-kerberos: do not include authdata headers before including krb5 headers. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-11-27 | s3-kerberos: only use krb5 headers where required. | Günther Deschner | 7 | -0/+7 | |
This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther | |||||
2009-11-26 | s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵ | Günther Deschner | 1 | -0/+1 | |
samba. Guenther | |||||
2009-11-12 | Remove unused variable warning. | Jeremy Allison | 1 | -1/+0 | |
Jeremy. | |||||
2009-11-12 | s3-kerberos: remove smb_krb5_get_tkt_from_creds(). | Günther Deschner | 1 | -60/+4 | |
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation, remove smb_krb5_get_tkt_from_creds() which is not required anymore. Guenther | |||||
2009-11-06 | s3-kerberos: let smb_krb5_get_tkt_from_creds() compile with older heimdal libs. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-11-06 | s3-kerberos: support S4U2SELF impersionation through cli_krb5_get_ticket(). | Günther Deschner | 1 | -1/+2 | |
Guenther | |||||
2009-11-06 | s3-kerberos: add impersonate_principal for kerberos_return_pac_X calls. | Günther Deschner | 1 | -1/+25 | |
Guenther | |||||
2009-11-06 | s3-kerberos: add smb_krb5_get_tkt_from_creds(). | Günther Deschner | 1 | -0/+40 | |
Guenther | |||||
2009-11-06 | s3-kerberos: fix some build warnings when building against heimdal. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-10-13 | s3: use enum netr_SchannelType all over the place. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-10-01 | s3: update comment about (deprecated) a6 records | Björn Jacke | 1 | -1/+2 | |
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-08-26 | Add a parameter to disable the automatic creation of krb5.conf files | Volker Lendecke | 1 | -1/+6 | |
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of transitive AD trusts. The workaround is to add a [capaths] directive to /etc/krb5.conf, which we don't automatically put into the krb5.conf winbind creates. The alternative would have been something like a "krb5 conf include", but I think if someone has to mess with /etc/krb5.conf at this level, it should be easy to add the site-local KDCs as well. Next alternative is to correctly figure out the [capaths] parameter for all trusted domains, but for that I don't have the time right now. Sorry :-) | |||||
2009-08-25 | Do an early TALLOC_FREE | Volker Lendecke | 1 | -1/+2 | |
2009-07-28 | (Hopefully) fix the problem Kai reported with | Jeremy Allison | 1 | -1/+1 | |
net ads leave and IPv6. Ensure all DC lookups prefer IPv4. Jeremy. |