summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
...
* r12010: - added support for domain specific SID codes in SDDL stringsAndrew Tridgell2005-12-023-22/+101
| | | | | | - added a bunch more tests to LOCAL-SDDL (all the ones from our schema) - fixed 'mixed coded declarations' bug
* r12009: made the LOCAL-SDDL test less verbose by default, and add it to theAndrew Tridgell2005-12-022-2/+4
| | | | standard tests for the build farm
* r12008: added a simple LOCAL-SDDL test suite. Only one example so far. Will beAndrew Tridgell2005-12-024-21/+85
| | | | filled in with more examples as I expand the sddl parsing code.
* r12007: fixed a valgrind error in the SMB2-SETINFO testAndrew Tridgell2005-12-021-0/+2
|
* r12006: don't require callers to fill in pad bytes in SMB2 callsAndrew Tridgell2005-12-024-4/+4
|
* r12005: added a SDDL (Security Descriptor Description Language) parser. NotAndrew Tridgell2005-12-022-0/+316
| | | | | | | | | all flags are covered yet, and object aces aren't done yet. This is needed for ACL support in ldb, as the default security descriptor for each object class is given by the defaultSecurityDescriptor attribute in the schema, which is stored in SDDL format
* r12004: added some SEC_ADS_* security flags. Needed for a SDDL parser.Andrew Tridgell2005-12-021-0/+11
|
* r12001: Replace smbcli_full_connection call with composite connect usedRafal Szczesniak2005-12-011-8/+25
| | | | | | | | in sync version. This step makes it easer to move further to async dcerpc connect routine. rafal
* r12000: Update to current lorikeet-heimdal, including in particular supportAndrew Bartlett2005-12-0112-26/+504
| | | | | | | for referencing an existing in-MEMORY keytab (required for the new way we push that to GSSAPI). Andrew Bartlett
* r11997: for multidimentional array like this:Stefan Metzmacher2005-12-011-2/+3
| | | | | | | | | | | | | | | | uint32 [num_level2][num_level1][num_level0] fix the order they're pushed and pulled, it should be like this for (l2=0; l2 < num_level2; l2++) { for (l1=0; l1 < num_level1; l1++) { for (l0=0; l0 < num_level0; l0++) { ndr_pull_uint32(...); } } } metze
* r11996: don't overwrite the buffercodeStefan Metzmacher2005-12-011-1/+1
| | | | metze
* r11995: A big kerberos-related update.Andrew Bartlett2005-12-0127-295/+633
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links.
* r11994: This function no longer needs a special declaration.Andrew Bartlett2005-12-011-4/+0
| | | | Andrew Bartlett
* r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to ↵Andrew Bartlett2005-12-011-98/+321
| | | | | | | | | | | be updated. This allows a new password to be written in, and old entries removed (we keep kvno and kvno-1). Clean up the code a lot, and add comments on what it is doing... Andrew Bartlett
* r11992: Potentially allow SPNEGO to be disabled (as occours on WinXPAndrew Bartlett2005-12-011-13/+22
| | | | | | | | standalone), and use only NTLMSSP. (But doing so would break Samba3's client). Andrew Bartlett
* r11991: Null termainte the list of backends. (Makes it easier to walk the ↵Andrew Bartlett2005-12-011-2/+2
| | | | | | list). Andrew Bartlett
* r11990: Set the password set time as 'now', so it isn't expired back in 2004.Andrew Bartlett2005-12-011-2/+1
| | | | Andrew Bartlett
* r11989: Rather than grabbing the machine account details at this point, grabAndrew Bartlett2005-12-011-10/+1
| | | | | | | them 'later'. We will need to handle the errors when we call the get_* methods. Andrew Bartlett
* r11988: Setup the sessionInfo just before the connect, rather than earlierAndrew Bartlett2005-12-011-4/+6
| | | | | | when we havn't finished popt. Andrew Bartlett
* r11987: Clarify the accountExpires behaviour in the KDC.Andrew Bartlett2005-12-011-4/+5
| | | | Andrew Bartlett
* r11984: LGPL on header and testsuite as wellAndrew Tridgell2005-12-012-22/+30
|
* r11983: make talloc LGPL. This makes more sense given that ldb depends onAndrew Tridgell2005-12-011-11/+15
| | | | talloc, and ldb is now LGPL
* r11982: ensure the fde event gets freed before the socket itself, as otherwiseAndrew Tridgell2005-12-012-5/+5
| | | | | we get a error from epoll about disabling events for a file descriptor that is closed
* r11981: we should allocate request specific memory in ldb modules off theAndrew Tridgell2005-12-011-1/+1
| | | | request strucutre. It will take a while for this to happen everywhere.
* r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and thatAndrew Tridgell2005-12-017-27/+30
| | | | | | | | it only appeared to be like a SMBtrans request as it was being called with function 0x11c017 which is "named pipe read write" I wonder if this means we could do DCE/RPC over SMB using ntioctl calls as well?
* r11974: only look at $pl->{POINTER_TYPE} when $pl is definedStefan Metzmacher2005-11-301-7/+6
| | | | metze
* r11973: make it easier to find bugsStefan Metzmacher2005-11-302-2/+7
| | | | metze
* r11972: handle [noejs] property also on functionsStefan Metzmacher2005-11-301-1/+2
| | | | metze
* r11971: add nbt specific continue wrapperStefan Metzmacher2005-11-301-0/+11
| | | | metze
* r11970: fixed a valgrind error. The auth info from the alter_context reply wasAndrew Tridgell2005-11-301-1/+1
| | | | being freed before being given to gensec_update()
* r11969: got rid of the very annoying 'failed to open /secrets.tdb'Andrew Tridgell2005-11-301-1/+5
| | | | | | | | | | messages. As discussed with Andrew, this will soon be replaced with a system that marks the credentials to use the machine accout from the database rather than pre-loading the machine account details here. The reason we got the annoying messages is this was being called before smb.conf is loaded, so the code doesn't yet know the location of the private directory
* r11968: More warning fixes. We're on track to getting to double digits forTim Potter2005-11-307-14/+14
| | | | the number of warnings generated now.
* r11967: Fix more 64-bit warnings.Tim Potter2005-11-3018-57/+65
|
* r11965: Try to fix some 64-bit warnings.Tim Potter2005-11-301-1/+1
|
* r11959: Use DOS_errors array for displaying WERROR valuesJelmer Vernooij2005-11-291-1/+1
|
* r11958: - fixed memory leaks in the ldb_result handling in ldb operationsAndrew Tridgell2005-11-299-100/+108
| | | | - removed an unnecessary level of pointer in ldb_search structure
* r11957: fixed up code meant for debuggingAndrew Tridgell2005-11-291-3/+3
|
* r11956: removed the old rootdse.ldif, and the provision.js code that uses itAndrew Tridgell2005-11-292-35/+0
|
* r11955: got rid of the old rootDSE code in the ldap server.Andrew Tridgell2005-11-295-394/+0
| | | | | | The partitioning logic is still there, but we only have one partition. If we need partitioning in the future it might be better to remove this partitioning code and use a partitioning module instead
* r11954: add the static rootdse content to the sam ldb,and enable the rootdseAndrew Tridgell2005-11-291-1/+21
| | | | module in @MODULES
* r11953: enabled the rootdse module in the ldb modules codeAndrew Tridgell2005-11-291-0/+1
|
* r11952: added a rootdse module. This will replace the existing rootdse code inAndrew Tridgell2005-11-293-40/+202
| | | | | | the ldap server. The reason for the change is that ldb modules need some way to get at the static info stored in the rootDSE (such as the location of the schema) but they can't do that right now
* r11949: make sure we ask gensec to give us a session keyAndrew Tridgell2005-11-281-0/+2
| | | | | | | andrew, this answers your question on irc about whether the same session key mechanisms are used in smb2. They are - the RPC-LSA secret tests pass fine over ncacn_np on SMB2, which means the session key must be working
* r11941: fix cut'n'paste bugStefan Metzmacher2005-11-281-1/+1
| | | | metze
* r11940: Love has clarified why this code does what it does.Andrew Bartlett2005-11-282-8/+6
| | | | Andrew Bartlett
* r11931: Add a short README explaining what this directory is all about.Andrew Bartlett2005-11-271-0/+6
| | | | Andrew Bartlett
* r11930: Add socket/packet handling code for kpasswddAndrew Bartlett2005-11-273-5/+52
| | | | | | | | | | Allow ticket requests with only a netbios name to be considered 'null' addresses, and therefore allowed by default. Use the netbios address as the workstation name for the allowed workstations check with krb5. Andrew Bartlett
* r11929: Add static, comments.Andrew Bartlett2005-11-271-3/+3
| | | | Andrew Bartlett
* r11928: More Kerberos musings...Andrew Bartlett2005-11-271-20/+64
| | | | Andrew Bartlett
* r11913: if we have a UNIQUE name with more than 1 address,Stefan Metzmacher2005-11-251-0/+5
| | | | | | it becomes implicit an MHOMED record metze
generated by cgit (git 2.34.1) at 2025-09-29 01:49:12 +0000