samba.git
14 years agor6904: use "krb5:kdc=yes" in your smb.conf when you have the lorikeet-heimdal kdc...
Stefan Metzmacher [Thu, 19 May 2005 13:35:50 +0000 (13:35 +0000)]
r6904: use "krb5:kdc=yes" in your smb.conf when you have the lorikeet-heimdal kdc running

metze

14 years agor6902: Turn the LDAP server on by default. It is no worse than the others...
Andrew Bartlett [Thu, 19 May 2005 11:23:31 +0000 (11:23 +0000)]
r6902: Turn the LDAP server on by default.  It is no worse than the others...
(no ACL support)

Andrew Bartlett

14 years agor6884: the invocationID is only used as objectGUID on the NTDS Settings object on the
Stefan Metzmacher [Wed, 18 May 2005 14:29:23 +0000 (14:29 +0000)]
r6884: the invocationID is only used as objectGUID on the NTDS Settings object on the
first DC in the forest!

metze

14 years agor6883: Move to what simo assures me is the 'correct' way to find the NetBIOS
Andrew Bartlett [Wed, 18 May 2005 14:19:17 +0000 (14:19 +0000)]
r6883: Move to what simo assures me is the 'correct' way to find the NetBIOS
and long names for a domain.

Add servicePrincipalName mapping table (administrator configurable),
in the same spot as microsoft uses.

Andrew Bartlett

14 years agor6882: Put in configure tests and #ifdef to keep Samba building on older Heimdal.
Andrew Bartlett [Wed, 18 May 2005 14:17:53 +0000 (14:17 +0000)]
r6882: Put in configure tests and #ifdef to keep Samba building on older Heimdal.

Andrew Bartlett

14 years agor6879: Another attempt at including the 'right' kerberos headers on
Andrew Bartlett [Wed, 18 May 2005 11:50:09 +0000 (11:50 +0000)]
r6879: Another attempt at including the 'right' kerberos headers on
dual-install systems.

Andrew Bartlett

14 years agor6877: added CLDAP testing to test_ldap.sh
Andrew Tridgell [Wed, 18 May 2005 04:23:12 +0000 (04:23 +0000)]
r6877: added CLDAP testing to test_ldap.sh

14 years agor6876: - fixed a memory leak in the cldap server
Andrew Tridgell [Wed, 18 May 2005 04:18:19 +0000 (04:18 +0000)]
r6876: - fixed a memory leak in the cldap server

- keep the samdb open between requests

14 years agor6875: added a BENCH-CLDAP test. Speed of the cldap server isn't all that important...
Andrew Tridgell [Wed, 18 May 2005 04:17:24 +0000 (04:17 +0000)]
r6875: added a BENCH-CLDAP test. Speed of the cldap server isn't all that important, but it does
help find memory leaks (and in fact, there was one, fixed in next commit)

14 years agor6874: Fix static library build
Jelmer Vernooij [Wed, 18 May 2005 01:11:33 +0000 (01:11 +0000)]
r6874: Fix static library build

14 years agor6873: fixed exec bit
Andrew Tridgell [Wed, 18 May 2005 01:03:55 +0000 (01:03 +0000)]
r6873: fixed exec bit

14 years agor6869: removed completely bogus BASE-RW2 test
Andrew Tridgell [Tue, 17 May 2005 22:34:38 +0000 (22:34 +0000)]
r6869: removed completely bogus BASE-RW2 test

14 years agor6868: the @ATTRIBUTES object format has changed
Simo Sorce [Tue, 17 May 2005 21:46:16 +0000 (21:46 +0000)]
r6868: the @ATTRIBUTES object format has changed

14 years agor6867: this code will change the way the @ATTRIBUTES object is handled
Simo Sorce [Tue, 17 May 2005 21:43:47 +0000 (21:43 +0000)]
r6867: this code will change the way the @ATTRIBUTES object is handled
this object properties are now used as multivalue attributes
now all values inserted are checked against a "valid values table"

eg:

this form is now accepted:

dn: @ATTRIBUTES
uid: CASE_INSENSITIVE
uid: WILDCARD

this form is now rejected:

dn: @ATTRIBUTES
uid: CASE_INSENSITIVE WILDCARD

please update your .ldb files if you make use of @ATTRIBUTES
(sam.ldb heavily uses it)

the code passes all make test tests for both tdb and ldap, it also
passes the new test to check for wrong @ATTRIBUTES attribute values

Simo.

