summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11526: And another warning...Volker Lendecke1-1/+1
(This used to be commit 16467008c64d84f29bec0ea45767bb1050726b34)
2007-10-10r11525: Move lookups (including the attribute search) for users fromAndrew Bartlett2-112/+127
kdc/hdb-ldb.c to share the routines used for auth/ This will require keeping the attribute list in sync, but I think it is worth it for the next steps (sharing the server_info generation). Andrew Bartlett (This used to be commit da38bcefa752a508abd28e8ff6277b493d24c2dd)
2007-10-10r11524: More work on our hdb backend in the KDC.Andrew Bartlett1-116/+78
The aim here is to restructure the queries to match the queries we do in auth, then to share the code that does the actual query (at least for user logins). Then we can generate the PAC from that shared query, rather than a seperate query. Andrew Bartlett (This used to be commit 4395d087e19286536dbb41fa5758491b302fa437)
2007-10-10r11523: Working towards having Samba3 join Samba4, this allows the SASLAndrew Bartlett1-3/+7
credentials to be NULL, where the client is requesting a CIFS style server-first negTokenInit. Andrew Bartlett (This used to be commit eba652ecc89766304fdad14463072dc311693701)
2007-10-10r11522: Add support for delegated credentials and machine account credentialsAndrew Bartlett2-2/+28
to ldb, based on the sessionInfo we now pass around. Andrew Bartlett (This used to be commit 84e16e4ea7240409f15efd9f64344f9e0cec8111)
2007-10-10r11521: Add in client support for checking supportedSASLmechanisms, and thenAndrew Bartlett4-7/+129
determining a mechanism to use. Currently it doesn't to fallbacks like SPNEGO does, but this could be added (to GENSEC, not to here). This also adds a new function to GENSEC, which returns a list of SASL names in our preference order (currently determined by the build system of all things...). Also make the similar function used for OIDs in SPNEGO do the same. This is all a very long-winded way of moving from a hard-coded NTLM to GSS-SPNEGO in our SASL client... Andrew Bartlett (This used to be commit 130eb9bb9a37957614c87e0e6846a812abb51e00)
2007-10-10r11520: indentAndrew Bartlett1-1/+1
(This used to be commit ce611eb5f31bc63fc23700e7a2c47e68b8f826aa)
2007-10-10r11519: And an uninitialized variable...Volker Lendecke1-1/+1
(This used to be commit dc0e9f8d1a2285623e99dcccf055b4860ddd1294)
2007-10-10r11518: Fix a warningVolker Lendecke1-1/+1
(This used to be commit 4a32df49e66b49b20b78bf165869b7592bb626fd)
2007-10-10r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke16-703/+489
wb_domain_request, now that we have queued rpc requests. Volker (This used to be commit 848522d1b64c1c283ac1ea7ce7f1a7a1b014a2aa)
2007-10-10r11516: Fix a valgrind bug I introduce with queued requestsVolker Lendecke1-3/+6
(This used to be commit 3e4ab756f421acd747e9ea4c48b0f61d48dfa8fd)
2007-10-10r11515: Add some talloc_get_typeVolker Lendecke1-2/+2
(This used to be commit 558c29971d5855308a9d8dfd21e8ac7ec24abc01)
2007-10-10r11514: Fixup debug messageAndrew Bartlett1-1/+1
(This used to be commit b2372cad367a29d7dca596dace703a349b381a09)
2007-10-10r11513: Add the ability to use the local machine account instead of a staticAndrew Bartlett2-15/+71
password or delegation. Add the ability to delegate for RPC pipes on the RPC proxy backend (the backend itself seems be having problems however). Andrew Bartlett (This used to be commit a7e946bc37e4acfbe2c483b4f1ead0341f9b3d19)
2007-10-10r11512: fix typoAndrew Bartlett1-1/+1
(This used to be commit 4143c22e3077bd5aecb3427ff0a8857dab799400)
2007-10-10r11503: be quite...Stefan Metzmacher1-1/+1
metze (This used to be commit e992119bf3a7004c095214b3279c78e59f2c5e2b)
2007-10-10r11502: make sure we always use the 7 chars for the unix socket name.Stefan Metzmacher1-1/+1
this is to test if that works on irix 6.4 where we can only use 16 chars for the sun_path of the unix sockets. the plan is to make multiple interfaces possible with socket wrapper, and the format will change to ("%c%02X%04X", type, iface, port), which is also 7 char to the file name metze (This used to be commit e60d491864ad7ea7f981bc1918ace4ee3fb2d77a)
