1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00

4339 Commits

Author SHA1 Message Date
Andrew Tridgell
9469051d5b r6817: - fixed empty ldap search elements in filters
- added support for guids in cldap netlogon searches.

the cldap server now passes the LDAP-CLDAP torture test
(This used to be commit eb7979d9def389942fa1c54693d2dfcb8828f544)
2007-10-10 13:16:47 -05:00
Andrew Tridgell
1dbe7430c7 r6816: - fixed debug display of ndr netlogon union
- send a username when scanning to make structure elements clearer
(This used to be commit 7d19eb9433b615fdf789cb07aeb331df92b05abd)
2007-10-10 13:16:47 -05:00
Andrew Tridgell
d43e0836dd r6815: fill in values in cldap server as well
(This used to be commit 50cac2ce845b7408d83f18e13544b950b2a5a65b)
2007-10-10 13:16:47 -05:00
Andrew Tridgell
eb77bb7416 r6814: fill in two more unknown values in cldap responses
(This used to be commit 5ee46b44be45763bfaa11dc0b0c9f53b7ee30a51)
2007-10-10 13:16:47 -05:00
Andrew Tridgell
3fd2a38e62 r6812: more talloc portability tweaks
(This used to be commit 450ac2e4dea25910ee5384747bdb6ad7323e967d)
2007-10-10 13:16:46 -05:00
Andrew Bartlett
fc748e650f r6811: Another attempt at better kerberos/gssapi headers.
Andrew Bartlett
(This used to be commit f4b7484516b956baabb3eba3f233da29fc101100)
2007-10-10 13:16:46 -05:00
Tim Potter
d441930987 r6810: Rename auth/{ntlmssp,gensec,kerberos} mk and m4 files to be called
config.mk and config.m4 to be consistent with the rest of Samba.
(This used to be commit f377c71e4f0d60684326906dfb65e4581294ec34)
2007-10-10 13:16:46 -05:00
Andrew Tridgell
bc6312f74d r6809: ifeq is not portable in make - jelmer, you'll need to find some other way of doing
this if you want detection of socket wrapper :-)
(This used to be commit f4bfc3a80e0986d48ea8f6ece5432732f5738f32)
2007-10-10 13:16:46 -05:00
Andrew Tridgell
9e044848e3 r6808: - test for gcov not needed
- samba malloc wrapper avoidance not needed now we don't use includes.h

- make testsuite work when BOOL, True, False already defined
(This used to be commit c8a274c8735957a8a8dd21421abd65a8a1af20f7)
2007-10-10 13:16:46 -05:00
Jelmer Vernooij
5251703764 r6807: Fix in-tree build of talloc testsuite
(This used to be commit 3541ebe31bef8ccae7a8a1ea4f451ddfbd24460a)
2007-10-10 13:16:46 -05:00
Andrew Bartlett
3a9c42c033 r6806: Try again to fix the build on various kerberos libs.
Andrew Bartlett
(This used to be commit 5749b63f171acb99c63bfe24312050b316644082)
2007-10-10 13:16:46 -05:00
Jelmer Vernooij
3184d47c42 r6805: Remove two remaining references to gensec_gsskrb5
(This used to be commit a02e07739781eb00b521d050ab06d6b0aedf47bc)
2007-10-10 13:16:45 -05:00
Jelmer Vernooij
1f474c2692 r6804: Add config.h for talloc (and use it)
(This used to be commit c2ce09d38003fd43212de9cd08e4a781cc2aff88)
2007-10-10 13:16:45 -05:00
Andrew Bartlett
1d0e2b9569 r6803: Try to bring in the correct GSSAPI headers for the krb5 mech. This
should allow us to ditch the local static storage for OIDs, as well as
fix the build on non-heimdal platforms.

Andrew Bartlett
(This used to be commit a7e2ecfac9aaacd673e3583b62139e4f4e114429)
2007-10-10 13:16:45 -05:00
Andrew Tridgell
03435f5de1 r6802: - fixed CFLAGS
- don't fail if we don't have xsltproc
(This used to be commit 235f5c510b4b68edf2a36d049bc0ff2afb73fd72)
2007-10-10 13:16:45 -05:00
Andrew Bartlett
c71a11c7ad r6801: It appears that krb5_make_principal, while convenient, is not portable.
Andrew Bartlett
(This used to be commit c8e8fa129ed0c80bcd289445935047c28d48da64)
2007-10-10 13:16:45 -05:00
Andrew Bartlett
5c6dd5e800 r6800: A big GENSEC update:
Finally remove the distinction between 'krb5' and 'ms_krb5'.  We now
don't do kerberos stuff twice on failure.  The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process.  All modules have been updated to supply a
NULL-terminated list of OIDs.

In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.

Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.

The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line.  It will soon loose the
requirement for a on-disk keytab too.

The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.

