Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-12-16 | s4-gensec: Replace gensec_get_my_addr with new tsocket based fn. | Andreas Schneider | 3 | -23/+24 | |
2009-12-16 | s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn. | Andreas Schneider | 2 | -10/+0 | |
2009-12-16 | s4-gensec: Added remote and local setter/getter using tsocket. | Andreas Schneider | 3 | -4/+127 | |
2009-11-02 | s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldb | Andrew Bartlett | 1 | -1/+3 | |
This avoids trouble when the secrets.ldb is updated with ldbedit but an smb.conf is not specified. Andrew Bartlett | |||||
2009-10-24 | s4:gensec/schannel: remove unused talloc_reference() in schannel_update() | Stefan Metzmacher | 1 | -1/+1 | |
We never expose creds to the caller in schannel_update(). metze | |||||
2009-10-23 | s4-python: we need to include Python.h first | Andrew Tridgell | 2 | -2/+2 | |
If we don't include Python.h first then we get a pile of warnings due to broken redefines of XOPEN_SOURCE in the Python includes. | |||||
2009-10-23 | s4:gensec Use an index on computerName in schannel.ldb | Andrew Bartlett | 1 | -1/+4 | |
2009-10-23 | s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect() | Andrew Tridgell | 1 | -1/+1 | |
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context. | |||||
2009-10-23 | s4-dsdb: create a static system_session context | Andrew Tridgell | 6 | -12/+27 | |
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap | |||||
2009-10-20 | s4: ran minimal_includes.pl on source4/auth/gensec | Andrew Tridgell | 6 | -12/+0 | |
2009-10-20 | s4: ran minimal_includes.pl on source4/auth/ntlmssp | Andrew Tridgell | 4 | -8/+0 | |
2009-10-20 | s4: ran minimal_includes.pl on source4/auth/ntlm | Andrew Tridgell | 6 | -14/+0 | |
2009-10-16 | s4:auth - fixed problem reading bind DN from secrets database | Endi S. Dewata | 2 | -0/+8 | |
2009-10-16 | s4:auth_sam: Restructure tail in "authsam_get_server_info_principal" and fix ↵ | Matthias Dieter Wallnöfer | 1 | -3/+8 | |
a memory leak | |||||
2009-10-15 | s4:ntlmssp server - use also here the new "lp_dnsdomain()" call | Matthias Dieter Wallnöfer | 1 | -2/+1 | |
2009-10-15 | s4:auth/credentials/credentials - fix uninitalised pointers | Matthias Dieter Wallnöfer | 1 | -7/+35 | |
This should fix bug #6755. | |||||
2009-10-14 | s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where needed | Matthias Dieter Wallnöfer | 2 | -18/+9 | |
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way. | |||||
2009-10-02 | s4-pygensec: a bit closer to working | Andrew Tridgell | 3 | -9/+56 | |
I'll need help from Andrew on how to get gensec to initialise it's ops element | |||||
2009-09-26 | gensec: Avoid exposing lp_ctx on the API level. | Jelmer Vernooij | 3 | -14/+12 | |
2009-09-26 | pygensec: Add initial work on a gensec Python module. | Jelmer Vernooij | 3 | -0/+184 | |
2009-09-25 | s4:auth/gensec/schannel - fix a const warning | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2009-09-25 | s4:schannel: fix some compiler warnings | Stefan Metzmacher | 1 | -2/+4 | |
If we only do signing we can pass down a const data buffer. metze | |||||
2009-09-19 | s4-auth: add SID_NT_ENTERPRISE_DCS is a server trust account | Andrew Tridgell | 1 | -1/+13 | |
2009-09-17 | s4-sam: add a note about the solaris client | Andrew Tridgell | 1 | -0/+2 | |
2009-09-17 | spnego: Support ASN.1 BIT STRING and use it in SPNEGO. | Kouhei Sutou | 1 | -2/+4 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2009-09-17 | spnego: share spnego_parse. | Günther Deschner | 4 | -475/+2 | |
Guenther | |||||
2009-09-16 | libcli/auth: rewrite schannel sign/seal code to be more generic | Stefan Metzmacher | 1 | -33/+56 | |
This prepares support for HMAC-SHA256/AES. metze | |||||
2009-09-16 | schannel: move schannel_sign to main directory. | Günther Deschner | 4 | -312/+3 | |
Guenther | |||||
2009-09-16 | s4-schannel: try to fix the build. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2009-09-16 | s4-schannel: first step of decoupling schannel from gensec. | Günther Deschner | 2 | -20/+51 | |
