summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6768: Fix wrong commentSimo Sorce1-1/+1
(This used to be commit 2f80b2070f1fc99151f0a583271cd9047d53bab6)
2007-10-10r6767: Fix compiler warning.Tim Potter1-0/+1
(This used to be commit 45a0692be10a03032f9a4e26da3de08696c03464)
2007-10-10r6766: some more cldap tests ...Andrew Tridgell2-5/+36
my best guess now is that w2k3 converts the & in the cldap query to an | for the ldap search. at least it behaves roughly like that. (This used to be commit 1d6ab9aaefee71e3d0f87c1afae8ccdbae1f0e04)
2007-10-10r6765: expanded the cldap test suite to test the usage of the DomainGuid,Andrew Tridgell1-5/+60
AAC, and User attributes in cldap netlogon queries interestingly, while WinXP generated cldap filters with these set, the w2k3 cldap server seems to completely ignore them, so I didn't need to alter our cldap server at all to pass the test :-) (This used to be commit 177c8becd2051c9d1f261358baf4b85ca89700d8)
2007-10-10r6764: added support for DomainGuid, DomainSid, AAC, and User attributes inAndrew Tridgell2-8/+40
cldap netlogon queries (This used to be commit 7c1d0f449d3922a309fc86e5d9cb1e962a39805d)
2007-10-10r6763: added functions in libcli/ldap/ to binary encode some NDR structures intoAndrew Tridgell4-2/+89
ldap friendly filter strings (This used to be commit 8890dd3ac331cffe83226a356c52df89c917c2b0)
2007-10-10r6762: with the zone right we don't need a fully qualified site name at allAndrew Tridgell1-2/+1
(This used to be commit 6f4ad382d445c3cdb8e50727f09d79334076e02d)
2007-10-10r6761: - not everyone is in my domain :-)Andrew Tridgell1-1/+19
- started adding support for the other cldap attributes that XP uses (This used to be commit 1537558039b012a4124e6167ad7ebfd7486f05ff)
2007-10-10r6759: let us have a wildcard attribute so that we can set a default for all ↵Simo Sorce1-1/+7
attributes example: *: CASE_INSENSITIVE by placing it in the @ATTRIBUTES object you make all the matching be case insensitive to make an excepion to the general rule now you just need to create an entry like: name: CASE_SENSITIVE the key CASE_SENSITIVE currently does not exist but has the effect of making the code ignore the wildcard default flag and being ldb case sensitive by default it let the "name" attribute be case sensitive again Tridge, can you look at this commit? Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ? Simo. (This used to be commit 5f10707e8ac36db03f3aa3e1ee1c40a9d9da2016)
2007-10-10r6752: Patch by Steven Edwards to improve portability to mingw32Jelmer Vernooij6-4/+25
(This used to be commit 8d63cd33a223cccb21d808747e9c97da53629fbc)
2007-10-10r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap ↵Andrew Tridgell1-0/+1
query with this in uppercase) (This used to be commit f0c37555ff30c3e5ff4680d0b33bc105ebd3a0b1)
2007-10-10r6750: some minor tweaks to the cldapd serverAndrew Tridgell2-8/+24
I can now join winxp -> samba4 DC using long name, and login. The nice thing is there are no delays now, as the client likes the replies it gets (This used to be commit 5aff7d36f3e535e305820ae42b023ae53cc0daf9)
2007-10-10r6747: first working version of cldapd server. It is missing 'sites' ↵Andrew Tridgell5-5/+252
support, and filling in some of the returned parameters is quite rough, but it seems to work OK (This used to be commit e564e3e596915414fad07c94f7ea8a0d9c3a1140)
2007-10-10r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOBAndrew Tridgell1-0/+23
(This used to be commit dc25be9d69a65680f7942ed29c2d791d6ce7248a)
2007-10-10r6745: - escape spaces in binary ldap blobsAndrew Tridgell2-3/+15
- expose the ldap filter string parsing outside of ldap.c (This used to be commit b644ff6fe164fbe359c47e4d34f5ad490ff61d5b)
2007-10-10r6744: added support for reply packets in libcli/cldap/Andrew Tridgell2-7/+184
