Age | Commit message (Collapse) | Author | Files | Lines |
|
From here we can add tests to Samba for kerberos, forcing it on and
off. In the process, I also remove the dependency of credentials on
GENSEC.
This also picks up on the idea of bringing 'set_boolean' into general
code from jpeach's cifsdd patch.
Andrew Bartlett
(This used to be commit 1ac7976ea6e3ad6184c911de5df624c44e7c5228)
|
|
Andrew Bartlett
(This used to be commit 78d634047f41466e4bf169e727f730d776949b33)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
|
|
lookups in load_interfaces(). The reason was my eth0 interface was
down, and it was being interpreted as a DNS name.
This patch changes load_interfaces() to happening automatically when
interfaces are first needed instead of on the startup of every samba
binary. This means that (for example) ldbadd doesn't call
load_interfaces(), which means no slow DNS lookups.
I also reduced the number of static globals in interface.c to 1, and
changed from malloc to talloc
When you want to force a reload of the interfaces list, you now call
unload_interfaces(), which means the next call that needs the
interfaces list will reload it
(This used to be commit f79d90bd1364b970adb2981b2572e77066431f1e)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
callback.
We may change this in future.
Andrew Bartlett
(This used to be commit 5fec784d4795af0cf82d36766586ded134f62165)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
auth/
Andrew Bartlett
(This used to be commit 2e76a4b8efd59c496d64241d654538d3222545c6)
|
|
then StaticLibrary()
(This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
|
|
seem to be able to handle incomplete enum types.
(This used to be commit 540155fad3c8e3d79fb631bb3f14273f82130a73)
|
|
use pstring is next_token() now.
(This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
|
|
(This used to be commit 03647e1321cf6c9bd6ced3945265f635e9468973)
|
|
(This used to be commit 6df956edbab7ad5e72b2f20e74ab0f0d62528932)
|
|
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)
This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.
Also don't set the realm from a ccache, as then it overrides --option=realm=.
Andrew Bartlett
(This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
|
|
some other minor updates
(This used to be commit f142c15de1afb2f13a5e23ceb40ce70f0115c8bf)
|
|
-Udomain\\user.
This will probably break in a few configurations, so please let me
know. I'll also work to have a way to inhibit kerberos/ntlmssp, as
this removes -k.
Andrew Bartlett
(This used to be commit 3c0dc570b86e79aea5446d7c3bb9750a11bf8ca4)
|
|
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
|
|
(This used to be commit 540a3649e88690e829c17d79ecdccdc9ed464845)
|
|
does
not work yet and can exist parallel with the existing build system.
(This used to be commit 829568d75985e875e3363d76fb44270a0298c7f8)
|
|
(This used to be commit 0963ab9c148772b961f17ec779213b0eb861e1dd)
|
|
Add fdprintf() and vfdprintf() helper functions.
(This used to be commit 6685009f6af94b088084d69a43bcea5f8335ae57)
|
|
(This used to be commit 908ba892598af83ae2fbe661d40e9f10ff3e34a0)
|
|
function interface used in the credentials code.
Fix bug in ntlm_auth, where we would overwrite the PW specified as a
first input. (Reported and chased by Kai Blin <blin@gmx.net>, bug
#3040)
Andrew Bartlett
(This used to be commit 04af95bd31de39ad6aff349a4838dd77cb300034)
|
|
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
|
|
(This used to be commit d89caeb8004c5cfabc934c8efa899a6d1839d250)
|
|
that were found) and a config.pm file (with all substitution variables)
(This used to be commit 52bb1374bbcfc9b9a6d098687bafe9021a1ee858)
|
|
(This used to be commit f8a2b032a70dd63f4454b982d00168dcf6793202)
|
|
(This used to be commit acf8c8fd4995acef47390df5a7d4e611c597367d)
|
|
- get rid of redundeny dyn_CONFIGFILE argument to lp_load()
- fixed provisioning to work with completely pristine install,
creating an initial smb.conf is none is present
- added lp.set() and lp.reload() to loadparm ejs object interface
(This used to be commit c2691ef7126ddcee5f95970b78759b40a049d0a7)
|
|
cmdline credentials, but don't want a prompt if none are supplied
(This used to be commit d7d7f7292b7032dcad6d6245510af229f12f7085)
|
|
Andrew Bartlett
(This used to be commit 56a5ccd7d924343609698b034b91b4891fb3f08a)
|
|
This always loads all the services, as we now don't have an easy way
to split out smbd.
