sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-06-17 15:17:09 +03:00
Code
28,747 Commits 62 Branches 1,160 Tags
Commit Graph

100 Commits

Author SHA1 Message Date
Jeremy Allison
201bcc8ed2 Memory leak fixes from Chere Zhou <czhou@isilon.com>. 
Jeremy.
 2008-05-27 12:27:57 -07:00
root
30956c784f Fix some comments to match get_kdc_ip_string()'s behaviour 2008-05-19 12:08:52 +02:00
Marc VanHeyningen
3fc85d2259 Coverity fixes 2008-03-17 20:52:25 +01:00
Volker Lendecke
c2401811aa Fix Coverity ID 551 
Correctly return if we can't create the temporary krb5.conf

Jeremy, please check!
 2008-03-08 23:48:12 +01:00
Volker Lendecke
ad37b7b0ae Fix some warnings 
warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result
 2008-02-25 16:09:26 +01:00
Gerald W. Carter
8039a2518c Restrict the enctypes in the generated krb5.conf files to Win2003 types. 
This fixes the failure observed on FC8 when joining a Windows 2008 RC1
domain.  We currently do not handle user session keys correctly
when the KDC uses AES in the ticket replies.
 2008-01-28 11:32:09 -06:00
Jeremy Allison
79b7972de4 Tidy up code and debug for non-default krb5 IPv6 port. 
Jeremy.
 2008-01-16 13:28:24 -08:00
Jeremy Allison
f2aa921505 Fix IPv6 bug #5204, which caused krb5 DNS lookups 
for a name '[<ipv6 addr>'.
Jeremy.
 2008-01-16 13:21:46 -08:00
Günther Deschner
44d67e8462 Print principal in debug statement in kerberos_kinit_password() as well. 
Guenther
 2008-01-14 18:39:08 +01:00
Simo Sorce
814c1b0e00 While 'data' is usually 0 terminated, nothing in the spec requires that. The correct way is to copy only 'length' bytes. 
Simo.
 2007-12-17 15:26:08 -05:00
Jeremy Allison
44918f39c0 Doh, fix typo in error exit. 
Jeremy.
 2007-12-15 23:32:28 -08:00
Jeremy Allison
d0e33840fb Added patch originally by Andreas Schneider <anschneider@suse.de> 
to cause us to behave like Vista when looking for remote
machine principal. Modified by me.
Jeremy.
 2007-12-15 23:22:25 -08:00
Jeremy Allison
809f5ab4c5 More pstring removal.... 
Jeremy.
 2007-11-20 18:55:36 -08:00
Jeremy Allison
98e154c312 This is a large patch (sorry). Migrate from struct in_addr 
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
 2007-10-24 14:16:54 -07:00
Jeremy Allison
f35a266b3c RIP BOOL. Convert BOOL -> bool. I found a few interesting 
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
 2007-10-18 17:40:25 -07:00
Lars Müller
287604a1c7 r25030: ip_srv_nonsite and count_nonsite are initialized in get_kdc_list() in any 
case.
 2007-10-10 12:30:36 -05:00
Michael Adam
58d31e057b r24836: Initialize some uninitialized variables. 
This prevents a segfault when get_kdc_ip_string() is called
with sitename == NULL.

Michael
 2007-10-10 12:30:26 -05:00
Andrew Tridgell
b0132e94fc r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text 2007-10-10 12:28:22 -05:00
Jeremy Allison
407e6e695b r23779: Change from v2 or later to v3 or later. 
Jeremy.
 2007-10-10 12:28:20 -05:00
Jeremy Allison
232fc5d69d r23147: Patch #4566 from jacob berkman <jberkman@novell.com>. Pass password data to krb5_prompter. 
Jeremy.
 2007-10-10 12:22:48 -05:00
Günther Deschner
0f436eab5b r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and make 
winbindd's kerberized pam_auth use that.

Guenther
 2007-10-10 12:19:54 -05:00
Günther Deschner
dcd902f24a r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS 
codes directly out of the krb5_error edata.

Guenther
 2007-10-10 12:19:53 -05:00
Günther Deschner
997ded4e3f r22663: Restructure kerberos_kinit_password_ext() error path. 
Guenther
 2007-10-10 12:19:53 -05:00
James Peach
4f6c2826aa r21779: I missd a call to krb5_get_init_creds_opt_alloc in r21778. 2007-10-10 12:18:32 -05:00
James Peach
c29c69d2df r21778: Wrap calls to krb5_get_init_creds_opt_free to handle the different 
calling convention in the latest MIT changes.  Apparantly Heimdal
is also changing to this calling convention.
 2007-10-10 12:18:32 -05:00
Günther Deschner
7e1a84b722 r21240: Fix longstanding Bug #4009. 
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".

Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).

