Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
|
|
Andrew Bartlett
(This used to be commit 3480dc71a9f969909b984855d546a1974593368f)
|
|
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
|
|
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
(This used to be commit 20b70fbb7af6b6759c3b8c8aa56e10944b32bfdf)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
Andrew Bartlett
(This used to be commit 7865d10a299a84ed42de4435b7e6400d56161ac5)
|
|
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
|
|
seen in particular on opi.
This looked like a Heimdal problem, but I think it was simply that we
didn't do a talloc_reference() to keep tabs on the memory we were
using, and in between obtaining the pointer and using it, it was
assigned to unrelated memory.
Andrew Bartlett
(This used to be commit a650ad8b37d58ba64458a33313714d1abfc4850b)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
The problem was, we would set the ccache, then invalidate it as we set
details from it (like the principal name from the ccache).
Instead, set the ccache onto the credentials structure after we are
done processing it.
Andrew Bartlett
(This used to be commit d285bd927c604d930fc44cc84ef3321aa4ce9d9a)
|
|
username/password/realm/etc from the command line.
Also make sure it can't 'come back' from a later call to
cli_credentials_guess(), buy setting a threshold.
This should fix the issues with the build farm...
Andrew Bartlett
(This used to be commit 3b1dfb9306beb9f40d85d38cf6786ef161ec63f1)
|
|
on credentials don't do anything' bug.
The problem was simple, we didn't set the ccache as having been
initialised, so we always created a new one.
Andrew Bartlett
(This used to be commit ec2014f08b0845bc8aa0e8e6713bc4b21f430811)
|
|
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
|
|
I'll allow this to be configured from the secrets.ldb, but it should
fix some user issues.
Andrew Bartlett
(This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
|
|
metze
(This used to be commit fbf1b1bfa015e2126102d8eaf8861d779c21d969)
|
|
machine account.
Andrew Bartlett
(This used to be commit 16a2bb87a80ffb921f267492f453eb3457666315)
|
|
match for what we are using it for here.
Andrew Bartlett
(This used to be commit 305d1421efff3f01db1dce499568874965058e79)
|
|
few authentication tests. Now that the tests correctly 'fail', I was
able to fix the credentials subsystem to honour USER and PASSWD.
To get --machine-pass working, I needed ldb to always load it's static
modules, so I put this in ldb_connect().
Andrew Bartlett
(This used to be commit 3430d8c072407a1c33c32229095fc9db2142b6fa)
|
|
convenience API to create an anonymous credential. Don't clobber
cmdline_credentials in the UNIX-WHOAMI test.
(This used to be commit 73cea4e0c66f57057ed12b07bbb94b4e783ba6bf)
|
|
connections
metze
(This used to be commit 426238eb45f0cc41d99961ac554c2528fd8e96f5)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
metze
(This used to be commit a246e4bbaaab6f98f50a3c28b47d2c541af7b44a)
|
|
metze
(This used to be commit 1f8a037ac4f592d29f7d66e1f924efe1c5d8c2b0)
|
|
them as a hook on ldb modify, via a module.
This should allow the secrets.ldb to be edited by the admin, and to
have things update in the on-disk keytab just as an in-memory keytab
would.
This isn't really a dsdb plugin, but I don't have any other good ideas
about where to put it.
Andrew Bartlett
(This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
|
|
so make it possible to force encryption or signing.
metze
(This used to be commit a91dc4a02a46370c52f59cbd4dea9580fa6efafa)
|
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
|
|
libraries.
(This used to be commit 4422031d1d9307539832cee165c5071ff12943e7)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
|
|
to do
(This used to be commit ad75cf869550af66119d0293503024d41d834e02)
|
|
'authentication requested'...
Andrew Bartlett
(This used to be commit d5fc88c93697dbcab13b2356ef4e5d1d2a7d59eb)
|
|
talloc_set_destructor() is type safe. The end result will be lots less
use of void*, and less calls to talloc_get_type()
(This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
|
|
(This used to be commit 26442023d12760828acd8b6e2a1dedeaf4e96958)
|
|
right way around for all the callers.
Andrew Bartlett
(This used to be commit f9bcfb04aa3ec93eed7076dbb1fed50cf1edb424)
|
|
callback code.
(This used to be commit edf0701e877592695bd69124e528338c27f24efd)
|
|
Andrew Bartlett
(This used to be commit f9899277898ee7ef1118cbc49f5f277623ff7444)
|
|
usernames.
This is used in the password prompt, and should be reversable by the
parse string function.
Also, don't look at the ccache, even for the guess code, if kerberos
is disabled.
Andrew Bartlett
(This used to be commit 4c4b8e4b396ca44270a0456c732d3b9c3c34d69d)
|
|
attempts for the password, when talking to a remote CIFS server.
Andrew Bartlett
(This used to be commit 3a4ddc8f5978210ab3ad79f0332cee80a0d6e6c9)
|
|
(This used to be commit 5de894fb8bac8efa5bff004dbfc2e8b386d4003b)
|
|
(This used to be commit 3ef9326386ba1c210166302cbcf02d2ed3f19944)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
(This used to be commit cd106509b664e9ca53419a62550b256b7e5bde3c)
|
|
(This used to be commit 23724bfd24b051c4096ac49c52c2cd31389340be)
|
|
even when not sending the LM response. Needed to pass the
test_session_key against Win2k3.
Yes, I think this is a security flaw in the use of Win2k3-compatible NTLM.
Andrew Bartlett
(This used to be commit cb6c27b4f29878a6a904f798e228eea05cc658e1)
|