Age | Commit message (Collapse) | Author | Files | Lines |
|
name of a domain member
This means that if we authentify for BOGUS\administrator in AD domain
FOREST with samba being domain member with the netbiosname MEMBER then
BOGUS\administrator will be mapped to MEMBER\administrator if the
password match.
|
|
This avoids casting to and from the struct auth_user_info_dc *user_info_dc
to to this, the
if (user_info_dc->info->authenticated)
is moved into auth_generate_session_info_wrapper(), which is the
function that gensec_security->auth_context->generate_session_info
points to.
Andrew Bartlett
|
|
|
|
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info. This will allow the
calling logic to be put in common.
Andrew Bartlett
|
|
TDB2's tdb_fetch() returns an error code; use tdb_fetch_compat() for now.
Similarly, tdb_errorstr() -> tdb_errorstr_compat().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
There is no need to return the PAC signatures via the special-purpose
torture element. Instead, use a private pointer on the auth_context
in conjunction with the private PAC processing method.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
|
|
Found by a eagle-eyed user.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 26 08:39:47 CET 2012 on sn-devel-104
|
|
This is needed to detect krb5 with aes for GENSEC_FEATURE_NEW_SPNEGO
at runtime.
metze
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Jan 25 01:36:02 CET 2012 on sn-devel-104
|
|
|
|
|
|
This way we only catch true exceptions and keyboard interrupts
are not caught here.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Tue Jan 24 03:32:40 CET 2012 on sn-devel-104
|
|
type macro.
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Jan 21 13:06:35 CET 2012 on sn-devel-104
|
|
metze
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Fri Jan 20 18:20:14 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Test handling of DeletePrinterDriverEx when the DPD_DELETE_ALL_FILES
flag is set.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
supplementalCredentials
If this is missing a w2k8r2 server will reboot, when someone tries to
change a password.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
|
|
Add options for extracting an LDIF file from a database
and reimporting the LDIF into a schema-less database for
subsequent topology test/debug. Add intersite topology
generation with computation of ISTG and bridgehead servers
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Jan 14 07:45:11 CET 2012 on sn-devel-104
|
|
Add NTDSSITELINK options to dsdb class for use
in python samba_kcc
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Flip some bits after the null terminator in the spoolss device mode
character arrays to trigger bug 8606.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
metze
|
|
This makes the dependencies easier to handle.
metze
|
|
This removes the dependency to s4 specific code.
metze
|
|
metze
|
|
Not all cleartext password (machine passwords) can be converted to utf8,
let's export the raw uint16_t array.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 23:58:12 CET 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 14:47:05 CET 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
This reverts commit c25af51232616061bb08eea86aae595b4f029490 because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
|
|
|
|
This allows a strict link between checksum types and key types to be
enforced.
Andrew Bartlett
|
|
The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.
This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.
Andrew Bartlett
|
|
|
|
Here we can fetch the right key, and check if the PAC is likely to be signed by a key that
we know. We cannot check the KDC signature on incoming trusts.
Andrew Bartlett
|
|
|
|
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Jan 12 06:43:01 CET 2012 on sn-devel-104
|
|
|
|
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
|
|
This make it clearer what type of flags these are.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will make it easier to share elements of the GSSAPI gensec mechs,
in much the same way elements of the NTLMSSP mech are shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
To do this some defines need to move to common_auth.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
By providing this context, a function pointer for
generate_session_info_pac() can be inserted into gensec, allowing the
s3 PAC processing in an otherwise more generic gensec module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|