summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* s4:dsdb/password_hash: require a "Primary:Kerberos" blob in ↵Stefan Metzmacher2012-01-161-0/+16
| | | | | | | | | | | | supplementalCredentials If this is missing a w2k8r2 server will reboot, when someone tries to change a password. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
* KCC importldif/exportldif and intersite topologyDave Craft2012-01-142-376/+2429
| | | | | | | | | | | | Add options for extracting an LDIF file from a database and reimporting the LDIF into a schema-less database for subsequent topology test/debug. Add intersite topology generation with computation of ISTG and bridgehead servers Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Sat Jan 14 07:45:11 CET 2012 on sn-devel-104
* Intersite KCC flags for pythonDave Craft2012-01-141-0/+5
| | | | | | | Add NTDSSITELINK options to dsdb class for use in python samba_kcc Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4-smbtorture: tweak spoolss_OpenPrinterEx devmodeDavid Disseldorp2012-01-131-2/+2
| | | | | | | Flip some bits after the null terminator in the spoolss device mode character arrays to trigger bug 8606. Signed-off-by: Jeremy Allison <jra@samba.org>
* auth/gensec: move spnego.c to the toplevelStefan Metzmacher2012-01-132-1411/+0
| | | | metze
* auth/gensec: common helper functions should be in gensec_util.cStefan Metzmacher2012-01-131-107/+0
| | | | | | This makes the dependencies easier to handle. metze
* s4:auth/gensec: inline packet_full_request_u32()Stefan Metzmacher2012-01-131-1/+9
| | | | | | This removes the dependency to s4 specific code. metze
* s4:auth/gensec: fix compiler warnings in spnego.cStefan Metzmacher2012-01-131-3/+0
| | | | metze
* s4:repl_cleartext_pwd.py: add optional 'clear_utf16_name' parameterStefan Metzmacher2012-01-121-7/+17
| | | | | | | | | | Not all cleartext password (machine passwords) can be converted to utf8, let's export the raw uint16_t array. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 23:58:12 CET 2012 on sn-devel-104
* s4:repl_cleartext_pwd.py: add 'attmode' parameter to convert the attname to utf8Stefan Metzmacher2012-01-121-5/+22
| | | | metze
* s4:repl_cleartext_pwd.py: correctly compare attids as uint32_t valuesStefan Metzmacher2012-01-121-5/+10
| | | | metze
* s4:pygensec/tests: add test for gensec_set_max_update_size()Stefan Metzmacher2012-01-121-0/+54
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 14:47:05 CET 2012 on sn-devel-104
* s4:auth/gensec/spnego: add support for fragmented spnego messagesStefan Metzmacher2012-01-121-3/+205
| | | | metze
* s4:pygensec: add set_max_update_size() and max_update_size() functionsStefan Metzmacher2012-01-121-0/+25
| | | | metze
* Revert "make paranoia check less paranoid" - check that key types strictly matchAndrew Bartlett2012-01-121-1/+1
| | | | | | | | | | | This reverts commit c25af51232616061bb08eea86aae595b4f029490 because otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
* make hmac-md5 the keyed checksum type for arcfour-hmac-md5Andrew Bartlett2012-01-121-1/+1
|
* use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3Andrew Bartlett2012-01-121-0/+8
| | | | | | | This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett
* heimdal: remove checking of KDC PAC signature, delegate to wdc pluginAndrew Bartlett2012-01-121-12/+2
| | | | | | | | | | | | The checking of the KDC signature is more complex than it looks, it may be of a different enc type to that which the ticket is encrypted with, and may even be prefixed with the RODC number. This is better handled in the plugin which can easily look up the DB for the correct key to verify this with, and can also quickly determine if this is an interdomain trust, which we cannot verify the PAC for. Andrew Bartlett
* auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett2012-01-121-1/+1
|
* s4-kdc Do the KDC PAC checksum validation in the Samba pluginAndrew Bartlett2012-01-126-44/+152
| | | | | | | Here we can fetch the right key, and check if the PAC is likely to be signed by a key that we know. We cannot check the KDC signature on incoming trusts. Andrew Bartlett
* s4-kdc: use IDL constant NETLOGON_GENERIC_KRB5_PAC_VALIDATEAndrew Bartlett2012-01-121-1/+1
|
* samba-tool:dns: DNS names are case insensitiveAmitay Isaacs2012-01-121-3/+3
| | | | | Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Thu Jan 12 06:43:01 CET 2012 on sn-devel-104
* s4-rpc:dnsserver: DNS names are case insensitiveAmitay Isaacs2012-01-123-17/+17
|
* s4:auth: Make sure to check the optional auth_context hooks before using themAndrew Bartlett2012-01-111-18/+26
| | | | | | | | | | | | These are optional to supply - some callers only provide an auth_context for the other plugin functions, and so we need to deal with this cleanly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
* gensec: Rename want_flags and got_flags in gensec_gssapiAndrew Bartlett2012-01-111-26/+26
| | | | | | | | This make it clearer what type of flags these are. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: make gensec_gssapi.h commonAndrew Bartlett2012-01-111-67/+0
