1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

7106 Commits

Author SHA1 Message Date
Andrew Bartlett
372ca26b20 r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5
authentication.  This pulls the creating of the keytab back to the
credentials code, and removes the special case of 'use keberos keytab
= yes' for now.

This allows (and requires) the callers to specify the credentials for
the server credentails to GENSEC.  This allows kpasswdd (soon to be
added) to use a different set of kerberos credentials.

The 'use kerberos keytab' code will be moved into the credentials
layer, as the layers below now expect a keytab.

We also now allow for the old secret to be stored into the
credentials, allowing service password changes.

Andrew Bartlett
(This used to be commit 205f77c579)
2007-10-10 13:45:00 -05:00
Andrew Bartlett
9e25f33a1a r11199: Push an objectSid into the schannel state database, to match the new header.
Andrew Bartlett
(This used to be commit a665b56085)
2007-10-10 13:45:00 -05:00
Andrew Bartlett
bf38a5e7c5 r11198: The recent changes to netlogon changed this from a RID to a SID.
Andrew Bartlett
(This used to be commit 24dbf34352)
2007-10-10 13:45:00 -05:00
Andrew Bartlett
22a9779328 r11197: indent
(This used to be commit a432ba105c)
2007-10-10 13:45:00 -05:00
Andrew Bartlett
b0fe5e6ade r11196: Clean up memory leaks (pointed out by vl), and handle the case where
the client doesn't guess correctly on the mech to use.  It must back
off and try the mech the server selected from the list.

I'm not particularly attached to our SPNEGO parser, so while I can't
easily use the SPNEGO application logic in Heimdal, I'm going to look
closely at using the asn1 routines to avoid some pain here.

Andrew Bartlett
(This used to be commit 9292173874)
2007-10-10 13:44:59 -05:00
Andrew Bartlett
02c32587a8 r11195: Add a new helper function (needed by my kpasswdd work, but hooked in
for netlogon as well) to change/set a user's password, given only
their SID.

This avoids the callers doing the lookups, and also performs the
actual 'set', as these callers do not wish any further buisness with
the entry.

Andrew Bartlett
(This used to be commit 060a2a7bcc)
2007-10-10 13:44:59 -05:00
Andrew Bartlett
ddb1c4aa13 r11194: Use the special ldb attribute "canonicalName" (therefore testing that
codepath) in DRSUAPI CrackNames.

Fix the NT4 account return value.

Andrew Bartlett
(This used to be commit 2513c02c64)
2007-10-10 13:44:59 -05:00
Volker Lendecke
1e60499880 r11193: Implement wbinfo -m
(This used to be commit 12a800bc85)
2007-10-10 13:44:59 -05:00
Volker Lendecke
0e6fefac49 r11192: Too many contexts around... :-)
(This used to be commit 134e104c3f)
2007-10-10 13:44:59 -05:00
Stefan Metzmacher
bc43d1b6f0 r11189: add some more special group vs. special group tests,
to make sure that replicas from the same owner are blinding overwritten
in all cases

metze
(This used to be commit 466baf737a)
2007-10-10 13:44:58 -05:00
Stefan Metzmacher
47c0c176e9 r11188: - add multi homed vs. multi homed section
metze
(This used to be commit 838323e58f)
2007-10-10 13:44:58 -05:00
Stefan Metzmacher
c1113796eb r11187: in case the msDS-KeyVersionNumber is replicated (I didn't assume this...)
show the string in the debug output, and show it with
--option="dssync:print_pwd_blobs=yes"

metze
(This used to be commit 98c1e8e3df)
2007-10-10 13:44:58 -05:00
Stefan Metzmacher
7e3d377b1d r11186: - get rid of some .extra = True cases
- add multihomed vs unique section
- update conflict handling for the above case

metze
(This used to be commit c043e56efd)
2007-10-10 13:44:58 -05:00
Stefan Metzmacher
b47e656927 r11185: - resolve attid for "supplementalCredentials" into a name
- print "supplementalCredentials" also when --option="dssync:print_pwd_blobs=yes"
  is used

abartlet: this field may contain the krb5 keys...