14 years agor6863: lib-friendlier names + fix some dependencies
Jelmer Vernooij [Tue, 17 May 2005 20:18:06 +0000 (20:18 +0000)]
r6863: lib-friendlier names + fix some dependencies

14 years agor6862: Add some more tests
Jelmer Vernooij [Tue, 17 May 2005 17:32:25 +0000 (17:32 +0000)]
r6862: Add some more tests
Accept new command-line options --keep, --outputdir and --idl-compiler.

We're currently at 34 IDL tests (...and counting)

14 years agor6860: Add some allocation and alignment tests, remove uint64 from list of scalars
Jelmer Vernooij [Tue, 17 May 2005 15:51:35 +0000 (15:51 +0000)]
r6860: Add some allocation and alignment tests, remove uint64 from list of scalars
(it doesn't have any push/pull functions anymore either)

14 years agor6859: Add ndr_align tests, use environment variables ($CC, $CFLAGS, $LDFLAGS)
Jelmer Vernooij [Tue, 17 May 2005 13:50:47 +0000 (13:50 +0000)]
r6859: Add ndr_align tests, use environment variables ($CC, $CFLAGS, $LDFLAGS)
where possible.

14 years agor6857: - Support [public] on functions
Jelmer Vernooij [Tue, 17 May 2005 13:19:40 +0000 (13:19 +0000)]
r6857: - Support [public] on functions
- Add some more pidl tests based on ref_notes.txt

We currently fail some tests because we don't default to "ref"
for top-level pointers at the moment. We also fail some of the multi-level
tests.

14 years agor6856: Add a couple of tests that test for the behaviour described in
Jelmer Vernooij [Tue, 17 May 2005 12:17:42 +0000 (12:17 +0000)]
r6856: Add a couple of tests that test for the behaviour described in
tridge's ref_notes.txt document.

14 years agor6854: Add --quiet option to pidl
Jelmer Vernooij [Tue, 17 May 2005 11:43:46 +0000 (11:43 +0000)]
r6854: Add --quiet option to pidl
Some work on a testsuite for pidl, including one simple test.

14 years agor6853: again fixed SOCKET_WRAPPER_DIR in 'make test'
Andrew Tridgell [Tue, 17 May 2005 07:38:01 +0000 (07:38 +0000)]
r6853: again fixed SOCKET_WRAPPER_DIR in 'make test'

14 years agor6852: implement an idea from kinkie to make the 'make test' target automatically...
Andrew Tridgell [Tue, 17 May 2005 07:37:17 +0000 (07:37 +0000)]
r6852: implement an idea from kinkie to make the 'make test' target automatically kill smbd
when finished, using a fifo

this makes 'make test' much safer for build farm usage

14 years agor6851: Typo in comment.
Tim Potter [Tue, 17 May 2005 07:15:12 +0000 (07:15 +0000)]
r6851: Typo in comment.

14 years agor6848: Remove some dead/unused code.
Tim Potter [Tue, 17 May 2005 06:59:29 +0000 (06:59 +0000)]
r6848: Remove some dead/unused code.

14 years agor6847: Fix some unused variable warnings in the libnet torture test.
Tim Potter [Tue, 17 May 2005 06:39:19 +0000 (06:39 +0000)]
r6847: Fix some unused variable warnings in the libnet torture test.