2007-10-10r11501: change provision code to use the new display specifiersAndrew Tridgell1-0/+2
(This used to be commit 696fa87a212e65d6337c39a84f682b64b52593a5)
2007-10-10r11500: fixed a bug in the variable substition code using the new limit ↵Andrew Tridgell1-1/+1
argument to split() (This used to be commit 25131efea8c1a2b0bfa7f999766ebcbab8fa8006)
2007-10-10r11499: added a minimal set of display specifiers for mmc to use to displayAndrew Tridgell1-0/+108
the core elements of a Samba4 domain (This used to be commit bee45531eaa1f7b96f123c146af3bc30681ebdec)
2007-10-10r11498: added an optional extra argument to split to limit the number ofAndrew Tridgell1-8/+19
pieces a string is split into. This allows for a fix in the variable substitution used in provisioning (This used to be commit be06785d4835abcbc7d75c0176c85a8ecc0cc11d)
2007-10-10r11497: Don't name parameters 'floor'. Rename fl and floor to epm_floor forAndrew Bartlett1-58/+58
consistancy. Andrew Bartlett (This used to be commit 8787eb982f899c68a490fb9c71c21ec1d9ec0308)
2007-10-10r11496: add a minimal ads-compatible schema into our sam.ldb setup. This isAndrew Tridgell3-2/+8509
needed for mmc management of Samba4. (This used to be commit cbbce4fe403efc0b9e63052c2aa1fbb5972f2abe)
2007-10-10r11489: add the one replication cycle test to NBT-WINSREPLICATION-QUICKStefan Metzmacher3-1/+23
metze (This used to be commit fc53eab2f1bdae471ee68c4b67f57b1eb0821f61)
2007-10-10r11488: handle the stupid name release demand a windows there send...Stefan Metzmacher1-5/+22
metze (This used to be commit 1b62959a3dd11fface6642e5843224752e188b4a)
2007-10-10r11487: thanks to make test I noticed a dead lock bug, in the last change,Stefan Metzmacher1-19/+39
this only happens with socket_wrapper as socket_connect() returns NT_STATUS_OK instead of NT_STATUS_MORE_PROCESSING_REQUIRED, and we missed to replace the fde event handler... metze (This used to be commit f04001f28007ad6bbecdcdf0d1d5887e378d2467)
2007-10-10r11485: prevent us from calling the request handler recursiv whenStefan Metzmacher1-0/+3
the handler calls talloc_free(wrepl_socket) metze (This used to be commit bf0b96f057c7f4ac39409c8710ec0cfb55d9fb04)
2007-10-10r11484: test some multi homed record mergingStefan Metzmacher1-50/+563
metze (This used to be commit 630f571934c1119dc3156a1e4b909fc6d5ae95fc)
2007-10-10r11481: Disable pre-linking on VMSJelmer Vernooij1-0/+5
(This used to be commit 2b3ad67b5d53e8c63d81e9fe4ef237c5c927d595)
2007-10-10r11480: demonstrate the only the positive name query response cares,Stefan Metzmacher1-7/+135
not the addresses that are returned in it metze (This used to be commit 82e19d68086e795d68cd11eda21448f695aac0a3)
2007-10-10r11479: fix compiler warningStefan Metzmacher1-2/+2
metze (This used to be commit 5f45d070208eedaef59bff5f7e05f37719285d84)
2007-10-10r11478: add owned,active,multi homed vs. * sectionStefan Metzmacher1-341/+893
metze (This used to be commit 0231926e0a017bb65a900867a6dee7ca52d7ffe9)
2007-10-10r11477: This seems really nasty, but as I understand it an attacker cannotAndrew Bartlett1-2/+11
change this checksum, as it is inside the encrypted packets. Where the client (such as Samba3) fakes up GSSAPI, allow it to continue. We can't rid the world of all Samba3 and similar clients... Andrew Bartlett (This used to be commit e60cdb63fb37e44252f83a56a6302f0bd22dec4d)
2007-10-10r11476: finally fixed the intermittent registry server bug! This has beenAndrew Tridgell1-1/+0
cropping up occasionally for ages. The problem was the generic reg code setting up a backend_data value, which it has no business doing (backend_data is for backends ...) (This used to be commit 9d6d03fd1d360e15883bb1b8917ccedcc0d97a5d)
2007-10-10r11475: removed a extraneous ldb_delete() call (i had it there for debugging)Andrew Tridgell1-1/+0
(This used to be commit daa9dcd8f4b1dde801091ec64faa8158481d171c)
2007-10-10r11474: - enable ldb transactions from ejsAndrew Tridgell2-4/+100
- speed up provisioning a bit using a ldb transaction (also means you can't end up with a ldb being half done) (This used to be commit 91dfe304cf688bb81b69ff3192ac84b78b34b311)
