summaryrefslogtreecommitdiffstats
path: root/source3/libads
Commit message (Collapse)AuthorAgeFilesLines
* s3-ads: cleanup ads_keytab_list()Simo Sorce2010-08-181-13/+16
|
* s3-ads: cleanup ads_keytab_create_default()Simo Sorce2010-08-181-113/+136
|
* s3-ads: cleanup ads_keytab_add_entry()Simo Sorce2010-08-181-57/+80
|
* s3-ads: Split, simplify and cleanup keytab functionsSimo Sorce2010-08-181-169/+172
| | | | | add helper function for both smb_krb5_kt_add_entry_ext() and ads_keytab_flush()
* s3-ads: Remove unused function and fileSimo Sorce2010-08-172-30/+0
|
* s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett2010-08-132-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
* s3-krb5: include krb5pac.h where needed.Günther Deschner2010-08-062-0/+3
| | | | Guenther
* s3-secrets: only include secrets.h when needed.Günther Deschner2010-08-054-0/+4
| | | | Guenther
* s3: avoid global include of ads.h.Günther Deschner2010-08-0520-82/+363
| | | | Guenther
* s3-printing: remove unused get_local_printer_publishing_data() call.Günther Deschner2010-07-311-14/+0
| | | | Guenther
* s3-build: avoid to globally include printing and spoolss headers.Günther Deschner2010-07-311-1/+2
| | | | | | This shrinks precompiled headers by 3MB and will slightly speed up any build. Guenther
* cleanups: Trailing spaces, line length, etc...Simo Sorce2010-07-301-111/+163
|
* s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keysSimo Sorce2010-07-202-2/+4
|
* Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵Jeremy Allison2010-07-201-4/+4
| | | | | | contexts. Jeremy.
* Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL ↵Jeremy Allison2010-07-201-3/+6
| | | | | | context tallocs. Jeremy.
* Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduceJeremy Allison2010-07-201-1/+1
| | | | | | use of malloc, and data_blob(). Jeremy.
* Rename spnego_gen_negTokenTarg() -> spnego_gen_krb5_negTokenInit()Jeremy Allison2010-07-201-1/+1
| | | | | | as this correctly describes what this function does. Jeremy.
* Remove gen_negTokenTarg(), as it's not actually creating a TokenTarg frame, ↵Jeremy Allison2010-07-201-1/+1
| | | | | | | | but a TokenInit one. Move to using spnego_gen_negTokenInit() instead. Jeremy
* Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit().Jeremy Allison2010-07-191-1/+2
| | | | | | | We now have one function to do this in all calling code. More rationalization to follow. Jeremy.
* Remove parse_negTokenTarg(), as it's actually incorrect. We're processingJeremy Allison2010-07-191-1/+1
| | | | | | negTokenInit's here. Use common code in spnego_parse_negTokenInit(). Jeremy.
* s3-ntlmssp: Remove ntlmssp_end and let the talloc hierarchy handle it.Simo Sorce2010-07-191-7/+7
| | | | | | All the members are children of ntlmssp_state anyway. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3-libads: move ldap posix schema defines to their own header file.Günther Deschner2010-07-013-0/+64
| | | | Guenther
* s3-libads: only include libds flags where needed.Günther Deschner2010-07-012-0/+2
| | | | Guenther
* s3-libads: move ads_dns out of main includes.Günther Deschner2010-07-013-0/+92
| | | | Guenther
* s3-libads: move ads_status to a separate header file.Günther Deschner2010-07-011-0/+42
| | | | Guenther
* s3-libads: move ads_protos.h to ads_ldap_protos.h.Günther Deschner2010-07-011-0/+123
| | | | Guenther
* s3-libnet_join: small IDL enhancement.Günther Deschner2010-07-011-2/+0
| | | | Guenther
* s3-libads: use shared well known guids.Günther Deschner2010-07-011-1/+1
| | | | Guenther
* s3: remove authdata.hGünther Deschner2010-06-031-1/+0
| | | | Guenther
* s3: remove rpc_secdes.h completely.Günther Deschner2010-06-031-0/+3
| | | | Guenther
* s3: Allow previous password to be stored and use it to check ticketsMatthieu Patou2010-06-021-37/+58
| | | | | | | | This patch is to fix bug 7099. It stores the current password in the previous password key when the password is changed. It also check the user ticket against previous password. Signed-off-by: Günther Deschner <gd@samba.org>
* s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()Andrew Bartlett2010-05-311-1/+5
| | | | | | | | | This ensures the results can't be easily left to leak. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
* ntlmssp: Make the ntlmssp.h from source3/ a common headerAndrew Bartlett2010-05-311-1/+1
| | | | | | | | | The code is not yet in common, but I hope to fix that soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
* s3: use shared security defines.Günther Deschner2010-05-311-14/+14
| | | | Guenther
* s3: only use netlogon/nbt header when needed.Günther Deschner2010-05-313-0/+14
| | | | Guenther
* s3-build: use ndr_misc.h where needed.Günther Deschner2010-05-281-0/+1
| | | | Guenther
* s3-printing: fix buildwarning in publishing code after registry changes.Günther Deschner2010-05-261-5/+5
| | | | Guenther
* s3:registry: move reg_objects.h to registry/ and use it only where neededMichael Adam2010-05-251-0/+1
| | | | | Every place outside of registry/ where this is used, should probably be changed to use pure reg_api.c code.
* s3:libads:use regval_ctr/blob accessor functions in ldap_printer.cMichael Adam2010-05-251-34/+42
|
* s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett2010-05-212-23/+23
| | | | | | | | | | This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-libads: add ads_set_sasl_wrap_flags().Günther Deschner2010-05-201-0/+14
| | | | Guenther
* s3-rpc_client: move protos to cli_spoolss.hGünther Deschner2010-05-181-0/+1
| | | | Guenther
* s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner2010-05-182-4/+5
| | | | Guenther
* s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner2010-05-181-1/+1
| | | | Guenther
* s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner2010-05-181-1/+1
| | | | Guenther
* s3: Remove use of iconv_convenience.Jelmer Vernooij2010-05-183-17/+10
|
* s3-registry: only include registry headers when really needed.Günther Deschner2010-05-181-0/+1
| | | | Guenther
* s3-kerberos: temporary fix for ipv6 in print_kdc_line().Günther Deschner2010-05-171-5/+20
| | | | | | | | | | Currently no krb5 lib supports "kdc = ipv6 address" at all, so for now just fill in just the kdc_name if we have it and let the krb5 lib figure out the appropriate ipv6 address ipv6 gurus, please check. Guenther
* s3-kerberos: pass down kdc_name to create_local_private_krb5_conf_for_domain().Günther Deschner2010-05-171-7/+12
| | | | Guenther
* s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATAAndrew Bartlett2010-05-112-121/+26
| | | | | | | | | | | | | | | All the callers just want the PAC_LOGON_INFO, so search for that in ads_verify_ticket(), and don't bother the callers with the rest of the PAC. This change makes sense on it's own (removing boilerplate wrappers that just confuse the code), but it also makes it much easier to implement a matching ads_verify_ticket() function in Samba4 for the s3compat proposal. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
generated by cgit (git 2.34.1) at 2025-05-15 11:49:47 +0000