14 years agor6846: make smbd terminate immediately on EOF from stdin
Andrew Tridgell [Tue, 17 May 2005 06:20:54 +0000 (06:20 +0000)]
r6846: make smbd terminate immediately on EOF from stdin

this will be used to make sure 'make test' kills smbd when finished

14 years agor6845: make the talloc header align to 40 bytes, which costs us an extra 4
Andrew Tridgell [Tue, 17 May 2005 05:48:30 +0000 (05:48 +0000)]
r6845: make the talloc header align to 40 bytes, which costs us an extra 4
bytes per allocation, but makes it much more portable

14 years agor6842: Move to .mk file
Jelmer Vernooij [Tue, 17 May 2005 01:13:53 +0000 (01:13 +0000)]
r6842: Move to .mk file

14 years agor6839: Add support for building subsystems as shared libraries. This can be
Jelmer Vernooij [Tue, 17 May 2005 00:51:13 +0000 (00:51 +0000)]
r6839: Add support for building subsystems as shared libraries. This can be
done by setting:
OUTPUT_TYPE = SHARED_LIBRARY
in the [SUBSYSTEM::...] section belonging to a subsystem.

The idea is to allow multiple values to OUTPUT_TYPE simultaneously
(e.g. OUTPUT_TYPE = SHARED_LIBRARY, STATIC_LIBRARY, OBJLIST )

14 years agor6838: Remove unnecessary calls to gensec_gsskrb5
Jelmer Vernooij [Tue, 17 May 2005 00:02:55 +0000 (00:02 +0000)]
r6838: Remove unnecessary calls to gensec_gsskrb5
Make the build system give a proper warning about this in the future

14 years agor6836: Allow optionally passing in a destination filename for NDR parsers
Jelmer Vernooij [Mon, 16 May 2005 23:30:34 +0000 (23:30 +0000)]
r6836: Allow optionally passing in a destination filename for NDR parsers
and NDR headers

14 years agor6833: split out the routine that calculates the diff between two ldb messages from...
Andrew Tridgell [Mon, 16 May 2005 22:31:45 +0000 (22:31 +0000)]
r6833: split out the routine that calculates the diff between two ldb messages from ldbedit,
so other progs can use it.

14 years agor6831: talloc now requires config.h (this fixes ldb build)
Andrew Tridgell [Mon, 16 May 2005 21:42:11 +0000 (21:42 +0000)]
r6831: talloc now requires config.h (this fixes ldb build)

14 years agor6830: put header checks in config.m4 so when it is included by other projects the...
Andrew Tridgell [Mon, 16 May 2005 21:22:54 +0000 (21:22 +0000)]
r6830: put header checks in config.m4 so when it is included by other projects the right
configure checks are done

14 years agor6829: include the talloc autoconf tests when building ldb standalone
Andrew Tridgell [Mon, 16 May 2005 21:09:51 +0000 (21:09 +0000)]
r6829: include the talloc autoconf tests when building ldb standalone

14 years agor6828: More portability fixes
Jelmer Vernooij [Mon, 16 May 2005 21:08:44 +0000 (21:08 +0000)]
r6828: More portability fixes

14 years agor6825: Fall back to chsize if ftruncate is not available
Jelmer Vernooij [Mon, 16 May 2005 18:57:56 +0000 (18:57 +0000)]
r6825: Fall back to chsize if ftruncate is not available
patch from Steven Edwards

14 years agor6819: More notes on krb5 requirements
Andrew Bartlett [Mon, 16 May 2005 15:31:02 +0000 (15:31 +0000)]
r6819: More notes on krb5 requirements

Andrew Bartlett

14 years agor6817: - fixed empty ldap search elements in filters
Andrew Tridgell [Mon, 16 May 2005 11:17:57 +0000 (11:17 +0000)]
r6817: - fixed empty ldap search elements in filters

- added support for guids in cldap netlogon searches.

the cldap server now passes the LDAP-CLDAP torture test

14 years agor6816: - fixed debug display of ndr netlogon union
Andrew Tridgell [Mon, 16 May 2005 11:16:48 +0000 (11:16 +0000)]
r6816: - fixed debug display of ndr netlogon union

- send a username when scanning to make structure elements clearer

14 years agor6815: fill in values in cldap server as well
Andrew Tridgell [Mon, 16 May 2005 10:30:51 +0000 (10:30 +0000)]
r6815: fill in values in cldap server as well

14 years agor6814: fill in two more unknown values in cldap responses
Andrew Tridgell [Mon, 16 May 2005 10:21:32 +0000 (10:21 +0000)]
r6814: fill in two more unknown values in cldap responses

14 years agor6812: more talloc portability tweaks
Andrew Tridgell [Mon, 16 May 2005 06:33:37 +0000 (06:33 +0000)]
r6812: more talloc portability tweaks

14 years agor6811: Another attempt at better kerberos/gssapi headers.
Andrew Bartlett [Mon, 16 May 2005 03:30:18 +0000 (03:30 +0000)]
r6811: Another attempt at better kerberos/gssapi headers.

