sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-10 12:58:35 +03:00
Code
54,220 Commits 62 Branches 1,155 Tags
Commit Graph

870 Commits

Author SHA1 Message Date
Stefan Metzmacher
56766b1f3e r24103: add some useful debug messages, as not all LDAP 
libraries support wrapping hooks...

metze
(This used to be commit 581a1d3a20ffed42ccc7f35f163fd343ed12ccd3)
 2007-10-10 12:29:07 -05:00
Stefan Metzmacher
3edc6088aa r24098: - make use of the ads_service_principal abstraction 
also for the "GSSAPI" sasl mech.
- also use the ads_kinit_password() fallback logic
  from the "GSS-SPNEGO" sasl mech.

metze
(This used to be commit cbaf44de1e1f8007dc4ca249791ea30d2902c7c4)
 2007-10-10 12:29:06 -05:00
Stefan Metzmacher
db718085fd r24095: add one more fallback alternative to 
construct the principal

metze
(This used to be commit b545667d2a45a79bba05c9fe9e93a19951d60af7)
 2007-10-10 12:29:05 -05:00
Stefan Metzmacher
062bca6675 r24093: move gssapi/krb5 principal handling into a function 
metze
(This used to be commit 83de27968d434d67d23851b0c285221c870ff75e)
 2007-10-10 12:29:05 -05:00
Stefan Metzmacher
31dc9126c1 r24072: Add "client ldap sasl wrapping" parameter. 
Possible values are "plain" (default), "sign" or "seal".

metze
(This used to be commit 26ccbad7212e9acd480b98789f04b71c1e940ea8)
 2007-10-10 12:29:02 -05:00
Günther Deschner
3ec8b1702c r24066: Fix memleak found by Volker. We don't leak keys now with MIT and Heimdal. 
Guenther
(This used to be commit 7755ad750facc44b6a5df2136cb536547048cd48)
 2007-10-10 12:29:01 -05:00
Volker Lendecke
bf27a77c05 r24065: According to gd, this breaks heimdal. Thanks for checking! 
(This used to be commit ea5f53eac81e8a969587eb3996b16a1afd948877)
 2007-10-10 12:29:01 -05:00
Stefan Metzmacher
b4f6db40ab r24062: fix logic for broken krb5 libs which always force 
sign and seal...

metze
(This used to be commit 4a4fc8cccbcbe17eebcefcd0107f7de60d751f5c)
 2007-10-10 12:29:00 -05:00
Volker Lendecke
d44063715a r24058: Fix some memory leaks in ads_secrets_verify_ticket. 
Jeremy, Günther, please review!

Thanks,

Volker
(This used to be commit 000e096c277a71ca30c1c109aae62241ad466bee)
 2007-10-10 12:29:00 -05:00
Stefan Metzmacher
75ae998b99 r24042: add support for krb5 sign and seal in LDAP via "GSS-SPNEGO" 
metze
(This used to be commit 34ab84aceb86195743abd26c46a631640409725e)
 2007-10-10 12:28:59 -05:00
Stefan Metzmacher
6b5c55b0f0 r24037: only setup sasl wrapping after a successful bind 
metze
(This used to be commit 85d6cd3dfb5cbd9e899957265e352583ff608ed4)
 2007-10-10 12:28:58 -05:00
Günther Deschner
2349acdd43 r23973: For debugging, add (undocumented) net ads kerberos commands (kinit, renew, 
pac).

Guenther
(This used to be commit 4cada7c1485c9957e553d6e75cb6f30f4338489f)
 2007-10-10 12:28:51 -05:00
Günther Deschner
f659ffc0ee r23970: Allow to set the debuglevel at which to dump the PAC logon info. 
Guenther
(This used to be commit 7d321aad83cb7b9cc766bc89a886676337a2bad8)
 2007-10-10 12:28:50 -05:00
Günther Deschner
fce64f6833 r23969: Some helper routines to retrieve a PAC and PAC elements. 
Guenther
(This used to be commit d4c87c792a955be7d5ef59fc683fc48e3d8afe16)
 2007-10-10 12:28:50 -05:00
Volker Lendecke
f5033a1e62 r23953: Some C++ warnings 
(This used to be commit 8716edf157bf8866328f82eb6cf25e71af7fea15)
 2007-10-10 12:28:49 -05:00
Günther Deschner
e6875b1b45 r23951: Fix segfault. 
Guenther
(This used to be commit 1a5c8780ae79e5ae4e6a36bfb66cd92ae7d3aa88)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
14e81b3009 r23948: add gsskrb5 sign and seal support for LDAP connections 
NOTE: only for the "GSSAPI" SASL mech yet

