sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
23,345 Commits 60 Branches 1,144 Tags 452 MiB
5221ebb299
Commit Graph

697 Commits

Author SHA1 Message Date
Gerald Carter
5221ebb299 r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree. 
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336)
 2007-10-10 12:31:03 -05:00
Gerald Carter
3529156971 r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags, 
and client fixes.  Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba73)
 2007-10-10 12:31:02 -05:00
Günther Deschner
3309aacc99 r25328: When using ldap sasl wrapping with gssapi it's important to receive warnings 
for clock-skew errors.

Guenther
(This used to be commit 53c99d415d)
 2007-10-10 12:31:00 -05:00
Jeremy Allison
ab9d7bf4f9 r25165: Use talloc_asprintf_append_buffer with an unmodified 
string.
Jeremy.
(This used to be commit fe30a523df)
 2007-10-10 12:30:47 -05:00
Günther Deschner
1874c564db r25133: Fix sasl wrapping (for ldap sign&seal). 
The gss_import_name() broke as we switched from the internal MIT OID
"gss_nt_krb5_principal" to "GSS_KRB5_NT_PRINCIPAL_NAME" and didn't switch from
passing the krb5_principal (or better: a pointer to that, see MIT's "*HORRIBLE*
bug") to pass the string principal directly.

Jerry, Jeremy, neither I could figure out the need of passing in a
krb5_principal at all nor could I reproduce the crash you were seeing.

I sucessfully tested the code (now importing a string) with MIT 1.2.7, 1.3.6,
1.4.3, 1.5.1, 1.6.1 and Heimdal 0.7.2, 1.0, 1.0.1.

Guenther
(This used to be commit cb2dc715e3)
 2007-10-10 12:30:43 -05:00
Günther Deschner
1ef2464451 r25109: Remove obsolete argument from ads_guess_service_principal(). 
Guenther
(This used to be commit 2dea9464bb)
 2007-10-10 12:30:41 -05:00
Günther Deschner
dc58b03517 r25108: Make ifdef labyrinth in sasl code a bit more readable. 
Guenther
(This used to be commit f31949ec34)
 2007-10-10 12:30:40 -05:00
Günther Deschner
cd45a258a7 r25080: Once we decrypted the packet but have timing problems (closkew, tkt not yet or 
no longer valid) there is no point to bother the keytab routines.

Guenther
(This used to be commit 7e4dcf8e7e)
 2007-10-10 12:30:38 -05:00
Lars Müller
9fa56b9ae9 r25030: ip_srv_nonsite and count_nonsite are initialized in get_kdc_list() in any 
case.
(This used to be commit 287604a1c7)
 2007-10-10 12:30:36 -05:00
Michael Adam
b202692875 r24836: Initialize some uninitialized variables. 
This prevents a segfault when get_kdc_ip_string() is called
with sitename == NULL.

Michael
(This used to be commit 58d31e057b)
 2007-10-10 12:30:26 -05:00
Günther Deschner
55b59eb80b r24833: Move locator to nsswitch (does not belong to libads anymore). 
Guenther
(This used to be commit af90c6949c)
 2007-10-10 12:30:26 -05:00
Günther Deschner
dbdc0fecb6 r24832: In the winbind-locator recursion case, try to pick up the kdc from the 
environment.

Guenther
(This used to be commit 7f42fe4e08)
 2007-10-10 12:30:26 -05:00
Günther Deschner
647abf0a7b r24804: As a temporary workaround, also try to guess the server's principal in the 
"not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.

Guenther
(This used to be commit f5b3de4d30)
 2007-10-10 12:30:23 -05:00
Günther Deschner
60fb367fd9 r24769: Merge error handling for locator plugin. 
Guenther
(This used to be commit b83626676c)
 2007-10-10 12:30:19 -05:00
Günther Deschner
6227abc043 r24752: Make sure to return properly when the locator is called from within winbindd. 
Guenther
(This used to be commit 6cf7187e88)
 2007-10-10 12:30:18 -05:00
Günther Deschner
49e92d0d56 r24748: Remove all dependencies to samba internals and convert the krb5 locator plugin 
into a tiny winbindd DsGetDcName client. This still does not solve the case of
using the locator from within winbindd itself but at least gencache.tdb and
others are no longer corrupted.

