summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6800: A big GENSEC update:Andrew Bartlett11-335/+558
Finally remove the distinction between 'krb5' and 'ms_krb5'. We now don't do kerberos stuff twice on failure. The solution to this is slightly more general than perhaps was really required (as this is a special case), but it works, and I'm happy with the cleanup I achived in the process. All modules have been updated to supply a NULL-terminated list of OIDs. In that process, SPNEGO code has been generalised, as I realised that two of the functions should have been identical in behaviour. Over in the actual modules, I have worked to remove the 'kinit' code from gensec_krb5, and placed it in kerberos/kerberos_util.c. The GSSAPI module has been extended to use this, so no longer requires a manual kinit at the command line. It will soon loose the requirement for a on-disk keytab too. The general kerberos code has also been updated to move from error_message() to our routine which gets the Heimdal error string (which may be much more useful) when available. Andrew Bartlett (This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
2007-10-10r6799: Remove a rudundent variable from the context structure - we can figureAndrew Bartlett4-10/+14
this out by asking GENSEC, just like everybody else. Andrew Bartlett (This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
2007-10-10r6798: Valgrind pain is not something I look forward to - if we ever fallAndrew Bartlett1-2/+6
back to the 'not /dev/urandom' method of random number generation, I don't want to be chasing down 'use of uninitialised value' though all the crypto code. Andrew Bartlett (This used to be commit 31ff2cd8e11dee36c42f82dcfd85338d3ff704d3)
2007-10-10r6797: Typo fix.Rafal Szczesniak1-1/+1
rafal (This used to be commit 0f9a2aef6c87bd53c962b33bf78bf773d2319b97)
2007-10-10r6796: Remove the gensec_gsskrb5 module, which had had all of it's specialAndrew Bartlett2-594/+0
features merged back into gensec_gssapi. (Removed because I've made some API changes, and it isn't worth 'fixing' the rudundent code to cope with changes) Andrew Bartlett (This used to be commit e8cf3d58ec956e41fc8d3e38363db3d5d838fe1d)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij23-159/+65
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6794: spellfixSimo Sorce1-3/+3
(This used to be commit f5956d150154cb4393dc323ae8ae1f936adee355)
2007-10-10r6793: Move auth_sam to use the dnsDomain rather than theAndrew Bartlett2-1/+7
soon-to-be-depricated 'realm'. Add torture test for this behaviour. Andrew Bartlet (This used to be commit 6b9020661a13fd5ec6c5d1e21344d9f654978987)
2007-10-10r6792: Allow a mech to fail on the first pass at the packet, and still fallAndrew Bartlett1-0/+2
back to the other options. Andrew Bartlett (This used to be commit 9153d7306124d5e4ffc0467728210e2e2235059f)
2007-10-10r6791: My early notes on the particular things I have discovered as I learnAndrew Bartlett1-0/+176
kerberos, and how Microsoft constructs their kerberos implementation. Andrew Bartlett (This used to be commit 5fa9be75d987af106fd798f6d5379b637a170b00)
2007-10-10r6790: Use config.h file for ldb and add test for stdint.hJelmer Vernooij4-2/+10
(This used to be commit c1f1b5a9455c827f7baf382d919ab8a0eab49bb3)
2007-10-10r6781: -add some comments on how attributes and objectClasses are identified ↵Stefan Metzmacher1-2/+83
in DRSUAPI -and some comments on what the attribute syntaxes matches what internal datatypes metze (This used to be commit 58c6887da48c2ebdec14529cb81e7589101f7aae)
2007-10-10r6776: make the cldap torture test not dependent on the realm being setAndrew Tridgell1-27/+54
correctly - it gets the realm from an initial no-attribute search (This used to be commit 52d10c8d99521f9dd02891a30688472d96860aef)
2007-10-10r6768: Fix wrong commentSimo Sorce1-1/+1
(This used to be commit 2f80b2070f1fc99151f0a583271cd9047d53bab6)
2007-10-10r6767: Fix compiler warning.Tim Potter1-0/+1
(This used to be commit 45a0692be10a03032f9a4e26da3de08696c03464)
2007-10-10r6766: some more cldap tests ...Andrew Tridgell2-5/+36