metze
(This used to be commit a079b66384b15e9d569dded0d9d6bd830e1a6dfa)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
ea3c3b9272 r23946: add support for NTLMSSP sign and seal 
NOTE: windows servers are broken with sign only...

metze
(This used to be commit 408bb2e6e2171196a2bd314db181d9b124e931a1)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
07c034f7c4 r23945: add infrastructure to select plain, sign or seal LDAP connection 
metze
(This used to be commit 2075c05b3d8baa7d6d8510cd962471a5781740a6)
 2007-10-10 12:28:48 -05:00
Stefan Metzmacher
e0c4034393 r23943: - always provide ads_setup_sasl_wrapping() function 
- read/write returning 0 means EOF and we need to return direct

metze
(This used to be commit 885d557ae746c318df0aabc0a03dce1587918cce)
 2007-10-10 12:28:48 -05:00
Günther Deschner
9e0c550922 r23937: Use ads_config_path() when we need to know the configration context. 
Guenther
(This used to be commit 1a62c731c6259bf4285d3735bff8b191002553f7)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
00b27d2d69 r23933: - implement ctrl SASL wrapping hook 
- pass down sign or seal hooks
- some sasl wrapping fixes

metze
(This used to be commit 8c64ca3394489b28034310fe64d6998e49827196)
 2007-10-10 12:28:46 -05:00
Stefan Metzmacher
307e51ed14 r23926: implement output buffer handling for the SASL write wrapper 
metze
(This used to be commit 65ce6fa21adec704b3cde30c57001e5620f048e4)
 2007-10-10 12:28:45 -05:00
Stefan Metzmacher
7bef162aeb r23922: implement input buffer handling for the SASL read wrapper 
metze
(This used to be commit 7d8518ebd9470062b499b7074a940e14520e99f2)
 2007-10-10 12:28:42 -05:00
Stefan Metzmacher
8cd89a20ce r23918: not all ldap libraries support debugging 
metze
(This used to be commit 3f68189c9a319ac9cae76f6d2b586cbde6d31e3c)
 2007-10-10 12:28:41 -05:00
Stefan Metzmacher
d48dbc8bad r23916: use the correct io operations for debugging 
metze
(This used to be commit d745a1a71991f306c29b3c62f43d619177f79725)
 2007-10-10 12:28:41 -05:00
Stefan Metzmacher
77619f37a0 r23898: rename HAVE_ADS_SASL_WRAPPING -> HAVE_LDAP_SASL_WRAPPING 
metze
(This used to be commit 873eaff8febb50f00f9dac64c57b2a22c16f4f9b)
 2007-10-10 12:28:39 -05:00
Stefan Metzmacher
57dd25cccb r23893: add dummy callbacks for LDAP SASL wrapping, 
they're not used yet...

metze
(This used to be commit a3b97cdce719d9d5e82f26096c0e8c3a86ff3965)
 2007-10-10 12:28:39 -05:00
Stefan Metzmacher
809c9d4d31 r23888: move elements belonging to the current ldap connection to a 
substructure.

metze
(This used to be commit 00909194a6c1ed193dfdb296f50f58a53450583c)
 2007-10-10 12:28:38 -05:00
Stefan Metzmacher
2fc53c947b r23886: add ads_disconnect() function 
metze
(This used to be commit ba70737b7043cae89dd90f8668a24881212ac6fb)
 2007-10-10 12:28:38 -05:00
Günther Deschner
28041b6064 r23869: Protect against partial security descriptors. 
Guenther
(This used to be commit 0a96a11f01dd8c0d29fff1d97c3d666c32b33b59)
 2007-10-10 12:28:36 -05:00
Günther Deschner
ed0ffc5cef r23861: Fix return code in ads_find_samaccount(). 
Guenther
(This used to be commit 684fcf39dcc08bcf571272549222fdeb11d2725f)
 2007-10-10 12:28:35 -05:00
Günther Deschner
8d786a4e2b r23842: Attempt to fix the build with LDAP. 
Guenther
(This used to be commit efd817ae118da51058106ae97854572547e113d3)
 2007-10-10 12:28:33 -05:00
Günther Deschner
34d091f1c6 r23839: Try to get the attribute name from schema GUIDs or the display name from 
extended rights GUID from ad while dumping the security descriptors's aces.

