Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
We think we have the bug fixed.
Andrew Bartlett
|
|
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ. (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
Andrew Bartlett
|
|
It is much easier to do decryption with wireshark when the keytab is
available for every host in the domain. Running 'net export keytab
<keytab name>' will export the current (as pointed to by the supplied
smb.conf) local Samba4 doamin.
(This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4,
and so has a good chance of keeping working in the long term).
Andrew Bartlett
|
|
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f.
This breaks the build...
Andrew, please repush it, when it's fixed:-)
metze
|
|
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
|
|
It is much easier to do decryption with wireshark when the keytab is
available for every host in the domain. Running 'net export keytab
<keytab name>' will export the current (as pointed to by the supplied
smb.conf) local Samba4 doamin.
(This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4,
and so has a good chance of keeping working in the long term).
Andrew Bartlett
|
|
This overloads the 'name' part of the keytab name to supply a context
pointer, and so avoids 3 global variables!
To do this, we had to stop putting the entry for kpasswd into the
secrets.ldb. (I don't consider this a big loss, and any entry left
there by an upgrade will be harmless).
Andrew Bartlett
|
|
(We recently made the ms_schema.py script also add this attribute)
|
|
This extends the hdb_keytab code to allow enumeration of all the keys.
The plan is to allow ktutil's copy command to copy from Samba4's
hdb_samba4 into a file-based keytab used in wireshark.
One day, with a few more hacks, we might even make this a loadable
module that can be used directly...
Andrew Bartlett
|
|
This removes the last use of the prefix hdb_ldb and makes it clear
that we pass in 3 global variables to get state information into
hdb_samba4 when used as a keytab. (And that they belong to
hdb_samba4, not to the KDC)
Andrew Bartlett
|
|
metze
|
|
to the peer
We should even do this if the submech has no more data to send.
metze
|
|
LDB_CONTROL_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064
LDB_CONTROL_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065
metze
|
|
LDAP_SERVER_SHOW_RECYCLED_OID 1.2.840.113556.1.4.2064
LDAP_SERVER_SHOW_DEACTIVATED_LINK_OID 1.2.840.113556.1.4.2065
metze
|
|
In the SAMBA 4 DCE/RPC NETLOGON server the SAM context references have generally
the type "void *". But we know that those context objects are based on the "struct
ldb_context" type. We've always to cast for using a SAM/LDB call.
This I didn't find very appealing and so I assigned the right (detailed) type to each "sam_ctx".
Therefore, the casts could disappear.
Also this change is only cosmetic.
|
|
metze
|
|
We were missing the 'cn' attribute, which we then prepare a sorted
list based on. On Linux, strcmp(NULL, NULL) does not segfault, where
it does on FreeBSD.
Reported by Timur I. Bakeyev <timur@com.bat.ru>
Andrew Bartlett
|
|
We add an extra num_chunks to the frsrpc_CommPktChunkCtr structure
and use hand modified ndr_push/pull functions to let it not appear
on the wire.
metze
|
|
metze
|
|
|
|
To do this properly, we must use the PAC, but for now this is enough
to check that we are delegating to another name on the same host
(which must be safe).
(Windows 7 does this a lot, also noted in bug 6273)
Andrew Bartlett
|
|
- Adds more system objects which make sense to have them in SAMBA 4 also to
have them when we add more and more services related to the directory (volume
support, DFS, replication service, COM...)
- Make sure that "isCriticalSystemObject" and "showInAdvancedViewOnly" attributes
are set correctly on each object
|
|
|
|
|
|
|
|
|
|
File descriptor leaks when write(2) fails and we are returning from
function.
Found by cppcheck:
[./source4/lib/registry/patchfile.c:319]: (error) Resource leak: fd
|
|
|
|
Some corrections which make the code a bit more readable (no functional changes here)
|
|
Changes the order of two commands. First set up the "priv" structure, then
assign it to the "ntvfs" structure.
|
|
|
|
ndr_dfs in libndr-standard.
|
|
|
|
|
|
the "standard" set of DCE/RPC interfaces found on Windows.
|
|
|
|
|
|
|
|
|
|
rather than creating a separate shared library for it.
|
|
|
|
Guenther
|
|
compiler version"
This is now handled correctly in the newly imported Heimdal
This reverts commit 4a754d029b0eb229b23980aa4a80dae2b485a302.
|
|
d09910d6803aad96b52ee626327ee55b14ea0de8)
This includes in particular changes to the KDC to resolve bug 6272,
originally by Matthieu Patou <mat+Informatique.Samba@matws.net>. We
need to sort the AuthorizationData elements to put the PAC first, or
else WinXP breaks when browsed from Win2k8.
Andrew Bartlett
|
|
Each attribute we request from LDB comes with a small cost, so don't
lookup any more than we must for the (very) frequent krbtgt lookup
case. Similarly, we don't need to build a PAC for a server (as a
target), so don't ask for the PAC attributes here either.
Andrew Bartlett
|
|
The LDB_ prefix is misleading, and stomps on the LDB namespace. This
is a Samba4 hdb module, and not something generic.
Andrew Bartlett
|
|
This reverts commit 0d9fdbceedddb08dbea8ed84e06a218d3ec562f4.
|
|
This reverts commit 3c9b26276083002124674678ac757e859fb6b20e.
|