my best guess now is that w2k3 converts the & in the cldap query to an | for the ldap search. at least it behaves roughly like that. (This used to be commit 1d6ab9aaefee71e3d0f87c1afae8ccdbae1f0e04)
2007-10-10r6765: expanded the cldap test suite to test the usage of the DomainGuid,Andrew Tridgell1-5/+60
AAC, and User attributes in cldap netlogon queries interestingly, while WinXP generated cldap filters with these set, the w2k3 cldap server seems to completely ignore them, so I didn't need to alter our cldap server at all to pass the test :-) (This used to be commit 177c8becd2051c9d1f261358baf4b85ca89700d8)
2007-10-10r6764: added support for DomainGuid, DomainSid, AAC, and User attributes inAndrew Tridgell2-8/+40
cldap netlogon queries (This used to be commit 7c1d0f449d3922a309fc86e5d9cb1e962a39805d)
2007-10-10r6763: added functions in libcli/ldap/ to binary encode some NDR structures intoAndrew Tridgell4-2/+89
ldap friendly filter strings (This used to be commit 8890dd3ac331cffe83226a356c52df89c917c2b0)
2007-10-10r6762: with the zone right we don't need a fully qualified site name at allAndrew Tridgell1-2/+1
(This used to be commit 6f4ad382d445c3cdb8e50727f09d79334076e02d)
2007-10-10r6761: - not everyone is in my domain :-)Andrew Tridgell1-1/+19
- started adding support for the other cldap attributes that XP uses (This used to be commit 1537558039b012a4124e6167ad7ebfd7486f05ff)
2007-10-10r6759: let us have a wildcard attribute so that we can set a default for all ↵Simo Sorce1-1/+7
attributes example: *: CASE_INSENSITIVE by placing it in the @ATTRIBUTES object you make all the matching be case insensitive to make an excepion to the general rule now you just need to create an entry like: name: CASE_SENSITIVE the key CASE_SENSITIVE currently does not exist but has the effect of making the code ignore the wildcard default flag and being ldb case sensitive by default it let the "name" attribute be case sensitive again Tridge, can you look at this commit? Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ? Simo. (This used to be commit 5f10707e8ac36db03f3aa3e1ee1c40a9d9da2016)
2007-10-10r6752: Patch by Steven Edwards to improve portability to mingw32Jelmer Vernooij6-4/+25
(This used to be commit 8d63cd33a223cccb21d808747e9c97da53629fbc)
2007-10-10r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap ↵Andrew Tridgell1-0/+1
query with this in uppercase) (This used to be commit f0c37555ff30c3e5ff4680d0b33bc105ebd3a0b1)
2007-10-10r6750: some minor tweaks to the cldapd serverAndrew Tridgell2-8/+24
I can now join winxp -> samba4 DC using long name, and login. The nice thing is there are no delays now, as the client likes the replies it gets (This used to be commit 5aff7d36f3e535e305820ae42b023ae53cc0daf9)
2007-10-10r6747: first working version of cldapd server. It is missing 'sites' ↵Andrew Tridgell5-5/+252
support, and filling in some of the returned parameters is quite rough, but it seems to work OK (This used to be commit e564e3e596915414fad07c94f7ea8a0d9c3a1140)
2007-10-10r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOBAndrew Tridgell1-0/+23
(This used to be commit dc25be9d69a65680f7942ed29c2d791d6ce7248a)
2007-10-10r6745: - escape spaces in binary ldap blobsAndrew Tridgell2-3/+15
- expose the ldap filter string parsing outside of ldap.c (This used to be commit b644ff6fe164fbe359c47e4d34f5ad490ff61d5b)
2007-10-10r6744: added support for reply packets in libcli/cldap/Andrew Tridgell2-7/+184
(This used to be commit 992858e1b91c3ff05077afa8a7abe155198597d4)
2007-10-10r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,Andrew Tridgell1-1/+1
giving valgrind errors (This used to be commit 7af0c547e0c0da3bc78a1ee6c2ab29114d8625cc)
2007-10-10r6740: make gensec_gssapi.c compile againAndrew Tridgell1-1/+1
(This used to be commit 6d15e9511115cc30ee213ec91320a2dccde15b8f)
2007-10-10r6738: My version of the patch by metze that I just reverted (-r 6734).Andrew Bartlett3-56/+83
