Rafal Szczesniak [Sun, 15 May 2005 23:15:03 +0000 (23:15 +0000)]
r6797: Typo fix.
rafal
Andrew Bartlett [Sun, 15 May 2005 22:21:34 +0000 (22:21 +0000)]
r6796: Remove the gensec_gsskrb5 module, which had had all of it's special
features merged back into gensec_gssapi.
(Removed because I've made some API changes, and it isn't worth
'fixing' the rudundent code to cope with changes)
Andrew Bartlett
Jelmer Vernooij [Sun, 15 May 2005 20:16:26 +0000 (20:16 +0000)]
r6795: Make some functions static and remove some unused ones.
Simo Sorce [Sun, 15 May 2005 08:10:48 +0000 (08:10 +0000)]
r6794: spellfix
Andrew Bartlett [Sun, 15 May 2005 03:24:48 +0000 (03:24 +0000)]
r6793: Move auth_sam to use the dnsDomain rather than the
soon-to-be-depricated 'realm'.
Add torture test for this behaviour.
Andrew Bartlet
Andrew Bartlett [Sun, 15 May 2005 03:07:20 +0000 (03:07 +0000)]
r6792: Allow a mech to fail on the first pass at the packet, and still fall
back to the other options.
Andrew Bartlett
Andrew Bartlett [Sun, 15 May 2005 02:51:39 +0000 (02:51 +0000)]
r6791: My early notes on the particular things I have discovered as I learn
kerberos, and how Microsoft constructs their kerberos implementation.
Andrew Bartlett
Jelmer Vernooij [Sat, 14 May 2005 22:16:02 +0000 (22:16 +0000)]
r6790: Use config.h file for ldb and add test for stdint.h
Jelmer Vernooij [Sat, 14 May 2005 16:41:53 +0000 (16:41 +0000)]
r6787: Use debhelper for the debian packages
Stefan Metzmacher [Fri, 13 May 2005 12:22:21 +0000 (12:22 +0000)]
r6781: -add some comments on how attributes and objectClasses are identified in DRSUAPI
-and some comments on what the attribute syntaxes matches what internal datatypes
metze
Andrew Tridgell [Fri, 13 May 2005 11:56:36 +0000 (11:56 +0000)]
r6776: make the cldap torture test not dependent on the realm being set
correctly - it gets the realm from an initial no-attribute search
Simo Sorce [Fri, 13 May 2005 07:41:13 +0000 (07:41 +0000)]
r6768: Fix wrong comment
Tim Potter [Fri, 13 May 2005 06:41:42 +0000 (06:41 +0000)]
r6767: Fix compiler warning.
Andrew Tridgell [Fri, 13 May 2005 06:28:22 +0000 (06:28 +0000)]
r6766: some more cldap tests ...
my best guess now is that w2k3 converts the & in the cldap query to an |
for the ldap search. at least it behaves roughly like that.
Andrew Tridgell [Fri, 13 May 2005 06:10:10 +0000 (06:10 +0000)]
r6765: expanded the cldap test suite to test the usage of the DomainGuid,
AAC, and User attributes in cldap netlogon queries
interestingly, while WinXP generated cldap filters with these set, the
w2k3 cldap server seems to completely ignore them, so I didn't need to
alter our cldap server at all to pass the test :-)
Andrew Tridgell [Fri, 13 May 2005 06:08:49 +0000 (06:08 +0000)]
r6764: added support for DomainGuid, DomainSid, AAC, and User attributes in
cldap netlogon queries
Andrew Tridgell [Fri, 13 May 2005 06:07:53 +0000 (06:07 +0000)]
r6763: added functions in libcli/ldap/ to binary encode some NDR structures into
ldap friendly filter strings
Andrew Tridgell [Fri, 13 May 2005 06:06:19 +0000 (06:06 +0000)]
r6762: with the zone right we don't need a fully qualified site name at all
Andrew Tridgell [Fri, 13 May 2005 05:29:41 +0000 (05:29 +0000)]
r6761: - not everyone is in my domain :-)
- started adding support for the other cldap attributes that XP uses
Jelmer Vernooij [Thu, 12 May 2005 19:31:50 +0000 (19:31 +0000)]
r6760: Update debian packages
Simo Sorce [Thu, 12 May 2005 14:39:03 +0000 (14:39 +0000)]
r6759: let us have a wildcard attribute so that we can set a default for all attributes
example:
*: CASE_INSENSITIVE
by placing it in the @ATTRIBUTES object you make all the matching be case insensitive
to make an excepion to the general rule now you just need to create an entry like:
name: CASE_SENSITIVE
the key CASE_SENSITIVE currently does not exist but has the effect of making the code
ignore the wildcard default flag and being ldb case sensitive by default it let the
"name" attribute be case sensitive again
Tridge, can you look at this commit?
Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ?
Simo.
Jelmer Vernooij [Thu, 12 May 2005 10:46:57 +0000 (10:46 +0000)]
r6752: Patch by Steven Edwards to improve portability to mingw32
Andrew Tridgell [Thu, 12 May 2005 09:13:53 +0000 (09:13 +0000)]
r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query with this
in uppercase)
Andrew Tridgell [Thu, 12 May 2005 09:03:14 +0000 (09:03 +0000)]
r6750: some minor tweaks to the cldapd server
I can now join winxp -> samba4 DC using long name, and login. The nice
thing is there are no delays now, as the client likes the replies it gets
Andrew Tridgell [Thu, 12 May 2005 08:28:07 +0000 (08:28 +0000)]
r6747: first working version of cldapd server. It is missing 'sites' support, and
filling in some of the returned parameters is quite rough, but it seems to work OK
Andrew Tridgell [Thu, 12 May 2005 08:27:04 +0000 (08:27 +0000)]
r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOB
Andrew Tridgell [Thu, 12 May 2005 08:26:26 +0000 (08:26 +0000)]
r6745: - escape spaces in binary ldap blobs
- expose the ldap filter string parsing outside of ldap.c
Andrew Tridgell [Thu, 12 May 2005 08:25:35 +0000 (08:25 +0000)]
r6744: added support for reply packets in libcli/cldap/
Andrew Tridgell [Thu, 12 May 2005 02:54:42 +0000 (02:54 +0000)]
r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,
giving valgrind errors
Andrew Tridgell [Thu, 12 May 2005 02:07:53 +0000 (02:07 +0000)]
r6740: make gensec_gssapi.c compile again
Andrew Bartlett [Wed, 11 May 2005 19:22:22 +0000 (19:22 +0000)]
r6738: My version of the patch by metze that I just reverted (-r 6734).
This also includes other changes to reduce memory use by GENSEC when
not being used for sign/seal operations. This should lower tridge's K
'per connection' benchmark further.
Andrew Bartlett
Andrew Bartlett [Wed, 11 May 2005 19:19:25 +0000 (19:19 +0000)]
r6737: Explain these error returns a bit better.
Andrew Bartlett
Andrew Bartlett [Wed, 11 May 2005 18:58:13 +0000 (18:58 +0000)]
r6736: Revert metze's -r 6734, as metze and I made the same changes at the
same time, but with different names. This just helps me avoid
conflicts when I merge up my other changes.
Andrew Bartlett
Stefan Metzmacher [Wed, 11 May 2005 15:07:21 +0000 (15:07 +0000)]
r6734: most compiler don't like struct elements without a name...
metze
Stefan Metzmacher [Wed, 11 May 2005 15:05:21 +0000 (15:05 +0000)]
r6733: GSS_C_DCE_STYLE is not available for most builds
metze
Stefan Metzmacher [Wed, 11 May 2005 14:38:13 +0000 (14:38 +0000)]
r6732: - move sasl send recv code to the ldap lib
- support 'modrdn' ldif
metze
Stefan Metzmacher [Wed, 11 May 2005 13:17:38 +0000 (13:17 +0000)]
r6731: add a useful function for getting a guid with all bits to 0
metze
Stefan Metzmacher [Wed, 11 May 2005 13:09:30 +0000 (13:09 +0000)]
r6730: register gensec_krb5 also with the drcrpc auth type
metze
Andrew Bartlett [Wed, 11 May 2005 12:14:30 +0000 (12:14 +0000)]
r6729: Fix silly copy-paste bug spotted by metze.
