| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Remove a couple of unused M4 macros.
The standalone LDB build will not work until I've figured out what
AC_CHECK_LIB_EXT() does exactly (it's Samba-specific)
(This used to be commit cc20d6bb7f06e077ebe4c366e545e187a0c79472)
|
|
auth/gensec and auth/kerberos.
This also pulls the kerberos configure code out of libads (which is
otherwise dead), and into auth/kerberos/kerberos.m4
Andrew Bartlett
(This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
|
|
up issues I introduced during the merge, that caused a segfault.
I've still not got the keytab code to work for me (using Samba3 to
generate the keytab) so this is still not fully tested, but it's
better than it was.
To add debugging, I now use the krb5_get_error_message() function from
Heimdal when present, to return the custom error string, which
contains far, far more information than the simple error code does.
(This last point may well be worth merging back into 3.0)
Andrew Bartlett
(This used to be commit ed5755d9d1e48df7ae77a9410d30e10cb8b0cbd7)
|
|
GSS_C_DCE_STYLE support, it's just a start and does work correctly yet
metze
(This used to be commit 87ff661703f467db3dfcb33084041c3e2951e0ee)
|
|
a precursor to adding the wins client code in the nbt server.
(This used to be commit e8e499755ab667015740b35a7787134ebe852954)
|
|
metze
(This used to be commit 274ef2a206aa00b3155adc27f5b7e35d3fa52bf6)
|
|
block.
This lets krb5-config handle this without us stuffing things up.
Add back the test tridge removed
Andrew Bartlett
(This used to be commit 2206b0e8ca4b9d0be137bd6676e252c3b66faf81)
|
|
krb5 libs when you
have openssl-dev installed
(This used to be commit 27d79059f809b00c122cfde1a7530a06ee57a471)
|
|
haven't already got it from libgssapi. This should fix the problem of
building with heimdal when we have MIT installed
(This used to be commit bfa870262e5f5f803a33268fce04831b0670ab67)
|
|
metze
(This used to be commit cbb6b80f41a7f9689d1ec5ea2d6caba147260089)
|
|
metze
(This used to be commit 917a3b214abd2d92ba8df3e72c4e8711fe523e09)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
find
the configfile (/etc/krb5.conf). Kerberos-Tests tend to segfault when
reading the krb5-config binary as configuration-file...
Also allow KRB5CONFIG to be passed over again
(KRB5CONFIG=/my/heimdal/bin/krb5-config ./configure...)
Guenther
(This used to be commit d925606bbf869a526a0189485f4011ac359e3323)
|
|
Andrew Bartlett
(This used to be commit ff8298bb90b78dc52c11e2cdecf5041b9e243f35)
|
|
because the version number was being auto-updated and included in all
C files. With this change it is only included where needed.
(This used to be commit 520cff73c6dc62ba1050cf7ca5145d50b5f2bb4e)
|
|
The strong feeling I get is that this is just not possible, if as
Fedora has, the MIT installation is in /usr/lib, but this is one step
closer anyway.
Andrew Bartlett
(This used to be commit da4cf53767ca567497c4c7f341795246bb306892)
|
|
Mueller <lmuelle@suse.de>) from 3.0 to Samba4.
Andrew Bartlett
(This used to be commit 9c74e04098d50427f93219a6a451c44a2373db46)
|
|
- Update Samba4's kerberos code to match the 'salting' changes in
Samba3 (and many other cleanups by jra).
- Move GENSEC into the modern era of talloc destructors. This avoids
many of the memory leaks in this code, as we now can't somehow
'forget' to call the end routine.
- This required fixing some of the talloc hierarchies.
- The new krb5 seems more sensitive to getting the service name
right, so start actually setting the service name on the krb5 context.
Andrew Bartlett
(This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
|
|
if krb5-config was in the path.
I'll merge this to Samba3, before trying to merge all of the Samba3
changes to Samba4.
Andrew Bartlett
(This used to be commit 906ba7cb8af02d44c868805e0b108b966f3221af)
|
|
(This used to be commit 1235afa5fe3a396cd7a180cbc500834a30fbaa80)
|
|
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
|
|
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
|
|
ioctl.h)
(This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
|
|
(This used to be commit 3f902f8d851d32fa81d89ed61bfda6edaea00984)
|
|
rather than doing everything itself. This greatly simplifies the
code, although I really don't like the socket_recv() interface (it
always allocates memory for you, which means an extra memcpy in this
code)
- fixed several bugs in the socket_ipv4.c code, in particular client
side code used a non-blocking connect but didn't handle EINPROGRESS,
so it had no chance of working. Also fixed the error codes, using
map_nt_error_from_unix()
- cleaned up and expanded map_nt_error_from_unix()
- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
no sense to allocate a fixed size 4 byte structure like this. Dozens
of places in the code were also using interpret_addr2() incorrectly
(precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
|
|
of associated functions.