This also includes other changes to reduce memory use by GENSEC when not being used for sign/seal operations. This should lower tridge's K 'per connection' benchmark further. Andrew Bartlett (This used to be commit 4a5829401b20c10091185bbd93236477523459b2)
2007-10-10r6737: Explain these error returns a bit better.Andrew Bartlett1-2/+5
Andrew Bartlett (This used to be commit 77d054c65aeecfc0d1156d750f7b8025cb154d3a)
2007-10-10r6736: Revert metze's -r 6734, as metze and I made the same changes at theAndrew Bartlett3-51/+51
same time, but with different names. This just helps me avoid conflicts when I merge up my other changes. Andrew Bartlett (This used to be commit 27e6a853a5160cb1ad595bea25e891eeae439662)
2007-10-10r6734: most compiler don't like struct elements without a name...Stefan Metzmacher3-51/+51
metze (This used to be commit 0c1cd40bcea748d65938bb2dc8160ea07e9ec851)
2007-10-10r6733: GSS_C_DCE_STYLE is not available for most buildsStefan Metzmacher1-0/+5
metze (This used to be commit 3536029e8fb1da1ca689e0b7aa1f3edfb7967790)
2007-10-10r6732: - move sasl send recv code to the ldap libStefan Metzmacher4-153/+219
- support 'modrdn' ldif metze (This used to be commit b6a1734699953964fcde6fe6ea7048496492eb33)
2007-10-10r6731: add a useful function for getting a guid with all bits to 0Stefan Metzmacher1-0/+10
metze (This used to be commit 161ecce7441649629b97ce1ca903b9704e06f66b)
2007-10-10r6730: register gensec_krb5 also with the drcrpc auth typeStefan Metzmacher1-0/+1
metze (This used to be commit 491d7804f5f5bdfb43ae09b81c2cbc34fab2246d)
2007-10-10r6729: Fix silly copy-paste bug spotted by metze.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 400899995b2c2ed54a114f8f55e5fb36592298b9)
2007-10-10r6728: Microsoft relies very strongly on getting the OIDs it expects, so weAndrew Bartlett1-1/+31
must register the 'MS' OID for the domain join to progress. Andrew Bartlett (This used to be commit c8fbda6bfd96d5d57cd52bc15d8695547effe2e3)
2007-10-10r6727: One more step down the long march to the 'Kerberos domain join'.Andrew Bartlett3-8/+350
This patch allows a suitably patched Heimdal GSSAPI library (detected in configure) to supply to us the session keys, and further compleats the gensec_gssapi module. This is tested for CIFS, but fails for LDAP at this point (that is what I'll work on next). We currently fill out the 'session info' from the SAM, like gensec_krb5 does, but both will need to use the PAC extraction functions in the near future. Andrew Bartlett (This used to be commit 937ee361615a487af9e0279145e75b6c27720a6b)
2007-10-10r6726: support binary search elements in ldap_decode()Andrew Tridgell1-6/+42
(This used to be commit 2b36f1dfdd6cf3ab89f63b541ae4cd905fb03c8d)
2007-10-10r6725: the beginnings of a cldap serverAndrew Tridgell6-0/+202
(This used to be commit e51e0dffa8f8bff9bd1535751e805b548b6c6d7f)
2007-10-10r6724: added "cldap port" smb.conf parameterAndrew Tridgell3-5/+31
(This used to be commit 04af0e7c5de467a24b965ce1de2fb07621133164)
2007-10-10r6720: added support for the remaining 2 types of CLDAP netlogonAndrew Tridgell6-33/+106
response. To work around the fact that the type of the returned data is not encoded in the packet, this required adding ndr_pull_union_blob() which allows us to pull a blob into a union with a specified switch value, in this case the switch value comes from the calling NtVer field. (This used to be commit bd27e626c27be72913d1a1569ee6e2e2711df84e)
2007-10-10r6719: pidl need to be told that the external type netr_SchannelType is an ↵Andrew Tridgell1-0/+2
enum, otherwise it will assume its a struct (This used to be commit 9a8f3e3c4cc3bad804b4fab3a7248e6fd88f3749)
2007-10-10r6718: Formatting fixes.Rafal Szczesniak1-3/+2
rafal (This used to be commit a784c46dd40ee2ea00fb67caeb358e76cdc0712f)
2007-10-10r6717: - torture test of async useradd function and monitor messages.Rafal Szczesniak2-1/+59
- make message handling functions static. rafal (This used to be commit 96446e5e1e53eb519cbfeb64d0dd2f4052d75b0f)
2007-10-10r6714: We can only ask GENSEC questions if we are authenticated.Andrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit b429712f1e8234c64138aaa8ff67dce94988406c)