This would perform much better with a guid cache, but for the rare cases where
it is used

	net ads search cn=mymachine ntSecurityDescriptor -U user%pass

it should be ok for now.

Guenther
(This used to be commit b36913433eb74203b29f2b7d412a86e60591ea22)
 2007-10-10 12:28:33 -05:00
Günther Deschner
b62ade20d0 r23838: Allow to store schema and config path in ADS_STRUCT config. 
Guenther
(This used to be commit 1d5b08326fa72bd3423b377a4e6243466e778622)
 2007-10-10 12:28:33 -05:00
Günther Deschner
9d6f8ed5e7 r23837: Pass ADS_STRUCT and TALLOC_CTX down to ads_disp_sd. 
Guenther
(This used to be commit ad0a6d5703c35d48ab5bbfa8d6506d42e0cfb61d)
 2007-10-10 12:28:32 -05:00
Günther Deschner
f05dcab9bf r23836: Add ads_config_path() and ads_get_extended_right_name_by_guid(). 
Guenther
(This used to be commit 4d62f1191b52569fcdbe674773b07a44aa469520)
 2007-10-10 12:28:32 -05:00
Günther Deschner
fd8dc4b561 r23835: Pass down a struct GUID to ads_get_attrname_by_guid() directly. 
Guenther
(This used to be commit a4d5206d0bcbee713790834f119b182e0b419e8c)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c252b04abf r23834: Allow to pass an ADS_STRUCT pointer down to the dump function callback in 
libads.

Guenther
(This used to be commit 311bbbafa6d860b7b632beac6d9249b0a2fafb86)
 2007-10-10 12:28:32 -05:00
Günther Deschner
c8e23e4091 r23833: Document ads_find_samaccount(). 
Guenther
(This used to be commit 3effd1c3461301f9ccf7c55386810c36f4ee3ccc)
 2007-10-10 12:28:31 -05:00
Günther Deschner
e7705f9eb9 r23829: Add ads_get_attrname_by_guid(). 
Guenther
(This used to be commit a84fd8300661fd895ed7a8a104b743628718dfc8)
 2007-10-10 12:28:31 -05:00
Günther Deschner
1c957f9559 r23826: Fix gpo security filtering by matching the security descriptor ace's for the 
extended apply group policy right.

Guenther
(This used to be commit d832014a6fef657f484412372b5d09047552b183)
 2007-10-10 12:28:31 -05:00
Günther Deschner
6d0141c17e r23820: Display security_ace_object in LDAP security descriptors for debugging. 
Guenther
(This used to be commit 3925e85812b2aded356866925382b1beb718cd44)
 2007-10-10 12:28:30 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address. 
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
 2007-10-10 12:28:27 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text 
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
 2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later. 
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
 2007-10-10 12:28:20 -05:00
Günther Deschner
221d06d6f3 r23772: Add ads_find_samaccount() helper function. 
Guenther
(This used to be commit 6fafa64bea4ce6a7a5917fa02ed9c564a7c93ffb)
 2007-10-10 12:23:55 -05:00
Günther Deschner
8ead92f06d r23654: Remove misleading inline comment. 
Guenther
(This used to be commit a3441c22b342e2802bd9766b7046073db3895a29)
 2007-10-10 12:23:42 -05:00
Günther Deschner
110e420196 r23651: Always, always, always compile before commit... 
Guenther
(This used to be commit accb40446ad3f872c5167fc2306d892553293b7b)
 2007-10-10 12:23:41 -05:00
Günther Deschner
3b1956f9d2 r23650: Fix remaining callers of krb5_kt_default(). 
Guenther
(This used to be commit b9d7a2962a472afb0c6b8e3ac5c2c819d4af2b39)
 2007-10-10 12:23:41 -05:00