Age | Commit message (Collapse) | Author | Files | Lines |
|
- ldb_dn_get_linearized
returns a const string
- ldb_dn_alloc_linearized
allocs astring with the linearized dn
(This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
|
|
This patch changes a lot of the code in ldb_dn.c, and also
removes and add a number of manipulation functions around.
The aim is to avoid validating a dn if not necessary as the
validation code is necessarily slow. This is mainly to speed up
internal operations where input is not user generated and so we
can assume the DNs need no validation. The code is designed to
keep the data as a string if possible.
The code is not yet 100% perfect, but pass all the tests so far.
A memleak is certainly present, I'll work on that next.
Simo.
(This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
|
|
NTLMSSP_NEGOTIATE_ALWAYS_SIGN flags into the default set.
Andrew Bartlett
(This used to be commit 04709c75afda0234c7236fba674bf53a265f8dbb)
|
|
(This used to be commit 17c2557834aad8c85fb640054c942f99bbce1d94)
|
|
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
|
|
metze
(This used to be commit 30963753fcd9d8db17ca5c8476cc85b7084b7e87)
|
|
libraries.
(This used to be commit 4422031d1d9307539832cee165c5071ff12943e7)
|
|
should _krb5_find_type_in_ad() also take a const?
metze
(This used to be commit addc31bd9309cb2b41cbb548c82c80de1cf96c4f)
|
|
valrind issues on fort, because we won't hit NSS any more.
Andrew Bartlett
(This used to be commit 6f67fa01ab4f946c9a9aae0d4e8d028153873e04)
|
|
negotiate krb5, but if this works, I'll add NTLM as a GSSAPI backend
by some means or other.
Andrew Bartlett
(This used to be commit 476452e143f61a3878a3646864729daaddccdf68)
|
|
gsskrb5_set_default_realm(), which should fix mimir's issues.
Andrew Bartlett
(This used to be commit 8117e76d2adee163925a29df872015ff5021a1d3)
|
|
(or something like that).
In any case, we need to stick with the initiator subkey for now, until
we figure out what Vista uses for the CIFS session key.
Andrew Bartlett
(This used to be commit b91a921e1393581ca0102ad1f49a1075acb91b4e)
|
|
favour of a more tasteful replacement.
Remove kerberos_verify.c, as we don't need that code any more.
Replace with code for using the new krb5_rd_req_ctx() borrowed from
Heimdal's accecpt_sec_context.c
Andrew Bartlett
(This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
|
|
Andrew Bartlett
(This used to be commit 247b9f1ca907cf921087e6840400ddf68289b8f2)
|
|
Larry told me that most context flags needed to be set to, otherwise
it wouldn't work.
This fixes DCE_STYLE against Win2k3 SP1. It seems they just tightened
up their end of the GSSAPI code, as DCE_STYLE is explicity rejected in
the session setup too (being the wrong layer).
Andrew Bartlett
(This used to be commit b2b77f34a4d0cebb828cac7bf9a73826fecab5b6)
|
|
metze
(This used to be commit 1ca8651a59e95eeca2942e5e66c2141e3f65dd9f)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
Supply the correct OID to the error display functions.
Rework the session key functions.
Andrew Bartlett
(This used to be commit 363628c13f4e4a8904802dcf4d80e296ed2f9e02)
|
|
records.
Andrew Bartlett
(This used to be commit 163f75372792b0afa72f48d64d78d82b72d8eda5)
|
|
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
|
|
recover from inheriting an invalid skew from a ccache.
Andrew Bartlett
(This used to be commit 4881f0583dd42083bb2bc2eeca32316f890c4804)
|
|
(This used to be commit 160a59f0733a90db157ad48747c7fb72c2912829)
|
|
Andrew Bartlett
(This used to be commit 3a3c1040a97e1d7d64e9e151ea4e1af79dcb976e)
|
|
libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
|
|
argument.
This is a pointer to an element pointer. If it is not null it will be
filled with the pointer of the manipulated element.
Will avoid double searches on the elements list in some cases.
(This used to be commit 0fa5d4bc225b83e9f63ac6d75bffc4c08eb6b620)
|
|
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
(This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
|
|
output in the testsuite rather than just True or False for a
set of tests.
The aim is to use this for:
* known failure lists (run all tests and detect tests that
started working or started failing). This
would allow us to get rid of the RPC-SAMBA3-* tests
* nicer torture output
* simplification of the testsuite system
* compatibility with other unit testing systems
* easier usage of smbtorture (being able to run one test
and automatically set up the environment for that)
This is still a work-in-progress; expect more updates over the next couple of
days.
(This used to be commit 0eb6097305776325c75081356309115f445a7218)
|
|
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
|
|
Andrew Bartlett
(This used to be commit c9c2e90e2e3937d05c58c681af187413b12d9220)
|
|
Andrew Bartlett
(This used to be commit 8357f8be45ef93bd1b648350c951bbe3b1bb5682)
|
|
(This used to be commit 449fab2c264aa50601f9a2d3310f1910ba97706b)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
this fixes a crash on IA_64 systems
(This used to be commit 22c39027621fb65663122b4959b171d328b549d4)
|
|
(This used to be commit a47d65fe17a0e84615ff235380eb2462579199f0)
|
|
Andrew Bartlett
(This used to be commit 8ae880b5019ab275fe0eca48120ab9e0fcca6293)
|
|
Andrew Bartlett
(This used to be commit 73fba185eba6b059d34790c95a30d49b296759f5)
|
|
Andrew Bartlett
(This used to be commit 2da948cb6ecc75e2b4b97c770c8ba13b7f831d6e)
|
|
Andrew Bartlett
(This used to be commit 0afb4d1992b3c93557dec1e1cdca467efc299853)
|
|
starts.
Andrew Bartlett
(This used to be commit 7dba525f5598199e89badbf15e0f5f09023c6cfa)
|
|
Andrew Bartlett
(This used to be commit 32d8a23d5499ef3d913240b5693b54eb2e78cd7d)
|
|
always at it as first private dependencies
metze
(This used to be commit 135d096776b53ae09ffc2b4f767dfbd18139570f)
|
|
These values are used by SASL at a later time, and must remain valid.
Make the password callback actually return the password.
Andrew Bartlett
(This used to be commit 8e12f92bbe3aa878292169f4699502e241ef6c0b)
|
|
metze
(This used to be commit 675541f24e4681161fcc85422c14f9ecbf30e048)
|
|
DIGEST-MD5 implemenation in particular.
However, I can't make this work: Cyrus-SASL isn't loading the mech...
Andrew Bartlett
(This used to be commit 0b193d28c896c9d212a536da7d87634543d971a5)
|
|
happier now
(This used to be commit 18542f184f75074e56a9793a9e3b6c6d747bb9e6)
|
|
backend (if it chooses to implement it), or the GENSEC socket code.
This is to allow us to handle DIGEST-MD5 across to cyrus-sasl.
Andrew Bartlett
(This used to be commit 0a098006b431f4aa48632a27ca08e9adca8d9609)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
network. This helps where we are trying to talk to an LDAP server,
until we share a common SASL authentication scheme.
Andrew Bartlett
(This used to be commit f9d39dba41441cd5d06964ce0aebef9bcba40759)
|
|
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
|