| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
supplementalCredentials
If this is missing a w2k8r2 server will reboot, when someone tries to
change a password.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add options for extracting an LDIF file from a database
and reimporting the LDIF into a schema-less database for
subsequent topology test/debug. Add intersite topology
generation with computation of ISTG and bridgehead servers
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sat Jan 14 07:45:11 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
| |
Add NTDSSITELINK options to dsdb class for use
in python samba_kcc
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
|
|
|
|
|
| |
Flip some bits after the null terminator in the spoolss device mode
character arrays to trigger bug 8606.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
|
| |
metze
|
|
|
|
|
|
| |
This makes the dependencies easier to handle.
metze
|
|
|
|
|
|
| |
This removes the dependency to s4 specific code.
metze
|
|
|
|
| |
metze
|
|
|
|
|
|
|
|
|
|
| |
Not all cleartext password (machine passwords) can be converted to utf8,
let's export the raw uint16_t array.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 23:58:12 CET 2012 on sn-devel-104
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
|
|
|
|
|
|
| |
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Jan 12 14:47:05 CET 2012 on sn-devel-104
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit c25af51232616061bb08eea86aae595b4f029490 because
otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a
KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
|
| |
|
|
|
|
|
|
|
| |
This allows a strict link between checksum types and key types to be
enforced.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
| |
The checking of the KDC signature is more complex than it looks, it may be of a different
enc type to that which the ticket is encrypted with, and may even be prefixed
with the RODC number.
This is better handled in the plugin which can easily look up the DB for the
correct key to verify this with, and can also quickly determine if this is
an interdomain trust, which we cannot verify the PAC for.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
Here we can fetch the right key, and check if the PAC is likely to be signed by a key that
we know. We cannot check the KDC signature on incoming trusts.
Andrew Bartlett
|
| |
|
|
|
|
|
| |
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Thu Jan 12 06:43:01 CET 2012 on sn-devel-104
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are optional to supply - some callers only provide an auth_context for the
other plugin functions, and so we need to deal with this cleanly.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
| |
This make it clearer what type of flags these are.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
| |
This will make it easier to share elements of the GSSAPI gensec mechs,
in much the same way elements of the NTLMSSP mech are shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
To do this some defines need to move to common_auth.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
By providing this context, a function pointer for
generate_session_info_pac() can be inserted into gensec, allowing the
s3 PAC processing in an otherwise more generic gensec module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Tue Jan 10 21:17:45 CET 2012 on sn-devel-104
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
| |
Signed-off-by: Kai Blin <kai@samba.org>
|
|
|
|
|
|
|
| |
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Tue Jan 10 15:05:38 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
Method not present in Python 2.4
Reviewed-by: Jelmer
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Jan 10 00:41:59 CET 2012 on sn-devel-104
|
|
|
|
|
|
| |
The class is not present in Python 2.4
Reviewed-by: Jelmer
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is useful to sync passwords from an AD domain.
$
$ source4/scripting/devel/repl_cleartext_pwd.py \
-Uadministrator%A1b2C3d4 \
172.31.9.219 DC=bla,DC=base /tmp/cookie cleartext_utf8 131085 displayName
# starting at usn[0]
dn: CN=Test User1,CN=Users,DC=bla,DC=base
cleartext_utf8: A1b2C3d4
displayName:: VABlAHMAdAAgAFUAcwBlAHIAMQA=
# up to usn[16449]
$
$ source4/scripting/devel/repl_cleartext_pwd.py \
-Uadministrator%A1b2C3d4
172.31.9.219 DC=bla,DC=base /tmp/cookie cleartext_utf8 131085 displayName
# starting at usn[16449]
# up to usn[16449]
$
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 9 19:06:06 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
These are defined in the krb5 abstraction headers elsewhere.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 9 14:32:08 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
| |
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jan 9 10:28:30 CET 2012 on sn-devel-104
|
|
|
|
| |
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
| |
There can be multiple dns records for a specified record type.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Fri Jan 6 02:41:22 CET 2012 on sn-devel-104
|
|
|
|
| |
This fixes the problem when updating DNS record for '@' or domain name.
|
|
|
|
|
|
|
|
| |
This allows gse_get_session_key() to work against Heimdal.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
"unix_to_nt_time()" which is based on "time_t" behaves differently for
literals > 32 bit on 32 and 64 bit platforms.
Reviewed-by: ekacnet
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Jan 5 11:59:20 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
This gets the session key from gensec for usage in DRSUAPI.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 4 22:31:52 CET 2012 on sn-devel-104
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|