samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2007-10-10	r19604: This is a massive commit, and I appologise in advance for it's size.	Andrew Bartlett	1	-4/+25
	This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10	r18826: Allow 'enterprise' principal names to log in.	Andrew Bartlett	1	-0/+1
	These principals do not need to be in the same realm as the rest of the ticket, the full principal name is in the first componet of the ASN.1. Samba4's backend will handle getting this to the 'right' place. Andrew Bartlett (This used to be commit 90b01b8af21609e2e5c8b6bd8cab8bd393844acf)
2007-10-10	r15481: Update heimdal/ to match current lorikeet-heimdal.	Andrew Bartlett	1	-10/+16
	This includes many useful upstream changes, many of which should reduce warnings in our compile. It also includes a change to the HDB interface, which removes the need for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch(). The new flags replace the old entry type enum. (This required the rework in hdb-ldb.c included in this commit) Andrew Bartlett (This used to be commit ef5604b87744c89e66e4d845f45b23563754ec05)
2007-10-10	r15192: Update Samba4 to use current lorikeet-heimdal.	Andrew Bartlett	1	-10/+4
	Andrew Bartlett (This used to be commit f0e538126c5cb29ca14ad0d8281eaa0a715ed94f)
2007-10-10	r14198: Update Samba4 to current lorikeet-heimdal.	Andrew Bartlett	1	-13/+3
	Andrew Bartlett (This used to be commit 97a0a0e2fa6784e5fc5278f7a15b385ddcb6a3b3)
2007-10-10	r12696: Reduce the size of include/structs.h	Jelmer Vernooij	1	-0/+3
	(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10	r11995: A big kerberos-related update.	Andrew Bartlett	1	-8/+9
	This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10	r11543: A major upgrade to our KDC and PAC handling.	Andrew Bartlett	1	-0/+8
	We now put the PAC in the AS-REP, so that the client has it in the TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the client wants a ticket. This should also allow us to interop with windows KDCs. If we get an invalid PAC at the TGS stage, we just drop it. I'm slowly trying to move the application logic out of hdb-ldb.c, and back in with the rest of Samba's auth system, for consistancy. This continues that trend. Andrew Bartlett (This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c)
2007-10-10	r11294: Update Heimdal in Samba4 to lorikeet-heimdal (which is in turn updated	Andrew Bartlett	1	-1/+41
	to CVS of 2005-10-24). Andrew Bartlett (This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174)
2007-10-10	r10386: Merge current lorikeet-heimdal into Samba4.	Andrew Bartlett	1	-8/+0
	Andrew Bartlett (This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
2007-10-10	r9680: Update Heimdal to current lorikeet-heimdal (which was itself updated	Andrew Bartlett	1	-0/+1
	to Heimdal CVS as of 2005-08-27). Andrew Bartlett (This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
2007-10-10	r9413: Bring Samba4 back up to date with lorikeet-heimdal.	Andrew Bartlett	1	-0/+10
	Delete test_crypto_wrapping.c, previously included but unbuilt. Andrew Bartlett (This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
2007-10-10	r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.	Andrew Bartlett	1	-7/+8
	This is my first attempt at this, so there may be a few rough edges. Andrew Bartlett (This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
2007-10-10	r8302: import mini HEIMDAL into the tree	Heimdal Import User	1	-0/+358
	(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)