Andrew Bartlett
Andrew Bartlett [Wed, 11 May 2005 12:11:35 +0000 (12:11 +0000)]
r6728: Microsoft relies very strongly on getting the OIDs it expects, so we
must register the 'MS' OID for the domain join to progress.
Andrew Bartlett
Andrew Bartlett [Wed, 11 May 2005 12:03:48 +0000 (12:03 +0000)]
r6727: One more step down the long march to the 'Kerberos domain join'.
This patch allows a suitably patched Heimdal GSSAPI library (detected
in configure) to supply to us the session keys, and further compleats
the gensec_gssapi module. This is tested for CIFS, but fails for LDAP
at this point (that is what I'll work on next).
We currently fill out the 'session info' from the SAM, like
gensec_krb5 does, but both will need to use the PAC extraction
functions in the near future.
Andrew Bartlett
Andrew Tridgell [Wed, 11 May 2005 05:59:46 +0000 (05:59 +0000)]
r6726: support binary search elements in ldap_decode()
Andrew Tridgell [Wed, 11 May 2005 04:49:18 +0000 (04:49 +0000)]
r6725: the beginnings of a cldap server
Andrew Tridgell [Wed, 11 May 2005 04:48:30 +0000 (04:48 +0000)]
r6724: added "cldap port" smb.conf parameter
Andrew Tridgell [Tue, 10 May 2005 23:33:56 +0000 (23:33 +0000)]
r6720: added support for the remaining 2 types of CLDAP netlogon
response.
To work around the fact that the type of the returned data is not
encoded in the packet, this required adding ndr_pull_union_blob()
which allows us to pull a blob into a union with a specified switch
value, in this case the switch value comes from the calling NtVer field.
Andrew Tridgell [Tue, 10 May 2005 22:44:29 +0000 (22:44 +0000)]
r6719: pidl need to be told that the external type netr_SchannelType is an enum, otherwise
it will assume its a struct
Rafal Szczesniak [Tue, 10 May 2005 18:18:12 +0000 (18:18 +0000)]
r6718: Formatting fixes.
rafal
Rafal Szczesniak [Tue, 10 May 2005 18:17:40 +0000 (18:17 +0000)]
r6717: - torture test of async useradd function and monitor messages.
- make message handling functions static.
rafal
Andrew Bartlett [Tue, 10 May 2005 16:30:51 +0000 (16:30 +0000)]
r6714: We can only ask GENSEC questions if we are authenticated.
Andrew Bartlett
Andrew Bartlett [Tue, 10 May 2005 14:24:23 +0000 (14:24 +0000)]
r6711: Clarify that we are dealing with a salting principal in the kerberos
code, which is certainly not in the form of machine$.
Rework the default salt to match what I just added to the heimdal
server (Samba4 is back on speaking terms with lorikeet heimdal now),
from Luke Howard's post to samba-technical in Nov 2004.
Now to test compatability with MS...
Andrew Bartlett
Rafal Szczesniak [Tue, 10 May 2005 13:05:40 +0000 (13:05 +0000)]
r6709: Add monitor messages to useradd composite useradd function.
rafal
Rafal Szczesniak [Tue, 10 May 2005 12:45:48 +0000 (12:45 +0000)]
r6708: Another type of monitor message.
rafal
Stefan Metzmacher [Tue, 10 May 2005 11:04:04 +0000 (11:04 +0000)]
r6705: let the gensec module decide if messages can be signed and sealed in a different
order than a strict request - reply sequence
Note: we should also fix the client code...
metze
Stefan Metzmacher [Tue, 10 May 2005 10:59:06 +0000 (10:59 +0000)]
r6704: fix compiler warning
metze
Stefan Metzmacher [Tue, 10 May 2005 10:51:02 +0000 (10:51 +0000)]
r6703: fix the build
metze
Andrew Bartlett [Tue, 10 May 2005 10:07:18 +0000 (10:07 +0000)]
r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.
Andrew Bartlett
Andrew Bartlett [Tue, 10 May 2005 09:59:47 +0000 (09:59 +0000)]
r6701: Updates to our server-side ticket verification code, we now use the
client credentials code to read the secrets.ldb.
