summaryrefslogtreecommitdiff
path: root/source4/scripting/ejs/smbcalls_creds.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r21135: Instead of having hooks to update keytabs as an explicit thing, updateAndrew Bartlett1-12/+0
them as a hook on ldb modify, via a module. This should allow the secrets.ldb to be edited by the admin, and to have things update in the on-disk keytab just as an in-memory keytab would. This isn't really a dsdb plugin, but I don't have any other good ideas about where to put it. Andrew Bartlett (This used to be commit 6ce557a1aff4754d2622be8f1c6695d9ee788d54)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-0/+1
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r13018: Fix (correct) warning about mixing C/js interface function types. IAndrew Bartlett1-1/+1
don't use the arguments, but you must connect as the right type anyway. Andrew Bartlett (This used to be commit f50186e9306714b25ae8f92eff9a3e95ad706274)
2007-10-10r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.Andrew Bartlett1-0/+22
Doing this required reworking ejsnet, particularly so it could take a set of credentials, not just a username and password argument. This required fixing the ejsnet.js test script, which now adds and deletes a user, and is run from 'make test'. This should prevent it being broken again. Deleting a user from ejsnet required that the matching backend be added to libnet, hooking fortunetly onto already existing code for the actual deletion. The js credentials interface now handles the 'set machine account' flag. New functions have been added to provision.js to wrap the basic operations (so we can write a command line version, as well as the web based version). Andrew Bartlett (This used to be commit a5e7c17c348c45e61699cc1626a0d5eae2df4636)
2007-10-10r12738: Use a talloc_reference to ensure this doesn't get free()'ed too early.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 0f8c162211662de59f42a96fe5bdf56ed5be883f)
2007-10-10r11995: A big kerberos-related update.Andrew Bartlett1-0/+12
This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10r10528: Add credentials.h back into includes.h as some compilers don'tJelmer Vernooij1-1/+0
seem to be able to handle incomplete enum types. (This used to be commit 540155fad3c8e3d79fb631bb3f14273f82130a73)
2007-10-10r10510: Decrease the amount of data included by includes.h a bitJelmer Vernooij1-0/+1
(This used to be commit 03647e1321cf6c9bd6ced3945265f635e9468973)
2007-10-10r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.Andrew Bartlett1-1/+1
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
2007-10-10r9728: A *major* update to the credentials system, to incorporate theAndrew Bartlett1-1/+1
Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10r9724: Rewrite samba3dump in JS. The summary works now, but the full outputJelmer Vernooij1-5/+15
is triggering some obscure EJS assert.. (This used to be commit 42605f4444998e3063ffd1bea17425ff825f6132)
2007-10-10r9477: Convert popt options to an ejs object. Doesn't seem to break anythingRafal Szczesniak1-11/+26
except of popt help (-h) option (unexpected ?). rafal (This used to be commit 1990793b23d6198a85ce1bdf6ad43e12015db203)
2007-10-10r9071: Set real and workstation fields in ejs credentials object.Rafal Szczesniak1-0/+62
rafal (This used to be commit eb7a5d09c7a469f94357434c6dadbdf54b52d5db)
2007-10-10r9070: More fields in ejs credentials object.Rafal Szczesniak1-0/+56
rafal (This used to be commit e819c035f79477b5dd8ee62292a18c9e8532c9f7)
2007-10-10r9059: add a basic credentials object for mimirAndrew Tridgell1-0/+107
(This used to be commit 36a9277e878d4db599fcfc02b96d2aaeac0b74dd)