Age | Commit message (Collapse) | Author | Files | Lines |
|
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
|
|
rafal
(This used to be commit 1e831aead17b399289b8161e521e1afd5873c556)
|
|
utilities to set the context field.
rafal
(This used to be commit 5da8b457c34236b21f6e88e3a7a12338d0390a4f)
|
|
after the function has returned (the *address variable was assigned
into the state).
- changed libnet to use event_context_find() instead of
event_context_init(), so it works as a child of existing code that
uses a event context
(This used to be commit 47ceb2d3558304b4c4fb00582fb25a885cea2ef5)
|
|
(This used to be commit d277b13ced0983d67b22d78e06d692a966e3c6f1)
|
|
2) Connect to a server instead of pdc after locating it.
rafal
(This used to be commit a7bf9ada34c31f26d13c1575de2ec79ea5948a71)
|
|
caller is not required to ensure it.
rafal
(This used to be commit 85456e6c0b50540d9f6ae15a460148a328cf002c)
|
|
Thanks metze for catching that.
rafal
(This used to be commit 5114ef8d1cc9b6f2206463d4ba76653669728403)
|
|
rafal
(This used to be commit 6b0c083c9b714bf25709e1db3b2113eb8305e8ef)
|
|
This patch changes the way lsb_search is called and the meaning of the returned integer.
The last argument of ldb_search is changed from struct ldb_message to struct ldb_result
which contains a pointer to a struct ldb_message list and a count of the number of messages.
The return is not the count of messages anymore but instead it is an ldb error value.
I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good
amount of places. I also tried to double check all my changes being sure that the calling
functions would still behave as before. But this patch is big enough that I fear some bug
may have been introduced anyway even if it passes the test suite. So if you are currently
working on any file being touched please give it a deep look and blame me for any error.
Simo.
(This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780)
|
|
server reference.
Andrew Bartlett
(This used to be commit 302219928f47cdc3822c3a7d9444339092d9d33c)
|
|
least don't allow binding to become uninitialised.
Andrew Bartlett
(This used to be commit e754234a17ebc601720caa66a229d9a842dfebda)
|
|
return the pesky USER_EXISTS 'error' code any more, and it is much
easier to handle this inline.
Andrew Bartlett
(This used to be commit a7eb796cf544db3fe16986d8e233d2defe7a7d1b)
|
|
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM
Add some more PUBLIC_HEADERS
(This used to be commit 875eb8f4cc658e6aebab070029fd499a726ad520)
|
|
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries.
- Writes out pkg-config files when building shared libs
- Supports automatic fallback to MERGEDOBJ (which is the default) or
OBJ_LIST (if ld -r is not supported)
Building with shared libs reduces the size of the Samba binaries from
197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging).
To build with shared libraries support enabled, run:
LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status
init functions don't get called correctly yet when using shared libs, so
you won't be able to actually run anything with success :-)
Once init functions are done, I'll look at support for loading shared
modules once again.
Based on a patch by Peter Novodvorsky (nidd on IRC).
(This used to be commit 0b54405685674a2b19a28d77aae5b1136b5a4728)
|
|
Andrew Bartlett
(This used to be commit 63eede2ad3f0238e1a925325c0be08d79f48c33b)
|
|
- Add more servicePrincipalNames
- Always add them, not just for BDC accounts, and not just the first
time the account is created (it might be an upgrade from an NT4
account).
This should fix us for being a domain member in ADS again.
(This used to be commit 3821821d4cb459edd331d40be8b84b3c82616a0a)
|
|
Win2k3 SP1.
Only a few operations are supported (LookupSids3 and LookupNames4),
and these are only supported under schannel. This appears to be the
operations Win2k3 SP1 uses to verify part of the PAC back to the
server.
The test is setup to pass, but not enforce (so far) this new
behaviour.
Andrew Bartlett
(This used to be commit e15e39866e9775ba662f669a19836d33f7633f6f)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
(This used to be commit a432ba105cbf2ea7b9010365c0a7d1dcc9ff5f7f)
|
|
(This used to be commit a14398715eceecf204caf815a8769ba8214d0576)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
Andrew Bartlett
(This used to be commit 732b247a498e0b90b9f0c711baaac51ad6402496)
|
|
Also return an indication of if the join was of a new account, or
reworking an existing account.
Andrew Bartlett
(This used to be commit b6e4b36c4f1f90e42dd0543538956a1d89e3724b)
|
|
Also a bit of formatting.
rafal
(This used to be commit 1fefca2c172085d6bc05bfac1c10e52066e42606)
|
|
rafal
(This used to be commit 0e45dc3bac0e699b2da5b7f8df9d4bf7bd80a0f5)
|
|
rafal
(This used to be commit 426797f7b0d0321f6842db0b8d94c193726e8008)
|
|
then StaticLibrary()
(This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
|
|
Andrew Bartlett
(This used to be commit 640815008b78ca19a73beb523e6823dd61feffa5)
|
|
stuff.
- don't use SMBCLI_REQUEST_* state's in the genreic composite stuff
- move monitor_fn to libnet.
NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR
state in the _send() function. I haven't fixed this bugs in this
commit! We may need some composite_trigger_*() functions or so.
And maybe some other generic helper functions...
metze
(This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
|
|
an ADS join, particularly as a DC. This represents the bulk of his
Google SOC work, and I'm very pleased to intergrate it into the tree.
(Metze will intergrate the DRSUAPI work later).
Both metze and myself have also put a lot of time into this patch, and
in mentoring Brad in general. In return, Brad has been a very good
student, and has taken the comments well.
Since it's last appearance on samba-technical@, I have made
correctness and valgrind fixups, as well as adding a new 'BINDING'
mode to the libnet_rpc routines. This allows the exact binding string
to be passed down from the torture code, including options and exact
target host.
Andrew Bartlett
(This used to be commit d6fa105fdabbeb83a9b0e50dad49d1649afdb2a4)
|
|
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
|
|
(This used to be commit 59d4450453c25f5cce9b67b808ff0c4433c1d194)
|
|
(This used to be commit ce4902f8dea2b6f3568960278e08395ea3927146)
|
|
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
|
|
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
|
|
(This used to be commit 96298af202f994c3d5d0c7f5dacd1197a740f766)
|
|
Add ldb_dn_string_compose so that you can build a dn starting from a
struct ldb_dn base and a set of parameters to be composed in a format
string with the same syntax of printf
(This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
|
|
distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
|
|
Found by coverity.
(This used to be commit bafd3afbef9b8d3a8baa55d4b31cc62bfeeed459)
|
|
rafal
(This used to be commit f0d51b78c040937bd27857c063fae215a3f0f465)
|
|
force_password_change datetime.
rafal
(This used to be commit dfa2cc6c4ed8273b1d3ee604954c81c75f0890bd)
|
|
SamSync and 'net join'.
Andrew Bartlett
(This used to be commit 257240b0e29da14f7a2e660182b367304a5fa530)
|
|
(This used to be commit 8d9c18a1b4cf31ebae1d0c84b00b4d781f55de66)
|
|
We now fill in the servicePrincipalName over LDAP, just like XP does,
and store the kvno in our local db.
Andrew Bartlett
(This used to be commit 5547c4e6f6a0c163aa38fa4d4ed8c627ae12bf80)
|
|
will use ldb to add servicePrincipalNames to this.
Andrew Bartlett
(This used to be commit c1f8cab3e3d3eaf4af372675656fe1a4da68a9f8)
|
|
rafal
(This used to be commit bbe7e726af8c61108a7bca1e10e9340bbe37f3ef)
|