Andrew Bartlett

14 years agor6810: Rename auth/{ntlmssp,gensec,kerberos} mk and m4 files to be called
Tim Potter [Mon, 16 May 2005 03:17:54 +0000 (03:17 +0000)]
r6810: Rename auth/{ntlmssp,gensec,kerberos} mk and m4 files to be called
config.mk and config.m4 to be consistent with the rest of Samba.

14 years agor6809: ifeq is not portable in make - jelmer, you'll need to find some other way...
Andrew Tridgell [Mon, 16 May 2005 03:04:58 +0000 (03:04 +0000)]
r6809: ifeq is not portable in make - jelmer, you'll need to find some other way of doing
this if you want detection of socket wrapper :-)

14 years agor6808: - test for gcov not needed
Andrew Tridgell [Mon, 16 May 2005 02:45:36 +0000 (02:45 +0000)]
r6808: - test for gcov not needed

- samba malloc wrapper avoidance not needed now we don't use includes.h

- make testsuite work when BOOL, True, False already defined

14 years agor6807: Fix in-tree build of talloc testsuite
Jelmer Vernooij [Mon, 16 May 2005 02:38:50 +0000 (02:38 +0000)]
r6807: Fix in-tree build of talloc testsuite

14 years agor6806: Try again to fix the build on various kerberos libs.
Andrew Bartlett [Mon, 16 May 2005 02:22:25 +0000 (02:22 +0000)]
r6806: Try again to fix the build on various kerberos libs.

Andrew Bartlett

14 years agor6805: Remove two remaining references to gensec_gsskrb5
Jelmer Vernooij [Mon, 16 May 2005 02:18:57 +0000 (02:18 +0000)]
r6805: Remove two remaining references to gensec_gsskrb5

14 years agor6804: Add config.h for talloc (and use it)
Jelmer Vernooij [Mon, 16 May 2005 01:57:27 +0000 (01:57 +0000)]
r6804: Add config.h for talloc (and use it)

14 years agor6803: Try to bring in the correct GSSAPI headers for the krb5 mech. This
Andrew Bartlett [Mon, 16 May 2005 01:31:22 +0000 (01:31 +0000)]
r6803: Try to bring in the correct GSSAPI headers for the krb5 mech.  This
should allow us to ditch the local static storage for OIDs, as well as
fix the build on non-heimdal platforms.

Andrew Bartlett

14 years agor6802: - fixed CFLAGS
Andrew Tridgell [Mon, 16 May 2005 01:17:44 +0000 (01:17 +0000)]
r6802: - fixed CFLAGS

- don't fail if we don't have xsltproc

14 years agor6801: It appears that krb5_make_principal, while convenient, is not portable.
Andrew Bartlett [Mon, 16 May 2005 00:12:39 +0000 (00:12 +0000)]
r6801: It appears that krb5_make_principal, while convenient, is not portable.

Andrew Bartlett

14 years agor6800: A big GENSEC update:
Andrew Bartlett [Sun, 15 May 2005 23:42:11 +0000 (23:42 +0000)]
r6800: A big GENSEC update:

Finally remove the distinction between 'krb5' and 'ms_krb5'.  We now
don't do kerberos stuff twice on failure.  The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process.  All modules have been updated to supply a
NULL-terminated list of OIDs.

In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.

Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.

The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line.  It will soon loose the
requirement for a on-disk keytab too.

The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.

Andrew Bartlett

14 years agor6799: Remove a rudundent variable from the context structure - we can figure
Andrew Bartlett [Sun, 15 May 2005 23:40:22 +0000 (23:40 +0000)]
r6799: Remove a rudundent variable from the context structure - we can figure
this out by asking GENSEC, just like everybody else.

Andrew Bartlett

14 years agor6798: Valgrind pain is not something I look forward to - if we ever fall
Andrew Bartlett [Sun, 15 May 2005 23:20:58 +0000 (23:20 +0000)]
r6798: Valgrind pain is not something I look forward to - if we ever fall
back to the 'not /dev/urandom' method of random number generation, I
don't want to be chasing down 'use of uninitialised value' though all
the crypto code.

Andrew Bartlett

14 years agor6797: Typo fix.
Rafal Szczesniak [Sun, 15 May 2005 23:15:03 +0000 (23:15 +0000)]
r6797: Typo fix.

rafal

14 years agor6796: Remove the gensec_gsskrb5 module, which had had all of it's special
Andrew Bartlett [Sun, 15 May 2005 22:21:34 +0000 (22:21 +0000)]
r6796: Remove the gensec_gsskrb5 module, which had had all of it's special
features merged back into gensec_gssapi.

(Removed because I've made some API changes, and it isn't worth
'fixing' the rudundent code to cope with changes)

Andrew Bartlett

14 years agor6795: Make some functions static and remove some unused ones.
Jelmer Vernooij [Sun, 15 May 2005 20:16:26 +0000 (20:16 +0000)]
r6795: Make some functions static and remove some unused ones.

14 years agor6794: spellfix
Simo Sorce [Sun, 15 May 2005 08:10:48 +0000 (08:10 +0000)]
r6794: spellfix

14 years agor6793: Move auth_sam to use the dnsDomain rather than the
Andrew Bartlett [Sun, 15 May 2005 03:24:48 +0000 (03:24 +0000)]
r6793: Move auth_sam to use the dnsDomain rather than the
soon-to-be-depricated 'realm'.

Add torture test for this behaviour.

Andrew Bartlet

14 years agor6792: Allow a mech to fail on the first pass at the packet, and still fall
Andrew Bartlett [Sun, 15 May 2005 03:07:20 +0000 (03:07 +0000)]
r6792: Allow a mech to fail on the first pass at the packet, and still fall
back to the other options.

Andrew Bartlett

14 years agor6791: My early notes on the particular things I have discovered as I learn
Andrew Bartlett [Sun, 15 May 2005 02:51:39 +0000 (02:51 +0000)]
r6791: My early notes on the particular things I have discovered as I learn
kerberos, and how Microsoft constructs their kerberos implementation.

Andrew Bartlett

14 years agor6790: Use config.h file for ldb and add test for stdint.h
Jelmer Vernooij [Sat, 14 May 2005 22:16:02 +0000 (22:16 +0000)]
r6790: Use config.h file for ldb and add test for stdint.h

14 years agor6787: Use debhelper for the debian packages
Jelmer Vernooij [Sat, 14 May 2005 16:41:53 +0000 (16:41 +0000)]
r6787: Use debhelper for the debian packages

14 years agor6781: -add some comments on how attributes and objectClasses are identified in DRSUAPI
Stefan Metzmacher [Fri, 13 May 2005 12:22:21 +0000 (12:22 +0000)]
r6781: -add some comments on how attributes and objectClasses are identified in DRSUAPI
-and some comments on what the attribute syntaxes matches what internal datatypes

metze

14 years agor6776: make the cldap torture test not dependent on the realm being set
Andrew Tridgell [Fri, 13 May 2005 11:56:36 +0000 (11:56 +0000)]
r6776: make the cldap torture test not dependent on the realm being set
correctly - it gets the realm from an initial no-attribute search

14 years agor6768: Fix wrong comment
Simo Sorce [Fri, 13 May 2005 07:41:13 +0000 (07:41 +0000)]
r6768: Fix wrong comment

14 years agor6767: Fix compiler warning.
Tim Potter [Fri, 13 May 2005 06:41:42 +0000 (06:41 +0000)]
r6767: Fix compiler warning.

14 years agor6766: some more cldap tests ...
Andrew Tridgell [Fri, 13 May 2005 06:28:22 +0000 (06:28 +0000)]
r6766: some more cldap tests ...

my best guess now is that w2k3 converts the & in the cldap query to an |
for the ldap search. at least it behaves roughly like that.