Guenther | |||||
2009-09-16 | s4-schannel: strip trailing whitespace. | Günther Deschner | 1 | -36/+36 | |
Guenther | |||||
2009-09-13 | s4-schannel: use NL_AUTH_MESSAGE for schannel. | Günther Deschner | 1 | -23/+35 | |
Guenther | |||||
2009-09-13 | s4-schannel: strip trailing whitespace. | Günther Deschner | 1 | -26/+26 | |
Guenther | |||||
2009-09-09 | Added "admin_session" method. | Nadezhda Ivanova | 3 | -0/+218 | |
The purpose of admin_session is to be able to execute parts of provisioning as the user Administrator in order to have the correct group and owner in the security descriptors. To be used for provisioning and tests only. | |||||
2009-09-07 | s4:sam - Implement also here the right primary group behaviour | Matthias Dieter Wallnöfer | 1 | -46/+71 | |
We have not only to expand the additional groups but *also* the primary group to gain all rights of a user account. Also, remove an unneeded context (tmp_ctx) and "talloc_steal". | |||||
2009-08-28 | s4: include ntlmssp header in auth/ntlmssp/ntlmssp.h. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2009-08-28 | s4-ntlmssp: use interface constants in TargetInfo blob. | Günther Deschner | 1 | -5/+5 | |
Guenther | |||||
2009-08-28 | s4-ntlmssp: use NTLMSSP headers from IDL and remove duplicate constants. | Günther Deschner | 5 | -50/+21 | |
Guenther | |||||
2009-08-27 | s4-schannel: add ldb suffix to schannel functions. | Günther Deschner | 1 | -2/+2 | |
Guenther | |||||
2009-08-21 | s4:kerberos Use MIT compatible names for these enc types | Andrew Bartlett | 1 | -1/+1 | |
This is a small start on (ie, the only trivial part of) the work shown in: http://k5wiki.kerberos.org/wiki/Projects/Samba4_Port#Samba.27s_use_of_Heimdal_symbols.2C_with_MIT_differences (a table of all Kerberos symbols used in Samba4, and notes on where they differ from those provided with MIT Kerberos) Andrew Bartlett | |||||
2009-08-05 | added a uid_wrapper library | Andrew Tridgell | 1 | -1/+1 | |
This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling | |||||
2009-08-04 | s4: Change my nested groups patch to don't include user's SID itself in the ↵ | Matthias Dieter Wallnöfer | 1 | -17/+24 | |
"groupSID"s structure | |||||
2009-08-03 | Return infinite time for last last logoff when last logoff = 0 | Matthieu Patou | 2 | -2/+2 | |
2009-07-31 | s4:auth: make sure we have elements returned at all in ↵ | Stefan Metzmacher | 1 | -0/+6 | |
authsam_expand_nested_groups() metze | |||||
2009-07-31 | s4: Patch to implement nested group and privileges | Matthias Dieter Wallnöfer | 1 | -34/+100 | |
This patch adds a function "authsam_expand_nested_groups" (calculation of rights through expanding groups of a certain SID) which basically collects all memberships through "memberOf" attributes. It works with either user or group SIDs. For avoiding loops it tests on each call if the SID hasn't been added yet (through the helper function "sids_contains_sid"). The function itself is called by "authsam_make_server_info". | |||||
2009-07-28 | s4:gensec/spnego: only generate the mechListMic when the server expects it | Stefan Metzmacher | 1 | -1/+2 | |
This fixes the ntvfs.cifs tests. metze | |||||
2009-07-28 | s4:kerberos Add support for user principal names in certificates | Andrew Bartlett | 2 | -3/+5 | |
This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett | |||||
2009-07-28 | s4:kerberos Add 'net export keytab' command for wireshark decryption | Andrew Bartlett | 2 | -1/+148 | |
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett | |||||
2009-07-27 | Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption" | Stefan Metzmacher | 2 | -148/+1 | |
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze | |||||
2009-07-27 | s4:kerberos Add 'net export keytab' command for wireshark decryption | Andrew Bartlett | 2 | -1/+148 | |
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett |