sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
Code
23,187 Commits 60 Branches 1,145 Tags
Commit Graph

688 Commits

Author SHA1 Message Date
Günther Deschner
8d786a4e2b r23842: Attempt to fix the build with LDAP. 
Guenther
(This used to be commit efd817ae118da51058106ae97854572547e113d3)
 2007-10-10 12:28:33 -05:00
Günther Deschner
34d091f1c6 r23839: Try to get the attribute name from schema GUIDs or the display name from 
extended rights GUID from ad while dumping the security descriptors's aces.

This would perform much better with a guid cache, but for the rare cases where
it is used

	net ads search cn=mymachine ntSecurityDescriptor -U user%pass

it should be ok for now.

Guenther
(This used to be commit b36913433eb74203b29f2b7d412a86e60591ea22)
 2007-10-10 12:28:33 -05:00
Günther Deschner
b62ade20d0 r23838: Allow to store schema and config path in ADS_STRUCT config. 
Guenther
(This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
 2007-10-10 12:28:33 -05:00
Günther Deschner
9d6f8ed5e7 r23837: Pass ADS_STRUCT and TALLOC_CTX down to ads_disp_sd. 
Guenther
(This used to be commit ad0a6d5703c35d48ab5bbfa8d6506d42e0cfb61d)
 2007-10-10 12:28:32 -05:00
Günther Deschner
f05dcab9bf r23836: Add ads_config_path() and ads_get_extended_right_name_by_guid(). 
Guenther
(This used to be commit 4d62f1191b52569fcdbe674773b07a44aa469520)
 2007-10-10 12:28:32 -05:00
Günther Deschner
fd8dc4b561 r23835: Pass down a struct GUID to ads_get_attrname_by_guid() directly. 
Guenther
(This used to be commit a4d5206d0bcbee713790834f119b182e0b419e8c)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c252b04abf r23834: Allow to pass an ADS_STRUCT pointer down to the dump function callback in 
libads.

Guenther
(This used to be commit 311bbbafa6d860b7b632beac6d9249b0a2fafb86)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c8e23e4091 r23833: Document ads_find_samaccount(). 
Guenther
(This used to be commit 3effd1c3461301f9ccf7c55386810c36f4ee3ccc)
 2007-10-10 12:28:31 -05:00
Günther Deschner
e7705f9eb9 r23829: Add ads_get_attrname_by_guid(). 
Guenther
(This used to be commit a84fd8300661fd895ed7a8a104b743628718dfc8)
 2007-10-10 12:28:31 -05:00
Günther Deschner
1c957f9559 r23826: Fix gpo security filtering by matching the security descriptor ace's for the 
extended apply group policy right.

Guenther
(This used to be commit d832014a6fef657f484412372b5d09047552b183)
 2007-10-10 12:28:31 -05:00
Günther Deschner
6d0141c17e r23820: Display security_ace_object in LDAP security descriptors for debugging. 
Guenther
(This used to be commit 3925e85812b2aded356866925382b1beb718cd44)
 2007-10-10 12:28:30 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address. 
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
 2007-10-10 12:28:27 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text 
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
 2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later. 
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
 2007-10-10 12:28:20 -05:00
Günther Deschner
221d06d6f3 r23772: Add ads_find_samaccount() helper function. 
Guenther
(This used to be commit 6fafa64bea4ce6a7a5917fa02ed9c564a7c93ffb)
 2007-10-10 12:23:55 -05:00
Günther Deschner
8ead92f06d r23654: Remove misleading inline comment. 
Guenther
(This used to be commit a3441c22b342e2802bd9766b7046073db3895a29)
 2007-10-10 12:23:42 -05:00
Günther Deschner
110e420196 r23651: Always, always, always compile before commit... 
Guenther
(This used to be commit accb40446ad3f872c5167fc2306d892553293b7b)
 2007-10-10 12:23:41 -05:00
Günther Deschner
3b1956f9d2 r23650: Fix remaining callers of krb5_kt_default(). 
Guenther
(This used to be commit b9d7a2962a472afb0c6b8e3ac5c2c819d4af2b39)
 2007-10-10 12:23:41 -05:00
Günther Deschner
a248672932 r23649: Fix the build (by moving smb_krb5_open_keytab() to clikrb5.c). 
Guenther
(This used to be commit 19020d19dca7f34be92c8c2ec49ae7dbde60f8c1)
 2007-10-10 12:23:41 -05:00
Günther Deschner
a2618aa8d5 r23648: Allow to list a custom krb5 keytab file with: 
net ads keytab list /path/to/krb5.keytab

Guenther
(This used to be commit a2befee3f240543ea02ea99cebad886b54ae64eb)
 2007-10-10 12:23:41 -05:00
Günther Deschner
6fff735da0 r23647: Use smb_krb5_open_keytab() in smbd as well. 
Guenther
(This used to be commit d22c0d291e1b4a1412164d257310bbbb99de6500)
 2007-10-10 12:23:41 -05:00
Günther Deschner
df63172ad9 r23646: Generalize our internal keytab handling to support a broader range of default 
keytabnames (like "ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab"). This also
fixes keytab support with Heimdal (which supports the WRFILE pragma as well
now).

Guenther
(This used to be commit 7ca002f4cc9ec4139c0c48952ebf05f89b5795ef)
 2007-10-10 12:23:40 -05:00
Günther Deschner
47bd42ab1c r23607: Add legacy support for Services for Unix (SFU) 2.0. 
Guenther
(This used to be commit 11b390309b9677805e5b68f3a1b780658ae85137)
 2007-10-10 12:23:35 -05:00
Jeremy Allison
5a80fa5c0c r23514: Remove unused function ads_get_dn_from_extended_dn(). 
Jeremy.
(This used to be commit 03763bc5287fef5f100c911041668e23d4305f8d)
 2007-10-10 12:23:24 -05:00
Gerald Carter
b4a39dc10e r23477: Build farm fix: Use int rather than MIT's krb5_int32 when setting context flags. 
(This used to be commit 903145e957cd05b219fdf7d5fc1e35430938a24e)
 2007-10-10 12:23:19 -05:00
Gerald Carter
4caefdf348 r23474: Here's a small patch that disables the libkrb5.so replay cache 
when verifying a ticket from winbindd_pam.c.

I've found during multiple, fast, automated SSH logins (such
as from a cron script) that the replay cache in MIT's krb5
lib will occasionally fail the krb5_rd_req() as a replay attack.

There seems to be a small window during which the MIT krb5
libs could reproduce identical time stamps for ctime and cusec
in the authenticator since Unix systems only give back
milli-seconds rather than the micro-seconds needed by the
authenticator.  Checked against MIT 1.5.1.  Have not
researched how Heimdal does it.

My thinking is that if someone can spoof the KDC and TDS
services we are pretty hopeless anyways.
(This used to be commit cbd33da9f78373e29729325bbab1ae9040712b11)
 2007-10-10 12:23:19 -05:00
Gerald Carter
3272b1dd60 r23251: whoops! Fix compile error 
(This used to be commit 22a3ea40ac69fa3722abf28db845ab284a65ad97)
 2007-10-10 12:22:59 -05:00
Jeremy Allison
ad5ff1b809 r23147: Patch #4566 from jacob berkman <jberkman@novell.com>. Pass password data to krb5_prompter. 
Jeremy.
(This used to be commit 232fc5d69d44404df13f6516864352f9a5721552)
 2007-10-10 12:22:48 -05:00
Jeremy Allison
71ee55f98d r23080: Fix bug #4637 - we hads missed some cases where 
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6fa276ca4b0726fbb7baf0daafbdc46d)
 2007-10-10 12:22:43 -05:00
Michael Adam
2753d30cbe r22893: Use ldap_rename_s instead of deprecated ldap_rename2_s. 
This fixes the build on solaris (host sun9).
And hopefully doesn't break any other builds... :-)
If it does, we need some configure magic.

Thanks to Björn Jacke <bj@sernet.de>.
(This used to be commit a43775ab36aa3d36108e1b5860bbee6c47e9b1b4)
 2007-10-10 12:22:05 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and 
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
 2007-10-10 12:22:01 -05:00
Günther Deschner
83564b43e3 r22800: Add GPO_SID_TOKEN and an LDAP function to get tokensids from the tokenGroup attribute. 
Guenther
(This used to be commit e4e8f840605dfdf92ca60cc8fc6a4c85336565fb)
 2007-10-10 12:21:59 -05:00
Günther Deschner
75a0171857 r22799: Fix the build. 
Guenther
(This used to be commit 6e911c442bf9b076f43f99576f9b588df2c39233)
 2007-10-10 12:21:59 -05:00
Günther Deschner
46c5da2fd6 r22798: Add the "apply group policy" access bit (as seen in type 0x05 ALLOWED OBJECT 
ACEs).

Guenther
(This used to be commit e138cbc876e50ae25cb15c5109a42bc8b800c1ba)
 2007-10-10 12:21:58 -05:00
Günther Deschner
9c170fce26 r22797: We are only interested in the DACL of the security descriptor, so search with 
the SD_FLAGS control.

