Age | Commit message (Collapse) | Author | Files | Lines |
|
password or delegation.
Add the ability to delegate for RPC pipes on the RPC proxy backend
(the backend itself seems be having problems however).
Andrew Bartlett
(This used to be commit a7e946bc37e4acfbe2c483b4f1ead0341f9b3d19)
|
|
prototype.
Andrew Bartlett
(This used to be commit a3abffc75805c8e333f387a96a1dbc352669d359)
|
|
IDL and testsuites. The server-side of this remains a stub, we should
probably be doing ldb searches for the server reference record.
Andrew Bartlett
(This used to be commit 0141ed309a664e7a9893c95232c2dcb9768f9315)
|
|
This avoids the nasty user@DOMAIN test for now, as it has very odd
semantics with NTLMv2.
Allow only user accounts to do an interactive login.
Andrew Bartlett
(This used to be commit 690cad8083e176b2e58fc243a11a003a78ce4074)
|
|
logins and NTLM machine account logins.
Andrew Bartlett
(This used to be commit 421e64c2b4192bb13d2857d6c8648ff687ed653e)
|
|
Support installing libraries.
Get rid of pkg-config file (will be autogenerated later on).
(This used to be commit b4745032a2c55752c527026feb221ccc3dce10c8)
|
|
Andrew Bartlett
(This used to be commit aef6800548e320c2ebb20ae345566a774d6acf8b)
|
|
Andrew Bartlett
(This used to be commit fc18276389d17684bd14a2012d18fb7a9695f69e)
|
|
implementation.
Andrew Bartlett
(This used to be commit a6a615cc997cd3a71ea0d63994f6cd97096afc30)
|
|
I'm sure this will not be the final resting place, but it will do for
now.
Use the cracknames code in auth/ for creating a server_info given a
principal name only (should avoid assumtions about spliting a
user@realm principal).
Andrew Bartlett
(This used to be commit c9d5d8e45dd7b7c99b6cf35b087bc18012f31222)
|
|
the other interfaces.
(This used to be commit 8eb582b5780188b6304c560b3e84fd7d75c483f8)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
Add the kpasswd server to our KDC, implementing the 'original' and
Microsoft versions of the protocol.
This works with the Heimdal kpasswd client, but not with MIT, I think
due to ordering issues. It may not be worth the pain to have this
code go via GENSEC, as it is very, very tied to krb5.
This gets us one step closer to joins from Apple, Samba3 and other
similar implementations.
Andrew Bartlett
(This used to be commit ab5dbbe10a162286aa6694c7e08de43b48e34cdb)
|
|
into a general lib).
Andrew Bartlett
(This used to be commit e3abbfca4ae3c06f34774edab5ed38ebd5ebc097)
|
|
The samdb_set_password_sid helper function now works.
Andrew Bartlett
(This used to be commit 629595f27c3f721c4b317df871814ac5ba06be9c)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
authentication. This pulls the creating of the keytab back to the
credentials code, and removes the special case of 'use keberos keytab
= yes' for now.
This allows (and requires) the callers to specify the credentials for
the server credentails to GENSEC. This allows kpasswdd (soon to be
added) to use a different set of kerberos credentials.
The 'use kerberos keytab' code will be moved into the credentials
layer, as the layers below now expect a keytab.
We also now allow for the old secret to be stored into the
credentials, allowing service password changes.
Andrew Bartlett
(This used to be commit 205f77c579ac8680c85f713a76de5767189c627b)
|
|
for netlogon as well) to change/set a user's password, given only
their SID.
This avoids the callers doing the lookups, and also performs the
actual 'set', as these callers do not wish any further buisness with
the entry.
Andrew Bartlett
(This used to be commit 060a2a7bcca6b58d50bc4e0930c13616742a55d3)
|
|
codepath) in DRSUAPI CrackNames.
Fix the NT4 account return value.
Andrew Bartlett
(This used to be commit 2513c02c64b489ebf167e33fdb4ac51ce8783c04)
|
|
(This used to be commit 449cc714b882d6ebea3e1cbf92e204efba98b6cb)
|
|
Use this new function in the client and server for the CrackNames
case, where we particularly need it.