2007-10-10r11473: Based on work by Jelmer, implement the [async] flag for rpc ↵Volker Lendecke8-40/+190
requests. If it's not there (it's not yet on *any* call... :-)), the rpc client strictly sequences calls to an rpc pipe. Might need some more work on the exact sequencing semantics when a pipe with both sync and async calls is actually deployed, but I want it in for winbind simplification. Volker (This used to be commit b8f324e4f000971b7dafc263c16dd4af958ee7f9)
2007-10-10r11472: use talloc_get_type() to try to catch an intermittent failure I'm ↵Andrew Tridgell1-26/+30
seeing in the ldb winreg backend (This used to be commit a56a3696cc6a5186f736e503704c288589e5a833)
2007-10-10r11471: Describe how kerberos forwarding works with the ntvfs.Andrew Bartlett1-1/+25
Andrew Bartlett (This used to be commit 66d7a51394b26bf9e8737477af965d08d9efde6d)
2007-10-10r11470: To a server trusted for delegation (checked for in the gss libs),Andrew Bartlett1-1/+1
delegate by default. Andrew Bartlett (This used to be commit 49d489c81d5b5c86e032ed6edfda4590d1d1f2be)
2007-10-10r11469: Fix typo, and use the correct (RFC4120) session key for delegatingAndrew Bartlett2-11/+13
credentials. This means we now delegate to windows correctly. Andrew Bartlett (This used to be commit d6928a3bf86f1ab89f29eac538ceb701c6669913)
2007-10-10r11468: Merge a bit more of init_sec_context from Heimdal CVS into ourAndrew Bartlett2-5/+29
DCE_STYLE modified version, and add parametric options to control delegation. It turns out the only remaining issue is sending delegated credentials to a windows server, probably due to the bug lha mentions in his blog (using the wrong key). If I turn delgation on in smbclient, but off in smbd, I can proxy a cifs session. I can't wait till Heimdal 0.8, so I'll see if I can figure out the fix myself :-) Andrew Bartlett (This used to be commit fd5fd03570c13f5644e53ff89ac8eca7c0985740)
2007-10-10r11466: Clear up some memory leaks in smbclient.Andrew Bartlett2-18/+23
Andrew Bartlett (This used to be commit 6535959fd7dfddd6bafb77a266ec3a641025f880)
2007-10-10r11462: Fix the build: somehow I lost the header for this samba-specific hack.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 0a4194118974bdde4e10fd32578a5beeb6e768ce)
2007-10-10r11459: display a schemaIDGUID as a guid in ldif, making it easier to workAndrew Tridgell1-0/+8
with schemas in ldbedit (This used to be commit ddbca6e83254275568bff4c2f88cdbc4bfa666a6)
2007-10-10r11458: fixed our ejs smbscript interfaces to use arrays where appropriate. InAndrew Tridgell8-42/+48
js arrays are a special type of object where the length property is automatic, and cannot be modified manually. Our code was manually setting length, which made it abort when someone passed in a real ejs array. To fix this we need to create real arrays instead of objects, and remove the code that manually sets the length (This used to be commit ebdd1393fde44a0a35446d1a922d29a7c1769ba7)
2007-10-10r11457: fixed the winreg IDL and torture code so key and value enumerationsAndrew Tridgell2-9/+12
work again. The automatic value() is fine for the length, but cannot be used for the size as the size is not the number of bytes being sent, but the number of bytes that the server is allowed to use in the reply (This used to be commit 46e91f269c83707863a726e716325eade38e1142)
2007-10-10r11456: fixed a ejs parser bug for delete() statementsAndrew Tridgell1-1/+3
(This used to be commit b8694c58f528d9da66cd623076282caece39d8a7)
2007-10-10r11453: Fix warning, for a case that just can't happen.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit c0ba414a38de7ffa7b2a59c664598e64e911fe7c)
2007-10-10r11452: Update Heimdal to current lorikeet, including removing the ccache sideAndrew Bartlett17-171/+427
of the gsskrb5_acquire_cred hack. Add support for delegated credentials into the auth and credentials subsystem, and specifically into gensec_gssapi. Add the CIFS NTVFS handler as a consumer of delegated credentials, when no user/domain/password is specified. Andrew Bartlett (This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)