Age | Commit message (Collapse) | Author | Files | Lines |
|
The problem was, we would set the ccache, then invalidate it as we set
details from it (like the principal name from the ccache).
Instead, set the ccache onto the credentials structure after we are
done processing it.
Andrew Bartlett
(This used to be commit d285bd927c604d930fc44cc84ef3321aa4ce9d9a)
|
|
username/password/realm/etc from the command line.
Also make sure it can't 'come back' from a later call to
cli_credentials_guess(), buy setting a threshold.
This should fix the issues with the build farm...
Andrew Bartlett
(This used to be commit 3b1dfb9306beb9f40d85d38cf6786ef161ec63f1)
|
|
on credentials don't do anything' bug.
The problem was simple, we didn't set the ccache as having been
initialised, so we always created a new one.
Andrew Bartlett
(This used to be commit ec2014f08b0845bc8aa0e8e6713bc4b21f430811)
|
|
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
|
|
I'll allow this to be configured from the secrets.ldb, but it should
fix some user issues.
Andrew Bartlett
(This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
|
|
metze
(This used to be commit fbf1b1bfa015e2126102d8eaf8861d779c21d969)
|
|
machine account.
Andrew Bartlett
(This used to be commit 16a2bb87a80ffb921f267492f453eb3457666315)
|
|
match for what we are using it for here.
Andrew Bartlett
(This used to be commit 305d1421efff3f01db1dce499568874965058e79)
|
|
few authentication tests. Now that the tests correctly 'fail', I was
able to fix the credentials subsystem to honour USER and PASSWD.
To get --machine-pass working, I needed ldb to always load it's static
modules, so I put this in ldb_connect().
Andrew Bartlett
(This used to be commit 3430d8c072407a1c33c32229095fc9db2142b6fa)
|
|
convenience API to create an anonymous credential. Don't clobber
cmdline_credentials in the UNIX-WHOAMI test.
(This used to be commit 73cea4e0c66f57057ed12b07bbb94b4e783ba6bf)
|
|
connections
metze
(This used to be commit 426238eb45f0cc41d99961ac554c2528fd8e96f5)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
metze
(This used to be commit a246e4bbaaab6f98f50a3c28b47d2c541af7b44a)
|
|
metze
(This used to be commit 1f8a037ac4f592d29f7d66e1f924efe1c5d8c2b0)
|
|
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
|
|
so make it possible to force encryption or signing.
metze
(This used to be commit a91dc4a02a46370c52f59cbd4dea9580fa6efafa)
|
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
|
|
libraries.
(This used to be commit 4422031d1d9307539832cee165c5071ff12943e7)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
|
|
to do
(This used to be commit ad75cf869550af66119d0293503024d41d834e02)
|
|
'authentication requested'...
Andrew Bartlett
(This used to be commit d5fc88c93697dbcab13b2356ef4e5d1d2a7d59eb)
|
|
talloc_set_destructor() is type safe. The end result will be lots less
use of void*, and less calls to talloc_get_type()
(This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
|
|
(This used to be commit 26442023d12760828acd8b6e2a1dedeaf4e96958)
|
|
right way around for all the callers.
Andrew Bartlett
(This used to be commit f9bcfb04aa3ec93eed7076dbb1fed50cf1edb424)
|
|
callback code.
(This used to be commit edf0701e877592695bd69124e528338c27f24efd)
|
|
Andrew Bartlett
(This used to be commit f9899277898ee7ef1118cbc49f5f277623ff7444)
|
|
usernames.
This is used in the password prompt, and should be reversable by the
parse string function.
Also, don't look at the ccache, even for the guess code, if kerberos
is disabled.
Andrew Bartlett
(This used to be commit 4c4b8e4b396ca44270a0456c732d3b9c3c34d69d)
|
|
attempts for the password, when talking to a remote CIFS server.
Andrew Bartlett
(This used to be commit 3a4ddc8f5978210ab3ad79f0332cee80a0d6e6c9)
|
|
(This used to be commit 5de894fb8bac8efa5bff004dbfc2e8b386d4003b)
|
|
(This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
(This used to be commit cd106509b664e9ca53419a62550b256b7e5bde3c)
|
|
(This used to be commit 23724bfd24b051c4096ac49c52c2cd31389340be)
|
|
even when not sending the LM response. Needed to pass the
test_session_key against Win2k3.
Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM.
Andrew Bartlett
(This used to be commit cb6c27b4f29878a6a904f798e228eea05cc658e1)
|
|
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
|
|
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
From here we can add tests to Samba for kerberos, forcing it on and
off. In the process, I also remove the dependency of credentials on
GENSEC.
This also picks up on the idea of bringing 'set_boolean' into general
code from jpeach's cifsdd patch.
Andrew Bartlett
(This used to be commit 1ac7976ea6e3ad6184c911de5df624c44e7c5228)
|
|
case) as the keytab.
This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).
Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
|
|
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
|
|
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|