Age | Commit message (Collapse) | Author | Files | Lines |
|
server. Now to try another one...
Andrew Bartlett
(This used to be commit 175f616d74ac3567a35713343be0c63c96c5aede)
|
|
backend.
The idea is that every time we open an LDB, we can provide a
session_info and/or credentials. This would allow any ldb to be remote
to LDAP. We should also support provisioning to a authenticated ldap
server.
(They are separate so we can say authenticate as foo for remote, but
here we just want a token of SYSTEM).
Andrew Bartlett
(This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
|
|
This merges Samba4 up to current lorikeet-heimdal, which includes a
replacement for some Samba-specific hacks.
In particular, the credentials system now supplies GSS client and
server credentials. These are imported into GSS with
gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY
keytab, so we now create a FILE based keytab as provision and join
time.
Because the keytab is now created in advance, we don't spend .4s at
negprot doing sha1 s2k calls. Also, because the keytab is read in
real time, any change in the server key will be correctly picked up by
the the krb5 code.
To mark entries in the secrets which should be exported to a keytab,
there is a new kerberosSecret objectClass. The new routine
cli_credentials_update_all_keytabs() searches for these, and updates
the keytabs.
This is called in the provision.js via the ejs wrapper
credentials_update_all_keytabs().
We can now (in theory) use a system-provided /etc/krb5.keytab, if
krb5Keytab: FILE:/etc/krb5.keytab
is added to the secrets.ldb record. By default the attribute
privateKeytab: secrets.keytab
is set, pointing to allow the whole private directory to be moved
without breaking the internal links.
(This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
|
|
(This used to be commit 4b56c129c6f1654f9dbe37bc950a836f15c48b3d)
|
|
smbsrv_connection
metze
(This used to be commit acd3e644e030a3544ddc6cdcd4e0ec9617732cba)
|
|
(This used to be commit 696fa87a212e65d6337c39a84f682b64b52593a5)
|
|
argument to split()
(This used to be commit 25131efea8c1a2b0bfa7f999766ebcbab8fa8006)
|
|
needed for mmc management of Samba4.
(This used to be commit cbbce4fe403efc0b9e63052c2aa1fbb5972f2abe)
|
|
(This used to be commit daa9dcd8f4b1dde801091ec64faa8158481d171c)
|
|
- speed up provisioning a bit using a ldb transaction (also means you
can't end up with a ldb being half done)
(This used to be commit 91dfe304cf688bb81b69ff3192ac84b78b34b311)
|
|
js arrays are a special type of object where the length property is
automatic, and cannot be modified manually. Our code was manually
setting length, which made it abort when someone passed in a real ejs
array. To fix this we need to create real arrays instead of objects,
and remove the code that manually sets the length
(This used to be commit ebdd1393fde44a0a35446d1a922d29a7c1769ba7)
|
|
problem is really caused by hklm not having objectclass attributes on
its records, but this is a workaround)
(This used to be commit 62d5253a033f47335ceefade9ad7d98ddfc19584)
|
|
(This used to be commit 27f46b4f18346ea03d8626a380e417b00f7a88d1)
|
|
list should be from the dnsdomain (ie lowercae).
Andrew Bartlett
(This used to be commit 10d692a1c216134b301b5851ce1e71ed93cc6164)
|
|
Andrew Bartlett
(This used to be commit 0c29f0e30d64be09baad792eb2850aa0b8fa9981)
|
|
fired.
Andrew Bartlett
(This used to be commit df6a40c2d261804f1cd4feb24572135a4c62a802)
|
|
so you can use them in search filters,
only for administration not used inside the winserver code
- fix the samba3 ugrade scripts to create a correct samba4 wins.ldb
metze
(This used to be commit 9f3b6746d86583c48097da48c28f50f075bbd3e3)
|
|
role"
(This used to be commit c5e3a1c55d9e21f9ee618169dc05c69ee9c9c5b1)
|
|
if we fail to erase a ldb during provision by traversing
and deleting records (an in-place erase) then just unlink it
and start it again. This makes provisioning much more robust
to changes in ldb that make it not backward compatible with
old DBs.
(This used to be commit 173655aec25c462b8b90b850df65ae6f95f44efb)
|
|
(This used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)
|
|
Convert Samba3 policy "refuse machine pw change" to registry value.