Andrew Bartlett
(This used to be commit 380037ee09ef8293bdb288d6c015e7c80f180a30)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
ldap. Also ensure we put a objectclass on our private ldb's, so they
have some chance of being stored in ldap if you want to
(This used to be commit 1af2cc067f70f6654d08387fc28def67229bb06a)
|
|
(This used to be commit 8f7070055fc577cb4234654420539c68992d9671)
|
|
syntatical mapping work.
Andrew Bartlett
(This used to be commit 7ec5084f63148d748b6bc87d6817363b079eebe1)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
schannel connections.
Test for Win2k3 SP1 behaviour in RPC-SCHANNEL.
Andrew Bartlett
(This used to be commit 1c3911374ec65e4770c2fe9109d7b7d3ecd99f6a)
|
|
then StaticLibrary()
(This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
|
|
(This used to be commit 0ef7fe6f4c979dcc3a0ab268253e493d8e929dd7)
|
|
seem to be able to handle incomplete enum types.
(This used to be commit 540155fad3c8e3d79fb631bb3f14273f82130a73)
|
|
(This used to be commit 03647e1321cf6c9bd6ced3945265f635e9468973)
|
|
Andrew Bartlett
(This used to be commit ddc3a1c79e80e12296c398c42110fc378fb80e00)
|
|
(This used to be commit 59d4450453c25f5cce9b67b808ff0c4433c1d194)
|
|
the other
ideas I have had.
When I get a full list of things I want to do to a krb5_context I'll
either add gsskrb5_ wrappers, or a way of speicfying the krb5 context
per gssapi context.
(I want to ensure that the only krb5_context variables created while
executing Samba4 are via our wrapper).
Andrew Bartlett
(This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625)
|
|
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
|
|
- use this for the send_queue's of the different stream_servers
to not redefine the same struct so often, and it maybe will be used
in other places too
metze
(This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9)
|
|
return here.
Andrew Bartlett
(This used to be commit 73bd6c75343808952d97e32be9f624aba11c78d1)
|
|
Add support for showing security descriptor in regshell
Add support for saving files in NT4 registry backend
(This used to be commit 47cecd4726e6568f1aafb404646d2664f630a9bb)
|
|
Fix handling of REG_DWORD in the LDB backend.
Fix a couple of warnings
(This used to be commit 709fdc7ebf5a77cfb50359fad978884777decc3b)
|
|
(This used to be commit 716011dd92d65caacb31ae399b580defa4e6fb2d)
|
|
try and pass it down as a parameter.
Andrew Bartlett
(This used to be commit 530d91de7ca4d3763326bc9f5b0e79e77b823778)
|
|
DRSUAPI CrackNames.
We can't pass the full cracknames test until the initial provision is
updated, the seperate DomainControllerInfo and canonical names support
is added.
Andrew Bartlett
(This used to be commit ed24d88f0e8c6371acf6638a1c5f2112bc0bf285)
|
|
searches all over the place.
This can be extended to cover an NT4 (no ADS) mode in future as well.
Andrew Bartlett
(This used to be commit 0761b22f99a128bd9634a191adc88b0e30982a3a)
|
|
Guenther
(This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
|
|
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
|
|
(This used to be commit 333ebb40d55c60465564b894d5028b364e99ee00)
|
|
descriptor. To keep it simple I just use normal IDL buffers for now,
avoiding the complex methods metze used in spoolss. We might change
that later
Also added decoding of the security_descriptor in
winreg_GetKeySecurity() in smbtorture
(This used to be commit 439f34a9621e2e96329c30cfed8d78b8fdfbd8a2)
|
|
Andrew Bartlett
(This used to be commit 093b98b5b51d21cce9b2fdeab3d4113bfd96da41)
|
|
callers key). This is the normal pattern with rpc handles.
- fixed reference to undefined error variable in winreg_DeleteKey()
(This used to be commit 6757d51a280d6c393648a384f1ef3ca403517352)
|
|
Add ldb_dn_string_compose so that you can build a dn starting from a
struct ldb_dn base and a set of parameters to be composed in a format
string with the same syntax of printf
(This used to be commit 31c69d0655752cc8ea3bc5b7ea87792291302091)
|