metze
(This used to be commit 26c69348ca)
2007-10-10 13:44:57 -05:00
Jelmer Vernooij
fbd34a19ab r11184: Remove test that checks whether ftruncate() needs root, because I can't
find the file it tries to use (build/tests/ftruncroot.c) and the value
it defines is not used anywhere.
(This used to be commit 97bbf4a460)
2007-10-10 13:44:57 -05:00
Jelmer Vernooij
5a930a2d33 r11182: Explicitly add "." to perl include path so that perl doesn't use the
Config module instead of the configure-generated config.pm on case-insensitive
filesystems (MacOSX, OpenVMS)
(This used to be commit 47b8095a0a)
2007-10-10 13:44:57 -05:00
Volker Lendecke
0f51ae83f0 r11181: Implement wbinfo -s and wbinfo --user-sids. The patch is so large because
--user-sids required the extension to trusted domains.

Implement "winbind sealed pipes" parameter for debugging purposes.

Volker
(This used to be commit 3821a17bdb)
2007-10-10 13:44:57 -05:00
Stefan Metzmacher
ba97ac6b96 r11179: revert to the old code, till jelmer find a solution how to
handle a UTF16 string in a uint8 array

metze
(This used to be commit d13315f3b1)
2007-10-10 13:44:56 -05:00
Stefan Metzmacher
50030d5c4f r11178: add some logic functions for the replica_vs_replica conflict handling
to our winsrepl server, but it handles only the simple cases (without merging)
and we still didn't apply records to our wins.ldb, we just print out what we would do

metze
(This used to be commit e4edeeaa0a)
2007-10-10 13:44:56 -05:00
Stefan Metzmacher
e8118ad3b0 r11177: move unique vs * and normal group vs * into this form
ACTIVE		vs ACTIVE
ACTIVE  	vs TOMBSTONE
RELEASED	vs ACTIVE
RELEASED	vs TOMBSTONE
TOMBSTONE	vs ACTIVE
TOMBSTONE	vs TOMBSTONE

as it seems that is all we need to test,
and w2k3 only decides between ACTIVE and NON-ACTIVE (REALEASED or TOMBSTONE)
when it gets new replica objects

also I have removed all the extra test, we only test the worst cases now,
and this will make the algorithms more clear when you look at the output
of the NBT-WINSREPLICATION torture test

metze
(This used to be commit 7545e4e716)
2007-10-10 13:44:56 -05:00
Stefan Metzmacher
4043d03ef0 r11176: - add multi homed vs. special group section
metze
(This used to be commit 62ddca0e1f)
2007-10-10 13:44:56 -05:00
Stefan Metzmacher
9334501ccb r11175: - add multi homed vs. normal group section
metze
(This used to be commit 891416b79e)
2007-10-10 13:44:55 -05:00
Stefan Metzmacher
3464d409af r11174: - add special group vs. multi homed section
- disable special group vs. special group,
  I need to look closer at this, as I'm getting strange timeouts
  randomly, so the server might be doing some challegnes while
  doing the merging of special group records, witch reaches
  timeouts

metze
(This used to be commit 7479760cbf)
2007-10-10 13:44:55 -05:00
Stefan Metzmacher
4c242c96e0 r11173: print out the correct messages
metze
(This used to be commit d8e7e914bf)
2007-10-10 13:44:55 -05:00
Stefan Metzmacher
8c8c40ecaa r11172: - start with special group vs. special group testing
metze
(This used to be commit ba2c100be6)
2007-10-10 13:44:55 -05:00
Stefan Metzmacher
e627a90362 r11171: fix the build
metze
(This used to be commit 0d948cf430)
2007-10-10 13:44:54 -05:00
Stefan Metzmacher
64b0c02e8b r11146: make sure we get the expected amount of addresses
metze
(This used to be commit 9903a47151)
2007-10-10 13:44:54 -05:00
Stefan Metzmacher
abe4ee3d43 r11144: - add special group vs. normal group section
metze
(This used to be commit 03a8ff89d0)
2007-10-10 13:44:54 -05:00
Stefan Metzmacher
4a8bdae155 r11142: - add special group vs. unique section
metze
(This used to be commit ba17276236)
2007-10-10 13:44:54 -05:00
Jelmer Vernooij
087dd76232 r11141: Re-add paranoid string terminator check
(This used to be commit 55805b5ed9)
2007-10-10 13:44:54 -05:00
Volker Lendecke
bf59ef9d72 r11122: Fix some talloc hierarchy errors
(This used to be commit 449cc714b8)
2007-10-10 13:44:53 -05:00
Stefan Metzmacher
2038e9a698 r11121: - add normal groups vs. multihomed section
- make sure we test the worst case,
  so that we don't need to test everything...
  - same ip(s)		=> not replace
  - different ip(s)	=> replace

metze
(This used to be commit 4a22ce09b4)
2007-10-10 13:44:53 -05:00
Volker Lendecke
929de6af34 r11120: calling_name is used later in sesssetup_nt1, so hang the names to the right
talloc context.