Also clean up error handling, and ensure to always set the
last_error_message stuff.
Andrew Bartlett
Andrew Bartlett [Tue, 10 May 2005 09:51:55 +0000 (09:51 +0000)]
r6700: Upper case realms in kerberos-specific parts of the code, as this is
no longer done globally.
This keeps MIT client libraries happy, because otherwise the windows
KDC will return a different case to what was requested.
Andrew Bartlett
Andrew Bartlett [Tue, 10 May 2005 09:50:29 +0000 (09:50 +0000)]
r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.
Andrew Bartlett
Andrew Bartlett [Tue, 10 May 2005 09:49:45 +0000 (09:49 +0000)]
r6698: Our domain join code requires that the secureChannelType be set. Type
6 is BDC, which is correct for a self-join.
Andrew Bartlett
Stefan Metzmacher [Tue, 10 May 2005 08:50:58 +0000 (08:50 +0000)]
r6697: fix from Sven (wAmpIre) Velt
metze
Andrew Tridgell [Tue, 10 May 2005 02:03:47 +0000 (02:03 +0000)]
r6694: a simple CLDAP torture test
interestingly, w2k3 seems to have 4 different varients of the netlogon
cldap response. We decode two of them so far. The other two are tricky
as they aren't distinguished by a command code, they use the same
command codes (0x13 and 0x17) but have quite a different format. Very
strange!
Andrew Tridgell [Tue, 10 May 2005 02:01:25 +0000 (02:01 +0000)]
r6693: first version of cldap client library, with async interface
Andrew Tridgell [Tue, 10 May 2005 01:59:33 +0000 (01:59 +0000)]
r6692: used idr_get_new_random() in the nbt client library
Andrew Tridgell [Tue, 10 May 2005 01:59:00 +0000 (01:59 +0000)]
r6691: fixed a comment
Andrew Tridgell [Tue, 10 May 2005 01:58:34 +0000 (01:58 +0000)]
r6690: added ndr_pull_struct_blob_all(), which is like ndr_pull_struct_blob() but checks
that all bytes are consumed
Andrew Tridgell [Tue, 10 May 2005 01:57:47 +0000 (01:57 +0000)]
r6689: minor ldap client library work
- added support for binary encoded search filters
- fixed some const handling
- changed the message type to an enum, to help debugging
Andrew Tridgell [Tue, 10 May 2005 01:56:00 +0000 (01:56 +0000)]
r6688: removed unused binary_string() function
Andrew Tridgell [Tue, 10 May 2005 01:55:18 +0000 (01:55 +0000)]
r6687: added a idr helper function for creating random IDs
Tim Potter [Mon, 9 May 2005 02:31:56 +0000 (02:31 +0000)]
r6677: Unused variables.
Tim Potter [Mon, 9 May 2005 02:29:54 +0000 (02:29 +0000)]
r6676: Fix unused variable.
Tim Potter [Mon, 9 May 2005 02:29:22 +0000 (02:29 +0000)]
r6675: Fix printf warning.
Tim Potter [Mon, 9 May 2005 02:28:27 +0000 (02:28 +0000)]
r6674: Fix some compiler warnings.
Jelmer Vernooij [Sun, 8 May 2005 13:22:55 +0000 (13:22 +0000)]
r6664: Obey overrided CC in the Makefile
(should fix build on several buildfarm hosts)
Andrew Tridgell [Sat, 7 May 2005 23:19:44 +0000 (23:19 +0000)]
r6663: only use -Wall for gcc
Andrew Tridgell [Sat, 7 May 2005 23:14:17 +0000 (23:14 +0000)]
r6662: add an installcheck target for talloc
Andrew Tridgell [Sat, 7 May 2005 22:54:51 +0000 (22:54 +0000)]
r6661: fix up talloc autoconf to have a chance of working on the build farm
Volker Lendecke [Sat, 7 May 2005 22:10:26 +0000 (22:10 +0000)]
r6660: Sorry for the spam... I think now I've got a version that should compile on
trunk, 3_0 and 4_0.
Volker
Simo Sorce [Sat, 7 May 2005 16:27:56 +0000 (16:27 +0000)]
r6650: keep style consistent
Simo Sorce [Sat, 7 May 2005 15:22:45 +0000 (15:22 +0000)]
r6645: Add talloc_get_size() function.
