samba - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author	Files	Lines
2007-10-10	r12269: Update to current lorikeet-heimdal. This changed the way the hdb	Andrew Bartlett	1	-9/+0
	interface worked, so hdb-ldb.c and the glue have been updated. Andrew Bartlett (This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e)
2007-10-10	r12000: Update to current lorikeet-heimdal, including in particular support	Andrew Bartlett	1	-0/+18
	for referencing an existing in-MEMORY keytab (required for the new way we push that to GSSAPI). Andrew Bartlett (This used to be commit 2426581dfb9f5f0f9367f846c01dfd3c30fea954)
2007-10-10	r11995: A big kerberos-related update.	Andrew Bartlett	1	-0/+12
	This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10	r11294: Update Heimdal in Samba4 to lorikeet-heimdal (which is in turn updated	Andrew Bartlett	1	-5/+31
	to CVS of 2005-10-24). Andrew Bartlett (This used to be commit 939d4f340feaad15d0a6a5da79feba2b2558f174)
2007-10-10	r10561: This patch takes over KDC socket routines in Heimdal, and directs them	Andrew Bartlett	1	-0/+5
	at the Samba4 socket layer. The intention here is to ensure that other events may be processed while heimdal is waiting on the KDC. The interface is designed to be sufficiently flexible, so that the plugin may choose how to time communication with the KDC (ie multiple outstanding requests, looking for a functional KDC). I've hacked the socket layer out of cldap.c to handle this very specific case of one udp packet and reply. Likewise I also handle TCP, stolen from the winbind code. This same plugin system might also be useful for a self-contained testing mode in Heimdal, in conjunction with libkdc. I would suggest using socket-wrapper instead however. Andrew Bartlett (This used to be commit 3b09f9e8f9f6f645cd03073ef833c8d0fb0d84e2)
2007-10-10	r10386: Merge current lorikeet-heimdal into Samba4.	Andrew Bartlett	1	-13/+4
	Andrew Bartlett (This used to be commit 4d2a9a9bc497eae269c24cbf156b43b8588e2f73)
2007-10-10	r10066: This is the second in my patches to work on Samba4's kerberos support,	Andrew Bartlett	1	-7/+6
	with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
2007-10-10	r9931: Make use of new 'norealm' parsing functions rather than strchr(p '@').	Andrew Bartlett	1	-0/+13
	Merge these norealm functions from lorikeet-heimdal. Andrew Bartlett (This used to be commit 6aef275efd7f434f65824eb3dd129c8e5efd8731)
2007-10-10	r9696: Update prototypes for new name of short parsing function.	Andrew Bartlett	1	-4/+11
	Andrew Bartlett (This used to be commit cc35cd5ee2abbd6be01dc1ea66eca0bd48a6f636)
2007-10-10	r9680: Update Heimdal to current lorikeet-heimdal (which was itself updated	Andrew Bartlett	1	-4/+19
	to Heimdal CVS as of 2005-08-27). Andrew Bartlett (This used to be commit 913924a4997f5e14c503f87510cbd8e4bfd965a9)
2007-10-10	r9413: Bring Samba4 back up to date with lorikeet-heimdal.	Andrew Bartlett	1	-0/+8
	Delete test_crypto_wrapping.c, previously included but unbuilt. Andrew Bartlett (This used to be commit d5fb30fb0cef330e0947969f0c9afc1f58fc4c7d)
2007-10-10	r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.	Andrew Bartlett	1	-3/+3
	This is my first attempt at this, so there may be a few rough edges. Andrew Bartlett (This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
2007-10-10	r8302: import mini HEIMDAL into the tree	Heimdal Import User	1	-0/+3407
	(This used to be commit 118be28a7aef233799956615a99d1a2a74dac175)