14 years agor6765: expanded the cldap test suite to test the usage of the DomainGuid,
Andrew Tridgell [Fri, 13 May 2005 06:10:10 +0000 (06:10 +0000)]
r6765: expanded the cldap test suite to test the usage of the DomainGuid,
AAC, and User attributes in cldap netlogon queries

interestingly, while WinXP generated cldap filters with these set, the
w2k3 cldap server seems to completely ignore them, so I didn't need to
alter our cldap server at all to pass the test :-)

14 years agor6764: added support for DomainGuid, DomainSid, AAC, and User attributes in
Andrew Tridgell [Fri, 13 May 2005 06:08:49 +0000 (06:08 +0000)]
r6764: added support for DomainGuid, DomainSid, AAC, and User attributes in
cldap netlogon queries

14 years agor6763: added functions in libcli/ldap/ to binary encode some NDR structures into
Andrew Tridgell [Fri, 13 May 2005 06:07:53 +0000 (06:07 +0000)]
r6763: added functions in libcli/ldap/ to binary encode some NDR structures into
ldap friendly filter strings

14 years agor6762: with the zone right we don't need a fully qualified site name at all
Andrew Tridgell [Fri, 13 May 2005 06:06:19 +0000 (06:06 +0000)]
r6762: with the zone right we don't need a fully qualified site name at all

14 years agor6761: - not everyone is in my domain :-)
Andrew Tridgell [Fri, 13 May 2005 05:29:41 +0000 (05:29 +0000)]
r6761: - not everyone is in my domain :-)

- started adding support for the other cldap attributes that XP uses

14 years agor6760: Update debian packages
Jelmer Vernooij [Thu, 12 May 2005 19:31:50 +0000 (19:31 +0000)]
r6760: Update debian packages

14 years agor6759: let us have a wildcard attribute so that we can set a default for all attributes
Simo Sorce [Thu, 12 May 2005 14:39:03 +0000 (14:39 +0000)]
r6759: let us have a wildcard attribute so that we can set a default for all attributes

example:

*: CASE_INSENSITIVE

by placing it in the @ATTRIBUTES object you make all the matching be case insensitive
to make an excepion to the general rule now you just need to create an entry like:

name: CASE_SENSITIVE

the key CASE_SENSITIVE currently does not exist but has the effect of making the code
ignore the wildcard default flag and being ldb case sensitive by default it let the
"name" attribute be case sensitive again

Tridge, can you look at this commit?
Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ?

Simo.

14 years agor6752: Patch by Steven Edwards to improve portability to mingw32
Jelmer Vernooij [Thu, 12 May 2005 10:46:57 +0000 (10:46 +0000)]
r6752: Patch by Steven Edwards to improve portability to mingw32

14 years agor6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query...
Andrew Tridgell [Thu, 12 May 2005 09:13:53 +0000 (09:13 +0000)]
r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query with this
in uppercase)

14 years agor6750: some minor tweaks to the cldapd server
Andrew Tridgell [Thu, 12 May 2005 09:03:14 +0000 (09:03 +0000)]
r6750: some minor tweaks to the cldapd server

I can now join winxp -> samba4 DC using long name, and login. The nice
thing is there are no delays now, as the client likes the replies it gets

14 years agor6747: first working version of cldapd server. It is missing 'sites' support, and
Andrew Tridgell [Thu, 12 May 2005 08:28:07 +0000 (08:28 +0000)]
r6747: first working version of cldapd server. It is missing 'sites' support, and
filling in some of the returned parameters is quite rough, but it seems to work OK

14 years agor6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOB
Andrew Tridgell [Thu, 12 May 2005 08:27:04 +0000 (08:27 +0000)]
r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOB

14 years agor6745: - escape spaces in binary ldap blobs
Andrew Tridgell [Thu, 12 May 2005 08:26:26 +0000 (08:26 +0000)]
r6745: - escape spaces in binary ldap blobs

- expose the ldap filter string parsing outside of ldap.c

14 years agor6744: added support for reply packets in libcli/cldap/
Andrew Tridgell [Thu, 12 May 2005 08:25:35 +0000 (08:25 +0000)]
r6744: added support for reply packets in libcli/cldap/