Volker
(This used to be commit 256cf928d7)
2007-10-10 13:44:53 -05:00
Stefan Metzmacher
c4927c843d r11119: add normal group vs. special group section
metze
(This used to be commit 13703b5c35)
2007-10-10 13:44:53 -05:00
Stefan Metzmacher
70be12593a r11117: add a normal group vs. normal group section
metze
(This used to be commit 9a7689c745)
2007-10-10 13:44:52 -05:00
Stefan Metzmacher
80cd8936fa r11116: - don't display cleanup updates
- add unique vs. multi homed section

metze
(This used to be commit 7f8c26cd33)
2007-10-10 13:44:52 -05:00
Stefan Metzmacher
e7238b9306 r11115: add unique vs special group section
metze
(This used to be commit 980e1a39eb)
2007-10-10 13:44:52 -05:00
Andrew Tridgell
d73bd8f01a r11114: - fixed error handling on bad bind in ildap client
- added nicer error display, giving a string version of the error code
(This used to be commit 5ec486bb81)
2007-10-10 13:44:52 -05:00
Andrew Tridgell
bb3a915c9d r11113: fixed two small bugs in newuser
- randpass() is now in the random ejs module, not global

- don't dereference the undefined variable on getopt failure
(This used to be commit 7e338c23f5)
2007-10-10 13:44:52 -05:00
Andrew Tridgell
374ced5ab0 r11112: listen on the global catalog ldap server port as well if we are a
PDC. I suspect we should behave slightly differently on the two ports,
but this is a lot closer than not listening at all. When creating a
user with mmc the global catalog port is used to check for an existing
user
(This used to be commit f8430c3f41)
2007-10-10 13:44:51 -05:00
Andrew Tridgell
70e73a45d9 r11111: fixed a talloc error in the dn shortcut code
(This used to be commit e28a334eeb)
2007-10-10 13:44:51 -05:00
Andrew Tridgell
be5a24b3c0 r11110: make ldb_oom() also set the ldb error string
(This used to be commit b6e8018a3b)
2007-10-10 13:44:51 -05:00
Andrew Tridgell
84ad5fc9f3 r11109: fixed the error code return from most ldb functions (the change to use
ldb_transaction_cancel() broke it)
(This used to be commit dc41994ea7)
2007-10-10 13:44:51 -05:00
Stefan Metzmacher
91366a1c96 r11108: - always test the old and new record
- check that the record is the same as what we pushed to the server
  (we need to verify the ip-addresses later too...)

metze
(This used to be commit f59e90299d)
2007-10-10 13:44:51 -05:00
Jelmer Vernooij
31ffec1d41 r11107: Include 0 byte
(This used to be commit 407df9628e)
2007-10-10 13:44:50 -05:00
Andrew Bartlett
a8e69328bf r11106: Make the KDC handler plugable, as I want to drop kpasswdd into exactly
the same spot (it has identical TCP sementics).

Andrew Bartlett
(This used to be commit 84d6118e87)
2007-10-10 13:44:50 -05:00
Jelmer Vernooij
f598135c6b r11105: Warn if conformant arrays are not at the end of a struct
Support conformant [string] arrays
Eliminate utf8string

This breaks xattr binary compatibility with previous versions - is that a
problem?
(This used to be commit 7596c708ba)
2007-10-10 13:44:50 -05:00
Jelmer Vernooij
dc36f29476 r11104: Fix LOCAL-PAC test
(This used to be commit 22d0e4a9bf)
2007-10-10 13:44:50 -05:00
Jelmer Vernooij
ec6973747a r11103: Eliminate ascstr
(This used to be commit c8a0511f37)
2007-10-10 13:44:50 -05:00
Jelmer Vernooij
3f3388a564 r11102: Remove unistr_noterm
(This used to be commit bb1ed44f45)
2007-10-10 13:44:49 -05:00