Andrew Bartlett
(This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
2007-10-10 13:16:45 -05:00
Andrew Bartlett
8f96c42027 r6799: Remove a rudundent variable from the context structure - we can figure
this out by asking GENSEC, just like everybody else.

Andrew Bartlett
(This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
2007-10-10 13:16:45 -05:00
Andrew Bartlett
ffb8ba8cd3 r6798: Valgrind pain is not something I look forward to - if we ever fall
back to the 'not /dev/urandom' method of random number generation, I
don't want to be chasing down 'use of uninitialised value' though all
the crypto code.

Andrew Bartlett
(This used to be commit 31ff2cd8e11dee36c42f82dcfd85338d3ff704d3)
2007-10-10 13:16:44 -05:00
Rafal Szczesniak
2c08639e02 r6797: Typo fix.
rafal
(This used to be commit 0f9a2aef6c87bd53c962b33bf78bf773d2319b97)
2007-10-10 13:16:44 -05:00
Andrew Bartlett
50da9ed856 r6796: Remove the gensec_gsskrb5 module, which had had all of it's special
features merged back into gensec_gssapi.

(Removed because I've made some API changes, and it isn't worth
'fixing' the rudundent code to cope with changes)

Andrew Bartlett
(This used to be commit e8cf3d58ec956e41fc8d3e38363db3d5d838fe1d)
2007-10-10 13:16:44 -05:00
Jelmer Vernooij
5b18cf2268 r6795: Make some functions static and remove some unused ones.
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10 13:16:44 -05:00
Simo Sorce
51b0f62b8f r6794: spellfix
(This used to be commit f5956d150154cb4393dc323ae8ae1f936adee355)
2007-10-10 13:16:44 -05:00
Andrew Bartlett
ae0cf9c240 r6793: Move auth_sam to use the dnsDomain rather than the
soon-to-be-depricated 'realm'.

Add torture test for this behaviour.

Andrew Bartlet
(This used to be commit 6b9020661a13fd5ec6c5d1e21344d9f654978987)
2007-10-10 13:16:44 -05:00
Andrew Bartlett
c0c1b26a76 r6792: Allow a mech to fail on the first pass at the packet, and still fall
back to the other options.

Andrew Bartlett
(This used to be commit 9153d7306124d5e4ffc0467728210e2e2235059f)
2007-10-10 13:16:43 -05:00
Andrew Bartlett
4f9fa5a81d r6791: My early notes on the particular things I have discovered as I learn
kerberos, and how Microsoft constructs their kerberos implementation.

Andrew Bartlett
(This used to be commit 5fa9be75d987af106fd798f6d5379b637a170b00)
2007-10-10 13:16:43 -05:00
Jelmer Vernooij
e5a3ec0e5b r6790: Use config.h file for ldb and add test for stdint.h
(This used to be commit c1f1b5a9455c827f7baf382d919ab8a0eab49bb3)
2007-10-10 13:16:43 -05:00
Stefan Metzmacher
6f76065690 r6781: -add some comments on how attributes and objectClasses are identified in DRSUAPI
-and some comments on what the attribute syntaxes matches what internal datatypes

metze
(This used to be commit 58c6887da48c2ebdec14529cb81e7589101f7aae)
2007-10-10 13:16:43 -05:00
Andrew Tridgell
0b8b29f070 r6776: make the cldap torture test not dependent on the realm being set
correctly - it gets the realm from an initial no-attribute search
(This used to be commit 52d10c8d99521f9dd02891a30688472d96860aef)
2007-10-10 13:16:43 -05:00
Simo Sorce
9d81592be3 r6768: Fix wrong comment
(This used to be commit 2f80b2070f1fc99151f0a583271cd9047d53bab6)
2007-10-10 13:16:42 -05:00
Tim Potter
8aa0aec431 r6767: Fix compiler warning.
(This used to be commit 45a0692be10a03032f9a4e26da3de08696c03464)
2007-10-10 13:16:42 -05:00
Andrew Tridgell
6f36f7cd25 r6766: some more cldap tests ...
my best guess now is that w2k3 converts the & in the cldap query to an |
for the ldap search. at least it behaves roughly like that.
(This used to be commit 1d6ab9aaefee71e3d0f87c1afae8ccdbae1f0e04)
2007-10-10 13:16:42 -05:00
Andrew Tridgell
a90c731ec5 r6765: expanded the cldap test suite to test the usage of the DomainGuid,
AAC, and User attributes in cldap netlogon queries