(This used to be commit 992858e1b91c3ff05077afa8a7abe155198597d4)
2007-10-10r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,Andrew Tridgell1-1/+1
giving valgrind errors (This used to be commit 7af0c547e0c0da3bc78a1ee6c2ab29114d8625cc)
2007-10-10r6740: make gensec_gssapi.c compile againAndrew Tridgell1-1/+1
(This used to be commit 6d15e9511115cc30ee213ec91320a2dccde15b8f)
2007-10-10r6738: My version of the patch by metze that I just reverted (-r 6734).Andrew Bartlett3-56/+83
This also includes other changes to reduce memory use by GENSEC when not being used for sign/seal operations. This should lower tridge's K 'per connection' benchmark further. Andrew Bartlett (This used to be commit 4a5829401b20c10091185bbd93236477523459b2)
2007-10-10r6737: Explain these error returns a bit better.Andrew Bartlett1-2/+5
Andrew Bartlett (This used to be commit 77d054c65aeecfc0d1156d750f7b8025cb154d3a)
2007-10-10r6736: Revert metze's -r 6734, as metze and I made the same changes at theAndrew Bartlett3-51/+51
same time, but with different names. This just helps me avoid conflicts when I merge up my other changes. Andrew Bartlett (This used to be commit 27e6a853a5160cb1ad595bea25e891eeae439662)
2007-10-10r6734: most compiler don't like struct elements without a name...Stefan Metzmacher3-51/+51
metze (This used to be commit 0c1cd40bcea748d65938bb2dc8160ea07e9ec851)
2007-10-10r6733: GSS_C_DCE_STYLE is not available for most buildsStefan Metzmacher1-0/+5
metze (This used to be commit 3536029e8fb1da1ca689e0b7aa1f3edfb7967790)
2007-10-10r6732: - move sasl send recv code to the ldap libStefan Metzmacher4-153/+219
- support 'modrdn' ldif metze (This used to be commit b6a1734699953964fcde6fe6ea7048496492eb33)
2007-10-10r6731: add a useful function for getting a guid with all bits to 0Stefan Metzmacher1-0/+10
metze (This used to be commit 161ecce7441649629b97ce1ca903b9704e06f66b)
2007-10-10r6730: register gensec_krb5 also with the drcrpc auth typeStefan Metzmacher1-0/+1
metze (This used to be commit 491d7804f5f5bdfb43ae09b81c2cbc34fab2246d)
2007-10-10r6729: Fix silly copy-paste bug spotted by metze.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 400899995b2c2ed54a114f8f55e5fb36592298b9)
2007-10-10r6728: Microsoft relies very strongly on getting the OIDs it expects, so weAndrew Bartlett1-1/+31
must register the 'MS' OID for the domain join to progress. Andrew Bartlett (This used to be commit c8fbda6bfd96d5d57cd52bc15d8695547effe2e3)
2007-10-10r6727: One more step down the long march to the 'Kerberos domain join'.Andrew Bartlett3-8/+350
This patch allows a suitably patched Heimdal GSSAPI library (detected in configure) to supply to us the session keys, and further compleats the gensec_gssapi module. This is tested for CIFS, but fails for LDAP at this point (that is what I'll work on next). We currently fill out the 'session info' from the SAM, like gensec_krb5 does, but both will need to use the PAC extraction functions in the near future. Andrew Bartlett (This used to be commit 937ee361615a487af9e0279145e75b6c27720a6b)
2007-10-10r6726: support binary search elements in ldap_decode()Andrew Tridgell1-6/+42
(This used to be commit 2b36f1dfdd6cf3ab89f63b541ae4cd905fb03c8d)
2007-10-10r6725: the beginnings of a cldap serverAndrew Tridgell6-0/+202
(This used to be commit e51e0dffa8f8bff9bd1535751e805b548b6c6d7f)
2007-10-10r6724: added "cldap port" smb.conf parameterAndrew Tridgell3-5/+31
(This used to be commit 04af0e7c5de467a24b965ce1de2fb07621133164)
2007-10-10r6720: added support for the remaining 2 types of CLDAP netlogonAndrew Tridgell6-33/+106
response. To work around the fact that the type of the returned data is not encoded in the packet, this required adding ndr_pull_union_blob() which allows us to pull a blob into a union with a specified switch value, in this case the switch value comes from the calling NtVer field. (This used to be commit bd27e626c27be72913d1a1569ee6e2e2711df84e)
