Age | Commit message (Collapse) | Author | Files | Lines |
|
Allow other plugins to init the context without having it try to grab sockets
or set samba specific logging.
|
|
|
|
level 2 for every krb request is a bit much
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
metze
|
|
metze
|
|
for sockets
metze
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
wrok with addresses
metze
|
|
Andrew, I was pretty sure these could be removed but if not, please let
me know.
|
|
This commit applies some cosmetic corrections for the KERBEROS library.
|
|
metze
(This used to be commit 6ec3887aee9bbb9c182ab966d37212edeaa16b5a)
|
|
(This used to be commit 3817d653faecb70bfafb850fe7d6e83aaed7e6d1)
|
|
(This used to be commit d3643c2152a490952e59ee15b7a62ad3ad465462)
|
|
(This used to be commit 801c8c766cb6a104751be8829593e0e123508134)
|
|
(This used to be commit 459e1466a411d6f83b7372e248566e6e71c745fc)
|
|
(This used to be commit b03e5d00110be3f1fe5809dad4eb6ca5cea7463d)
|
|
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
|
|
2007-09-29 More higher-level passing around of lp_ctx.
2007-09-29 Fix warning.
2007-09-29 Pass loadparm contexts on a higher level.
2007-09-29 Avoid using global loadparm context.
(This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
|
|
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
standardise with the rest of the code.
Andrew Bartlett
(This used to be commit 3aa9d70723d4377d29e33281b640499193b06c69)
|
|
context. We now have an event context on the torture_context, and we
can also get one from the cli_credentials structure
(This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
|
|
This replaces a lump of hand-crafted code with the generic packet
system used in the rest of Samba4.
(I started this while chasing down the epoll bug, which turned out to
be seperate)
(This used to be commit 2a7dec4e5dc453f509493f80fc1270416f30a36e)
|
|
problems with order of socket closing in krb5
(This used to be commit 46a7d83c2b49798c6c5389c13ec2b9785c47b85b)
|
|
with krb5:set_dns_canonicalize=yes
needed for the drsuapi replication, but we should fix this with
a kdc locator plugin ...
metze
(This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
|
|
(This used to be commit 5ff665b6531fdb4c7e56c49b7f923546d93b384c)
|
|
of KDC behaviour. This should allow PKINIT to be turned on and
managed with reasonable sanity.
This also means that the krb5.conf in the same directory as the
smb.conf will always have priority in Samba4, which I think will be
useful.
Andrew Bartlett
(This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
|
|
This patch updates our build system and glue to support a new snapshot
of lorikeet-heimdal.
We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend
on that in the heimdal_build/config.mk. This is much easier than
listing every generated .o file individually.
This required some small changes to the build system, due to the way
the parent directory was handled for the output of scripts. I've also
cleaned up et_deps.pl to handle cleaning up it's generated files on
clean.
The PAC glue in Heimdal has changed significantly: we no longer have a
custom hack in the KDC, instead we have the windc plugin interface.
As such, pac-glue.c is much smaller. In the future, when I'm
confident of the new code, we will also be able to 'downsize'
auth/kerberos/kerberos_pac.c.
(I'll include the updated copy of heimdal in the next chekin, to make
it clearer what's changed in Samba4 itself).
Andrew Bartlett
(This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
metze
(This used to be commit 9e93e6f5fb654e4162bbc039306a4b79003e22d7)
|
|
(This used to be commit 180925659fad50ff82693284587ae4e735458c6b)
|
|
talloc_set_destructor() is type safe. The end result will be lots less
use of void*, and less calls to talloc_get_type()
(This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
|
|
This is in preperation for making TLS a socket library.
Andrew Bartlett
(This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
|
|
(This used to be commit 13d0cec018185d768b762ff3afc0224f307b8112)
|
|
(This used to be commit 03da4fbcdd66982de8eb376f9f00da97d730c97f)
|
|
Andrew Bartlett
(This used to be commit d1ca106f05ad71b8aa514bf87a4267d61d9dcbf8)
|
|
try and find the real solution.
Andrew Bartlett
(This used to be commit a512d5dd258797cdb41018923502cb4998f1edfe)
|
|
assumptions
about the data type being known.
(This used to be commit 991bec80e4f20c9fac9ab5c45b0fdf6d048cda66)
|
|
(This used to be commit aac1b99b362993352d80692afa55c38fc851c016)
|
|
case) as the keytab.
This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).
Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
|
|
- fix compilation of auth/kerberos/krb5_init_context.c on AIX
metze
(This used to be commit 0e1ad08a8515056f4ed0923889bef04d85b84964)
|
|
Andrew Bartlett
(This used to be commit 37f342b01095787d4a63a419c6ab3657680c2637)
|
|
Andrew Bartlett
(This used to be commit 8f70d6270a788494dd07430f778ee90a51551e66)
|
|
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
|
|
commits some of these that I know to be correct in the kerberos area.
Andrew Bartlett
(This used to be commit 6787b3737c27f5136152b007b0ee2ae314efac3c)
|
|
NT_STATUS_CONNECTION_REFUSED when a KDC is not listening)
(This used to be commit 0f85fc204c6018f8403c2e8f75f683aed38ba83b)
|