Guenther
(This used to be commit 908e7963b8)
 2007-10-10 12:30:17 -05:00
Günther Deschner
22cf5a3f80 r24739: With resolve_ads() allow to query for PDCs as well. 
Also add dns query functions to find GCs and DCs by GUID.

Guenther
(This used to be commit cc469157f6)
 2007-10-10 12:30:16 -05:00
Günther Deschner
d61c180e49 r24654: Adapt to coding conventions. 
Guenther
(This used to be commit a669ac2bc4)
 2007-10-10 12:30:13 -05:00
Günther Deschner
201f0e1ce4 r24432: Expand kerberos_return_pac() so that it can be used in winbindd. 
Guenther
(This used to be commit e70bf0ecc3)
 2007-10-10 12:29:46 -05:00
Günther Deschner
3e00e2e9ce r24424: Fix the build. 
Guenther
(This used to be commit 029bf26f8a)
 2007-10-10 12:29:45 -05:00
Günther Deschner
6ba2d944a0 r24252: Dump guid of msExchMailboxGuid when returned. 
Guenther
(This used to be commit 1142f3df54)
 2007-10-10 12:29:21 -05:00
Günther Deschner
bed0ea0693 r24251: Neverending fun: 
Heimdal doesn't accept all OIDs and gss_import_name() fails with
GSS_S_BAD_NAMETYPE using this one. Use the GSS_KRB5_NT_PRINCIPAL_NAME OID
instead (which works with at least MIT 1.6.1 and Heimdal 1.0.1).

Guenther
(This used to be commit f783b32b65)
 2007-10-10 12:29:21 -05:00
Volker Lendecke
8476d072d3 r24166: Fix Coverity ID 391 
(This used to be commit 461974d2cc)
 2007-10-10 12:29:17 -05:00
Gerald Carter
cdd140fe27 r24158: SE_GROUP_RESOURCE in the other_sids list apparently means a 
domain local group.

Fix a typo in the PAC debugging routine
(This used to be commit b0b66b2e7a)
 2007-10-10 12:29:15 -05:00
Stefan Metzmacher
cc8d700364 r24131: - make it more clear what the different min and max fields mean 
- with the "GSSAPI" sasl mech the plain, sign or seal negotiation
  is independed from the req_flags and ret_flags
- verify the server supports the wrapping type we want
- better handling on negotiated buffer sizes

metze
(This used to be commit d0ec732387)
 2007-10-10 12:29:09 -05:00
Stefan Metzmacher
d2900ddf11 r24128: fix double free in error path 
metze
(This used to be commit 29e2d8e044)
 2007-10-10 12:29:09 -05:00
Stefan Metzmacher
e1b1177196 r24104: fix the build, sorry... 
metze
(This used to be commit a5e1f9fd29)
 2007-10-10 12:29:07 -05:00
Stefan Metzmacher
56766b1f3e r24103: add some useful debug messages, as not all LDAP 
libraries support wrapping hooks...

metze
(This used to be commit 581a1d3a20)
 2007-10-10 12:29:07 -05:00
Stefan Metzmacher
3edc6088aa r24098: - make use of the ads_service_principal abstraction 
also for the "GSSAPI" sasl mech.
- also use the ads_kinit_password() fallback logic
  from the "GSS-SPNEGO" sasl mech.

metze
(This used to be commit cbaf44de1e)
 2007-10-10 12:29:06 -05:00
Stefan Metzmacher
db718085fd r24095: add one more fallback alternative to 
construct the principal

metze
(This used to be commit b545667d2a)
 2007-10-10 12:29:05 -05:00
Stefan Metzmacher
062bca6675 r24093: move gssapi/krb5 principal handling into a function 
metze
(This used to be commit 83de27968d)
 2007-10-10 12:29:05 -05:00
Stefan Metzmacher
31dc9126c1 r24072: Add "client ldap sasl wrapping" parameter. 
Possible values are "plain" (default), "sign" or "seal".