Guenther
(This used to be commit 648df57e53ddabe74052e816b8eba95180736208)
 2007-10-10 12:21:57 -05:00
Gerald Carter
3eca3af1bc r22728: Patch from Danilo Almeida <dalmeida@centeris.com>: 
When asked to create a machine account in an OU as part
of "net ads join" and the account already exists in another
OU, simply move the machine object to the requested OU.
(This used to be commit 3004cc6e593e6659a618de66f659f579e71c07f7)
 2007-10-10 12:21:51 -05:00
Gerald Carter
89fd4444af r22714: Prevent DNS lookup storms when the DNS servers are unreachable. 
Helps when transitioning from offline to online mode.

Note that this is a quick hack and a better solution
would be to start the DNS server's state between processes
(similar to the namecache entries).
(This used to be commit 4f05c6fe26f4abd7ca71eac339fee2ef5e254369)
 2007-10-10 12:21:49 -05:00
Gerald Carter
8ff276fcb0 r22701: Fix the krb5_nt_status error table and add the "no DCs found" mapping 
(This used to be commit 2ab617fbbffbd6bf98ee02150f62b87a2610531f)
 2007-10-10 12:21:47 -05:00
Günther Deschner
e468268335 r22666: Expand kerberos_kinit_password_ext() to return NTSTATUS codes and make 
winbindd's kerberized pam_auth use that.

Guenther
(This used to be commit 0f436eab5b2e5891c341c27cb22db52a72bf1af7)
 2007-10-10 12:19:54 -05:00
Günther Deschner
116c1532e7 r22664: When we have krb5_get_init_creds_opt_get_error() then try to get the NTSTATUS 
codes directly out of the krb5_error edata.

Guenther
(This used to be commit dcd902f24a59288bbb7400d59c0afc0c8303ed69)
 2007-10-10 12:19:53 -05:00
Günther Deschner
6288491e90 r22663: Restructure kerberos_kinit_password_ext() error path. 
Guenther
(This used to be commit 997ded4e3f0dc2199b9a66a9485c919c16fbabc6)
 2007-10-10 12:19:53 -05:00
Jeremy Allison
56a5d05b8b r22590: Make TALLOC_ARRAY consistent across all uses. 
That should be it....
Jeremy.
(This used to be commit 603233a98bbf65467c8b4f04719d771c70b3b4c9)
 2007-10-10 12:19:49 -05:00
Jeremy Allison
be8b0685a5 r22589: Make TALLOC_ARRAY consistent across all uses. 
Jeremy.
(This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
 2007-10-10 12:19:49 -05:00
Günther Deschner
1ee9650a1d r22479: Add "net ads keytab list". 
Guenther
(This used to be commit 9ec76c542775ae58ff03f42ebfa1acc1a63a1bb1)
 2007-10-10 12:19:37 -05:00
Günther Deschner
56f6336fd4 r22460: Adding a generic ads_ranged_search() function. 
Guenther
(This used to be commit b8828ea2516876fe5dd76083864418db2f042be0)
 2007-10-10 12:19:35 -05:00
Günther Deschner
8040fec0ac r22459: Adding ads_get_dn_from_extended_dn(), in preparation of making ranged LDAP 
queries more generic. Michael, feel free to overwrite these and the following.

Guenther
(This used to be commit 0475b8eea99ebb467e52225ad54f4302a77376b9)
 2007-10-10 12:19:35 -05:00
Stefan Metzmacher
78c57f59ac r22153: fix LDAP SASL "GSSAPI" bind against w2k3, this isn't critical 
because we try "GSS-SPNEGO" first and all windows version support
that.

metze
(This used to be commit 34a5badbded0b2537ee854287931e2a7dc3aeb37)
 2007-10-10 12:19:17 -05:00
Jeremy Allison
725fcf3461 r22112: Fix memleak pointed out by Steven Danneman <steven.danneman@isilon.com>. 
Jeremy.
(This used to be commit 7c45bd3a47fc2b24c5f1351a241ace2201c857d2)
 2007-10-10 12:19:14 -05:00
Stefan Metzmacher
eceb926df9 r22092: - make spnego_parse_auth_response() more generic and 
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
  if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
  force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE

metze
(This used to be commit e9f2aa22f90208a5e530ef3b68664151960a0a22)
 2007-10-10 12:19:10 -05:00
Jeremy Allison
4899c6b806 r22079: Tsk, tsk, Metze didn't compile before check-in :-). 
Merge the memory leak fix (with fix :-) to 3.0.25.
Jeremy.
(This used to be commit ab3150fe4ed2a629eb371db5f43ae09b9c583a64)
 2007-10-10 12:19:09 -05:00