interestingly, while WinXP generated cldap filters with these set, the
w2k3 cldap server seems to completely ignore them, so I didn't need to
alter our cldap server at all to pass the test :-)
(This used to be commit 177c8becd2051c9d1f261358baf4b85ca89700d8)
2007-10-10 13:16:42 -05:00
Andrew Tridgell
06869ce014 r6764: added support for DomainGuid, DomainSid, AAC, and User attributes in
cldap netlogon queries
(This used to be commit 7c1d0f449d3922a309fc86e5d9cb1e962a39805d)
2007-10-10 13:16:42 -05:00
Andrew Tridgell
4029df5e60 r6763: added functions in libcli/ldap/ to binary encode some NDR structures into
ldap friendly filter strings
(This used to be commit 8890dd3ac331cffe83226a356c52df89c917c2b0)
2007-10-10 13:16:42 -05:00
Andrew Tridgell
2f315e94f8 r6762: with the zone right we don't need a fully qualified site name at all
(This used to be commit 6f4ad382d445c3cdb8e50727f09d79334076e02d)
2007-10-10 13:16:42 -05:00
Andrew Tridgell
04ecea3b1c r6761: - not everyone is in my domain :-)
- started adding support for the other cldap attributes that XP uses
(This used to be commit 1537558039b012a4124e6167ad7ebfd7486f05ff)
2007-10-10 13:16:41 -05:00
Simo Sorce
62ccaf2d86 r6759: let us have a wildcard attribute so that we can set a default for all attributes
example:

*: CASE_INSENSITIVE

by placing it in the @ATTRIBUTES object you make all the matching be case insensitive
to make an excepion to the general rule now you just need to create an entry like:

name: CASE_SENSITIVE

the key CASE_SENSITIVE currently does not exist but has the effect of making the code
ignore the wildcard default flag and being ldb case sensitive by default it let the
"name" attribute be case sensitive again

Tridge, can you look at this commit?
Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ?

Simo.
(This used to be commit 5f10707e8ac36db03f3aa3e1ee1c40a9d9da2016)
2007-10-10 13:16:41 -05:00
Jelmer Vernooij
15a8f0ff0a r6752: Patch by Steven Edwards to improve portability to mingw32
(This used to be commit 8d63cd33a223cccb21d808747e9c97da53629fbc)
2007-10-10 13:16:41 -05:00
Andrew Tridgell
51a3cfe35e r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query with this
in uppercase)
(This used to be commit f0c37555ff30c3e5ff4680d0b33bc105ebd3a0b1)
2007-10-10 13:16:41 -05:00
Andrew Tridgell
0b5fe8f7e1 r6750: some minor tweaks to the cldapd server
I can now join winxp -> samba4 DC using long name, and login. The nice
thing is there are no delays now, as the client likes the replies it gets
(This used to be commit 5aff7d36f3e535e305820ae42b023ae53cc0daf9)
2007-10-10 13:16:41 -05:00
Andrew Tridgell
2279d1ebfb r6747: first working version of cldapd server. It is missing 'sites' support, and
filling in some of the returned parameters is quite rough, but it seems to work OK
(This used to be commit e564e3e596915414fad07c94f7ea8a0d9c3a1140)
2007-10-10 13:16:41 -05:00
Andrew Tridgell
59f415c0ed r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOB
(This used to be commit dc25be9d69a65680f7942ed29c2d791d6ce7248a)
2007-10-10 13:16:40 -05:00
Andrew Tridgell
c956f4f982 r6745: - escape spaces in binary ldap blobs
- expose the ldap filter string parsing outside of ldap.c
(This used to be commit b644ff6fe164fbe359c47e4d34f5ad490ff61d5b)
2007-10-10 13:16:40 -05:00
Andrew Tridgell
ea6943ec79 r6744: added support for reply packets in libcli/cldap/
(This used to be commit 992858e1b91c3ff05077afa8a7abe155198597d4)
2007-10-10 13:16:40 -05:00
Andrew Tridgell
9add53863f r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,
giving valgrind errors
(This used to be commit 7af0c547e0c0da3bc78a1ee6c2ab29114d8625cc)
2007-10-10 13:16:40 -05:00
Andrew Tridgell
3da16200e9 r6740: make gensec_gssapi.c compile again
(This used to be commit 6d15e9511115cc30ee213ec91320a2dccde15b8f)
2007-10-10 13:16:40 -05:00
Andrew Bartlett
c64ac2fc5a r6738: My version of the patch by metze that I just reverted (-r 6734).
This also includes other changes to reduce memory use by GENSEC when
not being used for sign/seal operations.  This should lower tridge's K
'per connection' benchmark further.

Andrew Bartlett
(This used to be commit 4a5829401b20c10091185bbd93236477523459b2)
2007-10-10 13:16:40 -05:00
Andrew Bartlett
0aef77698e r6737: Explain these error returns a bit better.
Andrew Bartlett
(This used to be commit 77d054c65aeecfc0d1156d750f7b8025cb154d3a)
2007-10-10 13:16:40 -05:00
Andrew Bartlett
d4d4d66828 r6736: Revert metze's -r 6734, as metze and I made the same changes at the
same time, but with different names.  This just helps me avoid
conflicts when I merge up my other changes.

Andrew Bartlett
(This used to be commit 27e6a853a5160cb1ad595bea25e891eeae439662)
2007-10-10 13:16:39 -05:00