metze
(This used to be commit 26ccbad721)
 2007-10-10 12:29:02 -05:00
Günther Deschner
3ec8b1702c r24066: Fix memleak found by Volker. We don't leak keys now with MIT and Heimdal. 
Guenther
(This used to be commit 7755ad750f)
 2007-10-10 12:29:01 -05:00
Volker Lendecke
bf27a77c05 r24065: According to gd, this breaks heimdal. Thanks for checking! 
(This used to be commit ea5f53eac8)
 2007-10-10 12:29:01 -05:00
Stefan Metzmacher
b4f6db40ab r24062: fix logic for broken krb5 libs which always force 
sign and seal...

metze
(This used to be commit 4a4fc8cccb)
 2007-10-10 12:29:00 -05:00
Volker Lendecke
d44063715a r24058: Fix some memory leaks in ads_secrets_verify_ticket. 
Jeremy, Günther, please review!

Thanks,

Volker
(This used to be commit 000e096c27)
 2007-10-10 12:29:00 -05:00
Stefan Metzmacher
75ae998b99 r24042: add support for krb5 sign and seal in LDAP via "GSS-SPNEGO" 
metze
(This used to be commit 34ab84aceb)
 2007-10-10 12:28:59 -05:00
Stefan Metzmacher
6b5c55b0f0 r24037: only setup sasl wrapping after a successful bind 
metze
(This used to be commit 85d6cd3dfb)
 2007-10-10 12:28:58 -05:00
Günther Deschner
2349acdd43 r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, renew, 
pac).

Guenther
(This used to be commit 4cada7c148)
 2007-10-10 12:28:51 -05:00
Günther Deschner
f659ffc0ee r23970: Allow to set the debuglevel at which to dump the PAC logon info. 
Guenther
(This used to be commit 7d321aad83)
 2007-10-10 12:28:50 -05:00
Günther Deschner
fce64f6833 r23969: Some helper routines to retrieve a PAC and PAC elements. 
Guenther
(This used to be commit d4c87c792a)
 2007-10-10 12:28:50 -05:00
Volker Lendecke
f5033a1e62 r23953: Some C++ warnings 
(This used to be commit 8716edf157)
 2007-10-10 12:28:49 -05:00
Günther Deschner
e6875b1b45 r23951: Fix segfault. 
Guenther
(This used to be commit 1a5c8780ae)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
14e81b3009 r23948: add gsskrb5 sign and seal support for LDAP connections 
NOTE: only for the "GSSAPI" SASL mech yet

metze
(This used to be commit a079b66384)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
ea3c3b9272 r23946: add support for NTLMSSP sign and seal 
NOTE: windows servers are broken with sign only...

metze
(This used to be commit 408bb2e6e2)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
07c034f7c4 r23945: add infrastructure to select plain, sign or seal LDAP connection 
metze
(This used to be commit 2075c05b3d)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
e0c4034393 r23943: - always provide ads_setup_sasl_wrapping() function 
- read/write returning 0 means EOF and we need to return direct

metze
(This used to be commit 885d557ae7)
 2007-10-10 12:28:48 -05:00
Günther Deschner
9e0c550922 r23937: Use ads_config_path() when we need to know the configration context. 
Guenther
(This used to be commit 1a62c731c6)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
00b27d2d69 r23933: - implement ctrl SASL wrapping hook 
- pass down sign or seal hooks
- some sasl wrapping fixes

metze
(This used to be commit 8c64ca3394)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
307e51ed14 r23926: implement output buffer handling for the SASL write wrapper 
metze
(This used to be commit 65ce6fa21a)
 2007-10-10 12:28:45 -05:00