(This used to be commit a143234ac7622ef3ef87c80224927551a1452e4b)
|
|
(This used to be commit 4f0ee80f6cc1639f612a50ddb8d99ee36d8ce8d6)
|
|
(This used to be commit 76e943d4416e38ce4cce27d5403bc3e133d0025b)
|
|
Update PLAN
Some more small other fixes
(This used to be commit de2bde2526ffaf521253e3b9e58fc11417986321)
|
|
(This used to be commit b7992de4b7d42a55e00509c887a269a07c19627d)
|
|
(This used to be commit d2db164d6f674cada470e871c558c75f98244141)
|
|
registry tdb.
(This used to be commit 11e2a1938966f3aa9e9c25433181c20843951a6b)
|
|
Be a bit more verbose
(This used to be commit fb2fd8da10b281b2064d4cae5d5a0630e8a207da)
|
|
Add 'paths' object to provision code.
(This used to be commit 488d737fb0ebbc2535d0ec17c14f0dc1eaf2a578)
|
|
Write out new smb.conf file. Parameters that have disappeared
between Samba 3 and 4 will optionally be prefixed with 'samba3:'
(This used to be commit 27eefbd9059fe0a3daca15a71da7b4cb88ed22ec)
|
|
with your loadparm interface. :-/
(This used to be commit bb0cef581a09a86113f3212c776c011ae73def14)
|
|
(This used to be commit b7c09df9e506f8048f69c4bdd1c3351e3b554e18)
|
|
Update TODO-list
(This used to be commit d9541535e3f9e1c058410eeb0a54d60181572f2b)
|
|
Fix password support
Make base64 decode/encode functions available to EJS
(This used to be commit 1376a1fe44cd6b01709819095a711c14626b1d3e)
|
|
Still need to polish some rough edges
(This used to be commit a8f309aa812533f57a90410722dfb342c8cf3b48)
|
|
Upgrading using SWAT should work as well now.
(This used to be commit 8baa2ac377315ae8b365f58c2bda0bf3d0c5aec3)
|
|
(should fix standard provisioning on AIX)
(This used to be commit b1d9ef899821376d7883fa126a14c06ed1b16601)
|
|
- [ldb_map] Support storing non-mappable data in a fallback LDB
(This used to be commit 435e4c6389b9d9b545beec8036289620ee5883db)
|
|
Samba3 data (both console and SWAT)
(This used to be commit d569465dc4def55c27878028f2fc762960f453d8)
|
|
(This used to be commit 7e3b94dfb9c421793dab7813b96ca63da4b33960)
|
|
(This used to be commit b1844905d2c1ca26aef0ccba799ff16383348fc1)
|
|
make sure we leave the account enabled after creating a new user
(This used to be commit a22d0d02eed8b960f5fde4211b0d2967c500f4a4)
|
|
option to the winreg tool
(This used to be commit 881452c7b7cc00222328f743c2c0c4ece39f4c96)
|
|
- added a reg.typestring() method that returns a string representation of a type
(This used to be commit 47cf409cdf501fc3e2b0c65688a9ef1d702278a5)
|
|
string containing "(POINTER)"
(This used to be commit 6f69eeb8f258063f1ac911ab38e667e7743ccba3)
|
|
rpc fault
(This used to be commit 3a9c63923fbb21dfb8e5fc549dde8fad8cb8f354)
|
|
calls. The previous IDL was just a workaround for the limitations of
our older rpc infrastructure. Now that Jelmer has added much improved
string support using the charset keyword we can correctly implemenent
the unusual winreg string buffers.
Jelmer, note the little comment I put on winreg_StringBuf() about why
I couldn't use [value()] for the length field.
This also fixes EnumKey() and EnumValue() to use NTTIME fields for the
last_changed_time. I don't know why we were using a pair of uint32's,
as it is just a NTTIME.
(This used to be commit 8354b016122cc4f3cff042b3ada1de07e1614eb7)
|
|
(This used to be commit ceb7669e5991e9dda759d60a09a0a65e6caba991)
|
|
and more conveniently (caller doesn't need to know the hive names now)
(This used to be commit dadd7e22fb439f7b18c429a95c75902e4741ba8d)
|
|
(This used to be commit 0b96b3bfe370f5f4e44cc1a2a249f766a04c5b07)
|