14 years agor6741: prevent talloc_strndup() from reading one byte past the end of a buffer,
Andrew Tridgell [Thu, 12 May 2005 02:54:42 +0000 (02:54 +0000)]
r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,
giving valgrind errors

14 years agor6740: make gensec_gssapi.c compile again
Andrew Tridgell [Thu, 12 May 2005 02:07:53 +0000 (02:07 +0000)]
r6740: make gensec_gssapi.c compile again

14 years agor6738: My version of the patch by metze that I just reverted (-r 6734).
Andrew Bartlett [Wed, 11 May 2005 19:22:22 +0000 (19:22 +0000)]
r6738: My version of the patch by metze that I just reverted (-r 6734).

This also includes other changes to reduce memory use by GENSEC when
not being used for sign/seal operations.  This should lower tridge's K
'per connection' benchmark further.

Andrew Bartlett

14 years agor6737: Explain these error returns a bit better.
Andrew Bartlett [Wed, 11 May 2005 19:19:25 +0000 (19:19 +0000)]
r6737: Explain these error returns a bit better.

Andrew Bartlett

14 years agor6736: Revert metze's -r 6734, as metze and I made the same changes at the
Andrew Bartlett [Wed, 11 May 2005 18:58:13 +0000 (18:58 +0000)]
r6736: Revert metze's -r 6734, as metze and I made the same changes at the
same time, but with different names.  This just helps me avoid
conflicts when I merge up my other changes.

Andrew Bartlett

14 years agor6734: most compiler don't like struct elements without a name...
Stefan Metzmacher [Wed, 11 May 2005 15:07:21 +0000 (15:07 +0000)]
r6734: most compiler don't like struct elements without a name...

metze

14 years agor6733: GSS_C_DCE_STYLE is not available for most builds
Stefan Metzmacher [Wed, 11 May 2005 15:05:21 +0000 (15:05 +0000)]
r6733: GSS_C_DCE_STYLE is not available for most builds

metze

14 years agor6732: - move sasl send recv code to the ldap lib
Stefan Metzmacher [Wed, 11 May 2005 14:38:13 +0000 (14:38 +0000)]
r6732: - move sasl send recv code to the ldap lib
- support 'modrdn' ldif

metze

14 years agor6731: add a useful function for getting a guid with all bits to 0
Stefan Metzmacher [Wed, 11 May 2005 13:17:38 +0000 (13:17 +0000)]
r6731: add a useful function for getting a guid with all bits to 0

metze

14 years agor6730: register gensec_krb5 also with the drcrpc auth type
Stefan Metzmacher [Wed, 11 May 2005 13:09:30 +0000 (13:09 +0000)]
r6730: register gensec_krb5 also with the drcrpc auth type

metze

14 years agor6729: Fix silly copy-paste bug spotted by metze.
Andrew Bartlett [Wed, 11 May 2005 12:14:30 +0000 (12:14 +0000)]
r6729: Fix silly copy-paste bug spotted by metze.

Andrew Bartlett

14 years agor6728: Microsoft relies very strongly on getting the OIDs it expects, so we
Andrew Bartlett [Wed, 11 May 2005 12:11:35 +0000 (12:11 +0000)]
r6728: Microsoft relies very strongly on getting the OIDs it expects, so we
must register the 'MS' OID for the domain join to progress.

Andrew Bartlett

14 years agor6727: One more step down the long march to the 'Kerberos domain join'.
Andrew Bartlett [Wed, 11 May 2005 12:03:48 +0000 (12:03 +0000)]
r6727: One more step down the long march to the 'Kerberos domain join'.

This patch allows a suitably patched Heimdal GSSAPI library (detected
in configure) to supply to us the session keys, and further compleats
the gensec_gssapi module.  This is tested for CIFS, but fails for LDAP
at this point (that is what I'll work on next).

We currently fill out the 'session info' from the SAM, like
gensec_krb5 does, but both will need to use the PAC extraction
functions in the near future.

Andrew Bartlett

14 years agor6726: support binary search elements in ldap_decode()
Andrew Tridgell [Wed, 11 May 2005 05:59:46 +0000 (05:59 +0000)]
r6726: support binary search elements in ldap_decode()