Andrew Bartlett
(This used to be commit 990e061939c76b559c4f5914c5fc6ca1b13e19dd)
|
|
There is now a new --debug-stderr option to enable debug to STDERR.
popt isn't perfect, but the callbacks are used in all the main Samba
binaries, and should be used in the rest. This avoids duplicated
code, and ensures every binary is setup correctly.
This also ensures the setup happens early enough to have -s function,
and have a correct impact on the credentials code. (Fixing a bug that
frustrated tridge earlier today).
The only 'subtle' aspect of all this is that I'm pretty sure that the
SAMBA_COMMON popt code must be above the CREDENTIALS code, in the
popt tables.
Andrew Bartlett
(This used to be commit 50f3c2b3a22971f40e0d3a88127b5120bfc47591)
|
|
metze
(This used to be commit d31b4d7df375c0d4ea962a0df1693778d56f03ec)
|
|
painful, so don't call lp_*() functions until the post stage (rather
than in the cli_credentails_init(), which is called in the pre stage),
and don't open the secrets.ldb looking for the machine account details
until we actually need them (well after popt is done, and we know we have the other things right).
Set the domain and realm, as well as the account and password for -P
(fetch machine password) operation.
Allow NETLOGON credentials to be stored in this structure - will allow
SCHANNEL to be made more generic.
Clarify why we don't do special checks for NULL pointers, particularly
in the anonymous check (it indicates a programmer error, not a
run-time condition).
Also make lib/credentials.c a little more consistant.
Andrew Bartlett
(This used to be commit 730e6056b730c15008772c30cd6f7c03fb6b7e5f)
|
|
secrets system, and not the old system from Samba3.
This allowed the code from auth_domain to be shared - we now only
lookup the secrets.ldb in lib/credentials.c.
In order to link the resultant binary, samdb_search() has been moved
from deep inside rpc_server into lib/gendb.c, along with the existing
gendb_search_v(). The vast majority of this patch is the simple
rename that followed,
(Depending on the whole SAMDB for just this function seemed pointless,
and brought in futher dependencies, such as smbencrypt.c).
Andrew Bartlett
(This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
|
|
range())
(This used to be commit ec1eaa274b997197ca6996457229c802f1b76d56)
|
|
metze needs a working tree...
The main volume of this patch was what I started working on today:
- Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context.
- Uses sepereate inner loops for some of the DCE/RPC tests
The other and more important part of this patch fixes issues
surrounding the new credentials framwork:
This makes the struct cli_credentials always a talloc() structure,
rather than on the stack. Parts of the cli_credentials code already
assumed this.
There were other issues, particularly in the DCERPC over SMB handling,
as well as little things that had to be tidied up before test_w2k3.sh
would start to pass.
Andrew Bartlett
(This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
|
|
Support ncacn_spx in DCE/RPC bindings.
(This used to be commit a0233a3a9a83176ae46873d3a25ed601758a1511)
|
|
Fix a couple of bugs in the new cli_credentials code
(This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
|
|
puts support for it into popt_common, adds a few utility functions
(in lib/credentials.c) and the callback functions for the command-line
(lib/cmdline/credentials.c). Comments are welcome :-)
(This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
metze
(This used to be commit 274ef2a206aa00b3155adc27f5b7e35d3fa52bf6)
|
|
metze
(This used to be commit 670e088e94468a5311353dbbaa7e34d200999313)
|
|
because the version number was being auto-updated and included in all
C files. With this change it is only included where needed.
(This used to be commit 520cff73c6dc62ba1050cf7ca5145d50b5f2bb4e)
|
|
use:
gensec:krb5=yes
gensec:ms_krb5=yes
to enable it
or -k on the client tools on the command line
metze
(This used to be commit 0ae5794cf44933d2554e0356baaca24c7a784f71)
|
|
metze
(This used to be commit 51630caeb1419565b4196c5672f113373586dafc)
|
|
the hierarchy in the init functions is correct now
will also make it easier to implement some other features
(This used to be commit cbe819a75568403ac8850ea4d344c607a46d61c2)
|