2007-10-10r6719: pidl need to be told that the external type netr_SchannelType is an ↵Andrew Tridgell1-0/+2
enum, otherwise it will assume its a struct (This used to be commit 9a8f3e3c4cc3bad804b4fab3a7248e6fd88f3749)
2007-10-10r6718: Formatting fixes.Rafal Szczesniak1-3/+2
rafal (This used to be commit a784c46dd40ee2ea00fb67caeb358e76cdc0712f)
2007-10-10r6717: - torture test of async useradd function and monitor messages.Rafal Szczesniak2-1/+59
- make message handling functions static. rafal (This used to be commit 96446e5e1e53eb519cbfeb64d0dd2f4052d75b0f)
2007-10-10r6714: We can only ask GENSEC questions if we are authenticated.Andrew Bartlett1-1/+3
Andrew Bartlett (This used to be commit b429712f1e8234c64138aaa8ff67dce94988406c)
2007-10-10r6711: Clarify that we are dealing with a salting principal in the kerberosAndrew Bartlett1-40/+60
code, which is certainly not in the form of machine$. Rework the default salt to match what I just added to the heimdal server (Samba4 is back on speaking terms with lorikeet heimdal now), from Luke Howard's post to samba-technical in Nov 2004. Now to test compatability with MS... Andrew Bartlett (This used to be commit d719a0093bfe37fc62f28c7c02f17f93eec16abf)
2007-10-10r6709: Add monitor messages to useradd composite useradd function.Rafal Szczesniak1-5/+15
rafal (This used to be commit b3fce5b94be2f9491a53673b1baecf0c8fe5b7c4)
2007-10-10r6708: Another type of monitor message.Rafal Szczesniak1-0/+5
rafal (This used to be commit f7aaa0bfcae7fd4518256a703ad237693ff0c295)
2007-10-10r6705: let the gensec module decide if messages can be signed and sealed in ↵Stefan Metzmacher3-0/+10
a different order than a strict request - reply sequence Note: we should also fix the client code... metze (This used to be commit 0a61d1f65150546f7a7582512ca010d156f963bf)
2007-10-10r6704: fix compiler warningStefan Metzmacher1-1/+1
metze (This used to be commit 9d86314c44ae8e1ec21653b21cc267bfac573445)
2007-10-10r6703: fix the buildStefan Metzmacher1-1/+1
metze (This used to be commit 333f9bdf585db3df455009667d94deae568be02a)
2007-10-10r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 77b67da5b8187951ba8c25af85bbf716cf5b3561)
2007-10-10r6701: Updates to our server-side ticket verification code, we now use theAndrew Bartlett1-57/+44
client credentials code to read the secrets.ldb. Also clean up error handling, and ensure to always set the last_error_message stuff. Andrew Bartlett (This used to be commit 435d229e5d1da349f00d80a36b599ae70468e99d)
2007-10-10r6700: Upper case realms in kerberos-specific parts of the code, as this isAndrew Bartlett2-2/+11
no longer done globally. This keeps MIT client libraries happy, because otherwise the windows KDC will return a different case to what was requested. Andrew Bartlett (This used to be commit 9098b9321f938473c367f906cfe2f001ca1d8e6a)
2007-10-10r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d7f1daaf2a521864994e06b013c36287f27a129)
2007-10-10r6698: Our domain join code requires that the secureChannelType be set. TypeAndrew Bartlett1-0/+1
6 is BDC, which is correct for a self-join. Andrew Bartlett (This used to be commit cd61ff80f886bcb4a8c6b681879ee269604e98f3)
2007-10-10r6697: fix from Sven (wAmpIre) VeltStefan Metzmacher1-1/+1
metze (This used to be commit db2f5619f8114b6454cc2541d80129e1ca5fa1a9)
2007-10-10r6694: a simple CLDAP torture testAndrew Tridgell3-2/+85
interestingly, w2k3 seems to have 4 different varients of the netlogon cldap response. We decode two of them so far. The other two are tricky as they aren't distinguished by a command code, they use the same command codes (0x13 and 0x17) but have quite a different format. Very strange! (This used to be commit 58f1c39282e281450fe94ceab7ca0a53ec7172e1)