Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-10-02 | s4-kerberos Don't regenerate key values for each alias in keytab | Andrew Bartlett | 1 | -43/+35 | |
Instead, store the same key value under the multiple alias names. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sat Oct 2 00:16:52 UTC 2010 on sn-devel-104 | |||||
2010-10-02 | s4-auth Add make_server_info_pac() to include 'resource domain' groups | Andrew Bartlett | 2 | -5/+40 | |
Previously, our PAC code didn't include these groups into the server_info from which we would eventually calculate the full list of tokenGroups. Andrew Bartlett | |||||
2010-10-02 | s4-auth Allocate domain SIDs under the sids array, not server_info | Andrew Bartlett | 1 | -1/+1 | |
Andrew Bartlett | |||||
2010-10-01 | s4-auth: fixed a vagrind error when creating keytabs | Andrew Tridgell | 1 | -0/+3 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-29 | s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC | Andrew Tridgell | 1 | -0/+16 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-28 | s4-sam: fixed termination of krbtgt_attrs (comma and NULL) | Andrew Tridgell | 1 | -4/+4 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-29 | s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO | Andrew Bartlett | 1 | -0/+1 | |
Andrew Bartlett | |||||
2010-09-27 | s4-auth: removed unused variable dom_sid | Andrew Tridgell | 1 | -1/+1 | |
2010-09-28 | s4:gensec_tstream: remove plain socket handling | Stefan Metzmacher | 1 | -124/+12 | |
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 04:54:24 UTC 2010 on sn-devel-104 | |||||
2010-09-28 | s4:gensec: add gensec_create_tstream() | Stefan Metzmacher | 3 | -1/+764 | |
Based on the initial patch from Andreas Schneider <asn@redhat.com>. metze | |||||
2010-09-26 | s4-gensec: fixed a valgrind error in gensec | Andrew Tridgell | 1 | -12/+2 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-26 | s4:schannel: handle move flag combinations in the server | Stefan Metzmacher | 1 | -13/+23 | |
This fixes some testsuites in the CIFS plugfest. metze | |||||
2010-09-26 | s4-auth: fixed the SID list for DCs in the PAC | Andrew Tridgell | 3 | -19/+16 | |
the S-1-5-9 SID is added in the PAC by the KDC, not on the server that receives the PAC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sun Sep 26 07:09:08 UTC 2010 on sn-devel-104 | |||||
2010-09-26 | s4-kerberos Don't segfault if the password isn't specified in keytab generation | Andrew Bartlett | 1 | -0/+7 | |
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Sep 26 03:29:34 UTC 2010 on sn-devel-104 | |||||
2010-09-25 | s4-pycredentials: avoid a tallloc_free on ref | Andrew Tridgell | 1 | -1/+1 | |
with the new py object structure, we need to unlink not free | |||||
2010-09-24 | s4-kerberos Rework keytab handling to export servicePrincipalName entries | Andrew Bartlett | 2 | -126/+164 | |
This creates keytab entries with all the servicePrincipalNames listed in the secrets.ldb entry. Andrew Bartlett | |||||
2010-09-24 | s4-kerberos Move 'set key into keytab' code out of credentials. | Andrew Bartlett | 5 | -208/+234 | |
This code never really belonged in the credentials layer, and is easier done with direct access to the ldb_message that is in secrets.ldb. Andrew Bartlett | |||||
2010-09-24 | s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes() | Andrew Bartlett | 1 | -2/+3 | |
The previous code never worked Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-23 | s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiation | Andrew Tridgell | 1 | -7/+10 | |
this is the client side equivalent change for the previous fix Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-23 | s4-gensec: prevent a double free in the error path of GSSAPI auth | Andrew Tridgell | 1 | -1/+0 | |
the caller frees mem_ctx, so we shouldn't Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-23 | s4-gensec: fixed a GSSAPI SASL negotiation bug | Andrew Tridgell | 1 | -11/+14 | |
Fixed a bug that affected mismatched negotiation between the GSSAPI layer and the SASL SSF subsequent negotiation. This caused some ldap clients to hang when trying to authentication with a Samba LDAP server. The client thought the connection should be signed, the server thought it should be in plain text Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-22 | s4-selftest: Move credentials tests to standard python directory. | Jelmer Vernooij | 1 | -100/+0 | |
2010-09-22 | s4-param: Fix more memory leaks, invalid memory context. | Jelmer Vernooij | 3 | -19/+71 | |