The motivation for this change was to avoid having to convert to/from
ucs2 strings for so many operations. Doing that was slow, used many
static buffers, and was also incorrect as it didn't cope properly with
unicode codepoints above 65536 (which could not be represented
correctly as smb_ucs2_t chars)
The two core functions that allowed this change are next_codepoint()
and push_codepoint(). These functions allow you to correctly walk a
arbitrary multi-byte string a character at a time without converting
the whole string to ucs2.
While doing this cleanup I also fixed several ucs2 string handling
bugs. See the commit for details.
The following code (which counts the number of occuraces of 'c' in a
string) shows how to use the new interface:
size_t count_chars(const char *s, char c)
{
size_t count = 0;
while (*s) {
size_t size;
codepoint_t c2 = next_codepoint(s, &size);
if (c2 == c) count++;
s += size;
}
return count;
}
(This used to be commit 814881f0e50019196b3aa9fbe4aeadbb98172040)
|
|
(This used to be commit a1b5880b2e548832eaf4a136aab1aead525c938f)
|
|
- LDAP and KRB5 support are independend in samba4
- make the krb5 tests more readable with reformat
metze
(This used to be commit 75b393275d954e807a23754d44046fc78c43d631)
|
|
they did not handle the fact that FOUND_KRB5 was not set at all at this point
(This used to be commit d8c97ed02c1215f2cced836fd369db5a3f97f403)
|
|
You should never pass a non-constant string as a format for a printf()
function - it could contain printf macros, and these need to be
checked.
Andrew Bartlett
(This used to be commit 183622c9f4dfe858564bbcb8c1a930d69b37f7fa)
|
|
krb5_locate_kdc is (yet) an unused function in Samba4.
Guenther
(This used to be commit fe93f58dfe208ec814f1e75efde4ececa2b2cb5f)
|
|
This version does the following:
1) talloc_free(), talloc_realloc() and talloc_steal() lose their
(redundent) first arguments
2) you can use _any_ talloc pointer as a talloc context to allocate
more memory. This allows you to create complex data structures
where the top level structure is the logical parent of the next
level down, and those are the parents of the level below
that. Then destroy either the lot with a single talloc_free() or
destroy any sub-part with a talloc_free() of that part
3) you can name any pointer. Use talloc_named() which is just like
talloc() but takes the printf style name argument as well as the
parent context and the size.
The whole thing ends up being a very simple piece of code, although
some of the pointer walking gets hairy.
So far, I'm just using the new talloc() like the old one. The next
step is to actually take advantage of the new interface
properly. Expect some new commits soon that simplify some common
coding styles in samba4 by using the new talloc().
(This used to be commit e35bb094c52e550b3105dd1638d8d90de71d854f)
|
|
metze
(This used to be commit fe655d047434422eae77486e5fd7fa51eb942677)
|
|
rename CLI_ -> SMBCLI_
metze
(This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
|
|
changes
- got rid of global_myname(), using lp_netbios_name() instead
(This used to be commit e8d4b390884e487163d81f66a5a7ac1de1305d9a)
|
|
metze
(This used to be commit fc8d00b8ab28535da4ec0b7e6931bbf402a37013)
|
|
is used yet.
Andrew Bartlett
(This used to be commit 7596f311c9a18314716f64476030ce3dfcdd98bb)
|
|
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.
Andrew Bartlett
(This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b)
|
|
(This used to be commit b7fe73613acf5423b77fd91c56849351bf386960)
|
|
metze
(This used to be commit 57151e80eb1090281401930c8fe25b20a8cf3a38)
|
|
metze
(This used to be commit 18062d2ed9fc9224c43143c10efbf2f6f1f5bbe0)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
(This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
|
|
metze
(This used to be commit d0145cec9f757d8867d54b1019a3060995a95072)
|
|
metze
(This used to be commit b054f7d4906d1d2b96b352af09c6bdcf96553c2a)
|
|
to the main SAMBA_4_0 tree.
NOTE: that it's not completely ready, but it's functional:-)
metze
(This used to be commit c78a2ddb28ec50d6570a83b1f66f18a5c3621731)
|
|
(This used to be commit 11717ae912449bde596ff6cf7d8fddcc86548f15)
|