Sometimes it is usefull to know this data.
Simo.
Rafal Szczesniak [Fri, 6 May 2005 19:36:49 +0000 (19:36 +0000)]
r6637: Test for asynchronous function and monitor messages.
rafal
Rafal Szczesniak [Fri, 6 May 2005 07:14:33 +0000 (07:14 +0000)]
r6624: I have put monitor function pointer into userinfo call, but I haven't put
any possibility to pass such pointer from calling function... :)
rafal
Jelmer Vernooij [Thu, 5 May 2005 22:31:49 +0000 (22:31 +0000)]
r6622: Add talloc manpage in DocBook XML, based on SGML version by Garry Williams
Jelmer Vernooij [Thu, 5 May 2005 11:33:10 +0000 (11:33 +0000)]
r6621: Warn when the user is trying to use socket wrapper
while it is not compiled in.
Andrew Tridgell [Thu, 5 May 2005 11:15:24 +0000 (11:15 +0000)]
r6620: the type 23 schannel bind uses a workstation name, not an account name
Andrew Tridgell [Thu, 5 May 2005 11:14:43 +0000 (11:14 +0000)]
r6619: realm should not be forced uppercase
Andrew Tridgell [Thu, 5 May 2005 11:14:12 +0000 (11:14 +0000)]
r6618: only print the netlogon packets we receive if it is an unknown packet type
Jelmer Vernooij [Thu, 5 May 2005 11:13:16 +0000 (11:13 +0000)]
r6617: Let --enable-developer imply --enable-socket-wrapper
Add socket-wrapper-enabled test target and use that by
default when the socket wrapper was included
Rafal Szczesniak [Wed, 4 May 2005 19:16:22 +0000 (19:16 +0000)]
r6616: First (and totally untested) approach to monitoring userinfo
composite call.
rafal
Rafal Szczesniak [Wed, 4 May 2005 19:15:24 +0000 (19:15 +0000)]
r6615: As usual, I forgot to commit new structure in this file...
rafal
Rafal Szczesniak [Wed, 4 May 2005 19:12:04 +0000 (19:12 +0000)]
r6614: Basic approach to monitoring messages for composite functions.
rafal
Stefan Metzmacher [Wed, 4 May 2005 11:02:18 +0000 (11:02 +0000)]
r6612: fix the build
metze
Jelmer Vernooij [Wed, 4 May 2005 10:44:50 +0000 (10:44 +0000)]
r6611: Add mailslot test program
Tim Potter [Wed, 4 May 2005 06:24:53 +0000 (06:24 +0000)]
r6610: Fix a const warning in the gensec spnego implementation. (A make proto
is required after updating to this version).
Stefan Metzmacher [Tue, 3 May 2005 16:24:22 +0000 (16:24 +0000)]
r6609: remove double entry for [BINARY::getntacl]
metze
Stefan Metzmacher [Tue, 3 May 2005 15:54:47 +0000 (15:54 +0000)]
r6607: fix the build
metze
Stefan Metzmacher [Tue, 3 May 2005 15:38:19 +0000 (15:38 +0000)]
r6606: add a DCESRV_FAULT_VOID() marco to use in void functions
metze
Andrew Tridgell [Tue, 3 May 2005 15:15:34 +0000 (15:15 +0000)]
r6604: solved a memory hierarchy ordering problem that led to crashes on
ncacn_ip_tcp and ncalrpc for the standard process model.
Thanks to Jelmer for noticing this bug!
Andrew Bartlett [Tue, 3 May 2005 14:38:14 +0000 (14:38 +0000)]
r6603: More work on the samdump puzzle. This implements a function pointer
callback interface, so we can start dumping into more than just stdout
soon.
Also use the enums instead of uint32 where possible and valid.
Andrew Bartlett
Jelmer Vernooij [Tue, 3 May 2005 13:46:49 +0000 (13:46 +0000)]
r6600: Rework of the GTK credentials system; the credentials information is
now in a seperate (optional) dialog rather then in the binding dialog; also
supports specifying anonymous connections (which we didn't before).
git.samba.org / samba.git / log