| | | | | | | | | This will make it easier to share elements of the GSSAPI gensec mechs, in much the same way elements of the NTLMSSP mech are shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: move gensec_util.c to the top levelAndrew Bartlett2012-01-113-104/+1
| | | | | | | | To do this some defines need to move to common_auth.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* auth: make auth4_context common to provide access to generate_session_info_pac()Andrew Bartlett2012-01-111-52/+0
| | | | | | | | | | By providing this context, a function pointer for generate_session_info_pac() can be inserted into gensec, allowing the s3 PAC processing in an otherwise more generic gensec module. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* krb5: Require krb5_set_real_time is available to build with krb5Andrew Bartlett2012-01-101-4/+0
|
* krb5: Require krb5_get_renewed_creds be available to build with krb5Andrew Bartlett2012-01-101-1/+0
|
* krb5: Remove now unused checks for krb5_verify_checksumAndrew Bartlett2012-01-101-2/+0
|
* krb5: Require krb5_c_enctype_compare is available to build with krb5Andrew Bartlett2012-01-101-1/+0
|
* s4:provision: add "+dns" to server services if the dns backend is SAMBA_INTERNALMichael Adam2012-01-101-2/+7
| | | | | | | Signed-off-by: Kai Blin <kai@samba.org> Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Tue Jan 10 21:17:45 CET 2012 on sn-devel-104
* s4:provision: add a server services line to the smb.conf template for the dcMichael Adam2012-01-101-0/+2
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s4:provision: add the possibility to provision "server services" in smb.confMichael Adam2012-01-101-2/+9
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* s4:provision: improve a messageMichael Adam2012-01-101-1/+1
| | | | Signed-off-by: Kai Blin <kai@samba.org>
* samba: check for AES encryption type defines.Günther Deschner2012-01-101-0/+2
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue Jan 10 15:05:38 CET 2012 on sn-devel-104
* s4:python tests __init__.py - do not depend on "subprocess.check_call()"Matthias Dieter Wallnöfer2012-01-101-1/+4
| | | | | | | | | Method not present in Python 2.4 Reviewed-by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Jan 10 00:41:59 CET 2012 on sn-devel-104
* s4:python tests __init__.py - do not depend on "subprocess.CalledProcessError"Matthias Dieter Wallnöfer2012-01-091-6/+11
| | | | | | The class is not present in Python 2.4 Reviewed-by: Jelmer
* s4:scripting/devel: add repl_cleartext_pwd.py scriptStefan Metzmacher2012-01-091-0/+377
| | | | | | | | | | | | | | | | | | | | | | | | | | | This is useful to sync passwords from an AD domain. $ $ source4/scripting/devel/repl_cleartext_pwd.py \ -Uadministrator%A1b2C3d4 \ 172.31.9.219 DC=bla,DC=base /tmp/cookie cleartext_utf8 131085 displayName # starting at usn[0] dn: CN=Test User1,CN=Users,DC=bla,DC=base cleartext_utf8: A1b2C3d4 displayName:: VABlAHMAdAAgAFUAcwBlAHIAMQA= # up to usn[16449] $ $ source4/scripting/devel/repl_cleartext_pwd.py \ -Uadministrator%A1b2C3d4 172.31.9.219 DC=bla,DC=base /tmp/cookie cleartext_utf8 131085 displayName # starting at usn[16449] # up to usn[16449] $ metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 9 19:06:06 CET 2012 on sn-devel-104
* s4-kerberos: remove some unused prototypes.Günther Deschner2012-01-091-22/+0
| | | | | | | | | These are defined in the krb5 abstraction headers elsewhere. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
* s4:python/samba/ndr.py: add an optional 'allow_remaining' to ndr_unpack()Stefan Metzmacher2012-01-091-2/+3
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Jan 9 10:28:30 CET 2012 on sn-devel-104
* ntlmssp: merge initial packet implementationsAndrew Bartlett2012-01-061-6/+25
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* samba-tool:dns: Check through all the DNS records for a matchAmitay Isaacs2012-01-061-16/+16
| | | | | | | There can be multiple dns records for a specified record type. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Jan 6 02:41:22 CET 2012 on sn-devel-104
* s4-rpc:dnsserver: Do not replace @ with zone_name in update operationAmitay Isaacs2012-01-061-1/+6
| | | | This fixes the problem when updating DNS record for '@' or domain name.
* s3-librpc Use gsskrb5_get_subkey() where available to get the session keyAndrew Bartlett2012-01-051-0/+1
| | | | | | | | This allows gse_get_session_key() to work against Heimdal. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:repl_meta_data LDB module - set "isRecycled" time correctlyMatthias Dieter Wallnöfer2012-01-051-9/+8
| | | | | | | | | | "unix_to_nt_time()" which is based on "time_t" behaves differently for literals > 32 bit on 32 and 64 bit platforms. Reviewed-by: ekacnet Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
* s4:pyrpc: add 'user_session_key' getter to the connection objectStefan Metzmacher2012-01-042-1/+45
| | | | | | | | | This gets the session key from gensec for usage in DRSUAPI. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 4 22:31:52 CET 2012 on sn-devel-104
* s4:pygensec/tests: check that the client and server have the same session keyStefan Metzmacher2012-01-041-1/+4
| | | | metze
* s4:pygensec: add session_key() methodStefan Metzmacher2012-01-041-0/+29
| | | | metze