Guenther
 2007-10-10 12:17:50 -05:00
Günther Deschner
4df582fa10 r21238: Fix tab indent in self-written krb5.confs. 
Guenther
 2007-10-10 12:17:50 -05:00
Günther Deschner
ea38e1f836 r21110: Fix kinit with Heimdal (Bug #4226). 
Guenther
 2007-10-10 12:17:38 -05:00
Günther Deschner
a9baf27e13 r20860: Adding some small tweaks. When we have no sitename, there is no need to 
ask for the list of DCs twice.

Guenther
 2007-10-10 12:17:14 -05:00
Jeremy Allison
97e248f89a r20857: Silence gives assent :-). Checking in the fix for 
site support in a network where many DC's are down.
I heard via Volker there is still a bug w.r.t the
wrong site being chosen with trusted domains but
we'll have to layer that fix on top of this.
Gd - complain if this doesn't work for you.
Jeremy.
 2007-10-10 12:17:14 -05:00
Günther Deschner
398f368c8a r18512: Add krb5conf file environment to debug statement. 
Guenther
 2007-10-10 11:51:45 -05:00
Jeremy Allison
dfd93a3031 r18241: If replacing the krb5.conf, ensure it's readable. 
Jeremy.
 2007-10-10 11:51:18 -05:00
Jeremy Allison
0a89b37b1a r18226: Ensure we only do this evil thing if it's our realm. 
Jeremy.
 2007-10-10 11:51:16 -05:00
Jeremy Allison
c82aac594f r18225: If we're going to overwrite krb5.conf, at least 
be polite enough to make a backup.
Jeremy.
 2007-10-10 11:51:16 -05:00
Jeremy Allison
38b8a2b527 r18201: Make explicit what's going on here. 
Jeremy.
 2007-10-10 11:51:16 -05:00
Jeremy Allison
88e11ee91a r18200: Experimental code to allow system /etc/krb5.conf to be 
overwritten by winbindd. Don't enable this :-).
Jeremy.
 2007-10-10 11:51:16 -05:00
Jeremy Allison
10b32cb6de r18010: Ensure we don't timeout twice to the same 
server in winbindd when it's down and listed
in the -ve connection cache. Fix memory leak,
reduce timeout for cldap calls - minimum 3 secs.
Jeremy.
 2007-10-10 11:39:48 -05:00
Jeremy Allison
77fe2a3d74 r18006: Actually a smaller change than it looks. Leverage 
the get_dc_list code to get the _kerberos. names
for site support. This way we don't depend on one
KDC to do ticket refresh. Even though we know it's
up when we add it, it may go down when we're trying
to refresh.
Jeremy.
 2007-10-10 11:39:47 -05:00
Jeremy Allison
ecca467e46 r18004: If you're writing out a krb5.conf, at least 
get the syntax right... :-).
Jeremy.
 2007-10-10 11:39:46 -05:00
Jeremy Allison
515f86167b r18003: Creating a directory and getting EEXIST isn't an error. 
Jeremy.
 2007-10-10 11:39:46 -05:00
Jeremy Allison
5f84c8c815 r18002: Improved debug. 
Jeremy.
 2007-10-10 11:39:46 -05:00
Jeremy Allison
ba311ac4ea r18001: Proper error reporting on write/close fail. 
Jeremy.
 2007-10-10 11:39:46 -05:00
Jeremy Allison
f1c5409b9f r18000: Get nelem/size args right for x_fwrite. 
Jeremy.
 2007-10-10 11:39:46 -05:00
Jeremy Allison
99f100cfec r17999: No need to prevent others from reading. Use 755 instead 
of 700, and 644 instead of 600. Reading might help
debugging.
Jeremy.
 2007-10-10 11:39:46 -05:00
Jeremy Allison
c59eff3e53 r17997: Ensure lockdir exists for winbindd. Store tmp 
krb5.conf files under lockdir, not privatedir.
Jeremy.
 2007-10-10 11:39:46 -05:00
Jeremy Allison
188eb9794d r17996: Don't talloc free the memory then reference it. Doh ! 
Jeremy.
 2007-10-10 11:39:45 -05:00
Jeremy Allison
541594153b r17995: Ensure we create the domain-specific krb5 files in a 
separate directory.
Jeremy.
 2007-10-10 11:39:45 -05:00
Jeremy Allison
7acbcf9a6c r17994: Add debugs that showed me why my site code wasn't 
working right. Don't update the server site when we
have a client one...
Jeremy.
 2007-10-10 11:39:45 -05:00
Jeremy Allison
638d53e2ad r17946: Fix couple of typos... 
Jeremy.
 2007-10-10 11:39:01 -05:00
Jeremy Allison
9be4ecf24b r17945: Store the server and client sitenames in the ADS 
struct so we can see when they match - only create
the ugly krb5 hack when they do.
Jeremy.
 2007-10-10 11:39:01 -05:00