2010-09-22 | s4-param: Check type when converting python object to lp_ctx, fix some | Jelmer Vernooij | 3 | -4/+31 | |
memory leaks. | |||||
2010-09-22 | pygensec: Implement start_mech_by_name(). | Jelmer Vernooij | 2 | -8/+30 | |
2010-09-21 | s4-selftest: Move more tests to scripting/python, simplifies running of tests. | Jelmer Vernooij | 2 | -72/+0 | |
2010-09-16 | libcli/auth/ntlmssp Be clear about talloc parents for session keys | Andrew Bartlett | 1 | -0/+5 | |
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2010-09-16 | s4-kerberos: obey the credentials setting for forwardable tickets | Andrew Tridgell | 3 | -27/+40 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-16 | s4-pycredentials: expose forwardable setting via python | Andrew Tridgell | 1 | -0/+16 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-16 | s4-credentials: added ability to control forwardable attribute on krb5 tickets | Andrew Tridgell | 2 | -0/+24 | |
with the latest bind9 nsupdate, we need to be able to control if the ticket we use is forwardable Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-auth: allow multiple active auth backends | Andrew Tridgell | 1 | -35/+43 | |
when we are an RODC we need to be able to allow multiple auth backends to process a single auth request. First the sam backend will try to authenticate, using locally stored passwords. If this backend can't find local passwords then it will try the winbind backend and authenticate via a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-15 | s4-rodc: add a trigger message for REPL_SECRET to auth_sam | Andrew Tridgell | 1 | -0/+52 | |
when an RODC tries to authenticate against an account and the account has no password information it needs to send a message to the drepl server to tell it to try and replicate the secret information from a writeable DC Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-14 | s4: Fix two typos | Volker Lendecke | 1 | -2/+2 | |
2010-09-11 | s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a header | Andrew Bartlett | 2 | -1/+3 | |
2010-09-11 | s4-credentials: get all attributes in cli_credentials_set_secrets() | Andrew Tridgell | 1 | -17/+1 | |
This ensures we get whenChanged, which is needed by the s3 winbind code to ensure we don't repeatedly try to change the password | |||||
2010-09-03 | s4:auth_winbind: use irpc_binding_handle_by_name() | Stefan Metzmacher | 2 | -8/+8 | |
metze | |||||
2010-09-03 | s4:auth_winbind: remove unused winbind_samba3 backend | Stefan Metzmacher | 2 | -122/+1 | |
This uses the winbind protocol directly, which needs to be avoided! metze | |||||
2010-09-03 | s4:auth_winbind: fix segfault in winbind_check_password_wbclient() | Stefan Metzmacher | 1 | -1/+5 | |
We should only look at err if WBC_ERR_AUTH_ERROR is returned. metze | |||||
2010-09-03 | s4:auth_winbind: fix compiler warnings | Stefan Metzmacher | 1 | -4/+11 | |
metze | |||||
2010-09-02 | s4-auth: make the disabled acct messages a bit less verbose | Andrew Tridgell | 1 | -6/+6 | |
raise the debug level Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-27 | s4:credentials_krb5.c - quiet a Solaris warning | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-08-26 | s4:ntlm/auth.c - add a whitespace in a debug output | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 1 | -11/+15 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-18 | s4:auth Change {anonymous,system}_session to use common session_info generation | Andrew Bartlett | 1 | -4/+4 | |
This also changes the primary group for anonymous to be the anonymous SID, and adds code to detect and ignore this when constructing the token. Andrew Bartlett | |||||
2010-08-18 | s4:auth Avoid doing database lookups for NT AUTHORITY users | Andrew Bartlett | 2 | -108/+122 | |
2010-08-18 | s4:auth Remove system_session_anon() from python bindings | Andrew Bartlett | 4 | -56/+3 | |
2010-08-18 | s4:auth Remove the system:anonymous parameter used for the LDAP backend | Andrew Bartlett | 1 | -10/+4 | |
This isn't needed any more, and just introduces complexity. | |||||
2010-08-18 | s4:auth Remove special case constructor for admin_session() | Andrew Bartlett | 1 | -63/+13 | |
There isn't a good reason why this code is duplicated. Andrew Bartlett | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 1 | -10/+5 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-14 | s4:auth Move struct auth_usersupplied_info to a common location | Andrew Bartlett | 4 | -47/+6 | |
This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett |