summaryrefslogtreecommitdiffstats
path: root/source
Commit message (Collapse)AuthorAgeFilesLines
...
* r11536: Add a hook for client-principal access control to hdb-ldb, re-usingAndrew Bartlett2005-11-067-44/+231
| | | | | | | | | the code in auth/auth_sam.c for consistancy. This will also allow us to have one place for a backend directory hook. I will use a very similar hook to add the PAC. Andrew Bartlett
* r11535: Support void functions when generating templates.Jelmer Vernooij2005-11-061-2/+10
|
* r11534: Consider ntvfs as a libraryJelmer Vernooij2005-11-061-1/+5
|
* r11533: Be a bit less intrusiveVolker Lendecke2005-11-061-1/+2
|
* r11532: Enable kerberos session setup for winbind smb connectionsVolker Lendecke2005-11-061-0/+9
|
* r11529: Disable DNS lookups for forwarded credentials, unless really, reallyAndrew Bartlett2005-11-061-34/+41
| | | | | | | | | | wanted. There is nothing that suggests that the host we forward credentials to will not have other interfaces, unassoicated with their service name. Likewise, the name may be a netbios, not DNS name. This should avoid some nasty DNS lookups. Andrew Bartlett
* r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke2005-11-0512-355/+571
| | | | | | | | | | | | | | possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker
* r11527: Has this ever been run?Volker Lendecke2005-11-051-0/+1
|
* r11526: And another warning...Volker Lendecke2005-11-051-1/+1
|
* r11525: Move lookups (including the attribute search) for users fromAndrew Bartlett2005-11-052-112/+127
| | | | | | | | | kdc/hdb-ldb.c to share the routines used for auth/ This will require keeping the attribute list in sync, but I think it is worth it for the next steps (sharing the server_info generation). Andrew Bartlett
* r11524: More work on our hdb backend in the KDC.Andrew Bartlett2005-11-051-116/+78
| | | | | | | | | | | The aim here is to restructure the queries to match the queries we do in auth, then to share the code that does the actual query (at least for user logins). Then we can generate the PAC from that shared query, rather than a seperate query. Andrew Bartlett
* r11523: Working towards having Samba3 join Samba4, this allows the SASLAndrew Bartlett2005-11-051-3/+7
| | | | | | | credentials to be NULL, where the client is requesting a CIFS style server-first negTokenInit. Andrew Bartlett
* r11522: Add support for delegated credentials and machine account credentialsAndrew Bartlett2005-11-052-2/+28
| | | | | | to ldb, based on the sessionInfo we now pass around. Andrew Bartlett
* r11521: Add in client support for checking supportedSASLmechanisms, and thenAndrew Bartlett2005-11-054-7/+129
| | | | | | | | | | | | | | | | | | determining a mechanism to use. Currently it doesn't to fallbacks like SPNEGO does, but this could be added (to GENSEC, not to here). This also adds a new function to GENSEC, which returns a list of SASL names in our preference order (currently determined by the build system of all things...). Also make the similar function used for OIDs in SPNEGO do the same. This is all a very long-winded way of moving from a hard-coded NTLM to GSS-SPNEGO in our SASL client... Andrew Bartlett
* r11520: indentAndrew Bartlett2005-11-051-1/+1
|
* r11519: And an uninitialized variable...Volker Lendecke2005-11-051-1/+1
|
* r11518: Fix a warningVolker Lendecke2005-11-051-1/+1
|
* r11517: Cleanup time, this looks larger than it is. This mainly gets rid ofVolker Lendecke2005-11-0516-703/+489
| | | | | | wb_domain_request, now that we have queued rpc requests. Volker
* r11516: Fix a valgrind bug I introduce with queued requestsVolker Lendecke2005-11-051-3/+6
|
* r11515: Add some talloc_get_typeVolker Lendecke2005-11-051-2/+2
|
* r11514: Fixup debug messageAndrew Bartlett2005-11-051-1/+1
|
* r11513: Add the ability to use the local machine account instead of a staticAndrew Bartlett2005-11-052-15/+71
| | | | | | | | | password or delegation. Add the ability to delegate for RPC pipes on the RPC proxy backend (the backend itself seems be having problems however). Andrew Bartlett
* r11512: fix typoAndrew Bartlett2005-11-051-1/+1
|
* r11503: be quite...Stefan Metzmacher2005-11-041-1/+1
| | | | metze
* r11502: make sure we always use the 7 chars for the unix socket name.Stefan Metzmacher2005-11-041-1/+1
| | | | | | | | | | | this is to test if that works on irix 6.4 where we can only use 16 chars for the sun_path of the unix sockets. the plan is to make multiple interfaces possible with socket wrapper, and the format will change to ("%c%02X%04X", type, iface, port), which is also 7 char to the file name metze
* r11501: change provision code to use the new display specifiersAndrew Tridgell2005-11-041-0/+2
|
* r11500: fixed a bug in the variable substition code using the new limit ↵Andrew Tridgell2005-11-041-1/+1
| | | | argument to split()
* r11499: added a minimal set of display specifiers for mmc to use to displayAndrew Tridgell2005-11-041-0/+108
| | | | the core elements of a Samba4 domain
* r11498: added an optional extra argument to split to limit the number ofAndrew Tridgell2005-11-041-8/+19
| | | | | pieces a string is split into. This allows for a fix in the variable substitution used in provisioning
* r11497: Don't name parameters 'floor'. Rename fl and floor to epm_floor forAndrew Bartlett2005-11-041-58/+58
| | | | | | consistancy. Andrew Bartlett
* r11496: add a minimal ads-compatible schema into our sam.ldb setup. This isAndrew Tridgell2005-11-043-2/+8509
| | | | needed for mmc management of Samba4.
* r11489: add the one replication cycle test to NBT-WINSREPLICATION-QUICKStefan Metzmacher2005-11-033-1/+23
| | | | metze
* r11488: handle the stupid name release demand a windows there send...Stefan Metzmacher2005-11-031-5/+22
| | | | metze
* r11487: thanks to make test I noticed a dead lock bug, in the last change,Stefan Metzmacher2005-11-031-19/+39
| | | | | | | | this only happens with socket_wrapper as socket_connect() returns NT_STATUS_OK instead of NT_STATUS_MORE_PROCESSING_REQUIRED, and we missed to replace the fde event handler... metze
* r11485: prevent us from calling the request handler recursiv when Stefan Metzmacher2005-11-031-0/+3
| | | | | | the handler calls talloc_free(wrepl_socket) metze
* r11484: test some multi homed record mergingStefan Metzmacher2005-11-031-50/+563
| | | | metze
* r11481: Disable pre-linking on VMSJelmer Vernooij2005-11-021-0/+5
|
* r11480: demonstrate the only the positive name query response cares,Stefan Metzmacher2005-11-021-7/+135
| | | | | | not the addresses that are returned in it metze
* r11479: fix compiler warningStefan Metzmacher2005-11-021-2/+2
| | | | metze
* r11478: add owned,active,multi homed vs. * sectionStefan Metzmacher2005-11-021-341/+893
| | | | metze
* r11477: This seems really nasty, but as I understand it an attacker cannotAndrew Bartlett2005-11-021-2/+11
| | | | | | | | | change this checksum, as it is inside the encrypted packets. Where the client (such as Samba3) fakes up GSSAPI, allow it to continue. We can't rid the world of all Samba3 and similar clients... Andrew Bartlett
* r11476: finally fixed the intermittent registry server bug! This has beenAndrew Tridgell2005-11-021-1/+0
| | | | | | cropping up occasionally for ages. The problem was the generic reg code setting up a backend_data value, which it has no business doing (backend_data is for backends ...)
* r11475: removed a extraneous ldb_delete() call (i had it there for debugging)Andrew Tridgell2005-11-021-1/+0
|
* r11474: - enable ldb transactions from ejsAndrew Tridgell2005-11-022-4/+100
| | | | | - speed up provisioning a bit using a ldb transaction (also means you can't end up with a ldb being half done)
* r11473: Based on work by Jelmer, implement the [async] flag for rpc ↵Volker Lendecke2005-11-028-40/+190
| | | | | | | | | | | requests. If it's not there (it's not yet on *any* call... :-)), the rpc client strictly sequences calls to an rpc pipe. Might need some more work on the exact sequencing semantics when a pipe with both sync and async calls is actually deployed, but I want it in for winbind simplification. Volker
* r11472: use talloc_get_type() to try to catch an intermittent failure I'm ↵Andrew Tridgell2005-11-021-26/+30
| | | | seeing in the ldb winreg backend
* r11471: Describe how kerberos forwarding works with the ntvfs.Andrew Bartlett2005-11-021-1/+25
| | | | Andrew Bartlett
* r11470: To a server trusted for delegation (checked for in the gss libs),Andrew Bartlett2005-11-021-1/+1
| | | | | | delegate by default. Andrew Bartlett
* r11469: Fix typo, and use the correct (RFC4120) session key for delegatingAndrew Bartlett2005-11-022-11/+13
| | | | | | credentials. This means we now delegate to windows correctly. Andrew Bartlett
* r11468: Merge a bit more of init_sec_context from Heimdal CVS into ourAndrew Bartlett2005-11-022-5/+29
| | | | | | | | | | | | | | | | | DCE_STYLE modified version, and add parametric options to control delegation. It turns out the only remaining issue is sending delegated credentials to a windows server, probably due to the bug lha mentions in his blog (using the wrong key). If I turn delgation on in smbclient, but off in smbd, I can proxy a cifs session. I can't wait till Heimdal 0.8, so I'll see if I can figure out the fix myself :-) Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-10-01 09:38:49 +0000