IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
pending, which I know break lots of features, still passed our test
suite! Now they don't.
(This used to be commit 5801167c8dfc8a61bfeac396bca8ffd3d5270296)
possible. This is needed because w2k3 will return bogus IPs in its
name resolution replies when it has an unplugged network interface.
(This used to be commit 2fafc230520fb5bbe9f763de94aaba87b56f5411)
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
This won't actually work until I get the keyblock filled in again, but
at least it will compile.
I first need to decide if we want to keep the server-side gensec_krb5
code at all, now we have the GSSAPI layer doing what we want.
Andrew Bartlett
(This used to be commit 28e49de9293002ee89f0666144c9028daefdde88)
the 'PAC', required for interopability with Active Directory.
This is still a cludge, as it doesn't handle different encryption
types, but that should be fairly easy to fix (needs PIDL/IDL changes).
Andrew Bartlett
(This used to be commit 690cfc44cef9b349cc31417d8353b6ce1c7832e1)
keys appear at the end of the PAC, which I feel is deliberate (it
makes this much easier).
I still can't make it work, but I'm sure we are closer.
Andrew Bartlett
(This used to be commit 6f0e1c80ae7b1e31e7a3fbff84f07442ee5a31cf)
'mock GSSAPI'.
Many thanks to Luke Howard for the work he has done on Heimdal for
XAD, to provide the right API hooks in GSSAPI.
Next step is to verify the signatures, and to build the PAC for the
KDC end.
Andrew Bartlett
(This used to be commit 2e82743c98e563e97c5a215d09efa0121854d0f7)
a few minor issues.
Move ldb manpages one level higher - there is no longer a need to have
subdirectories.
(This used to be commit e8e3524b2394f4107230715ea38fb619332e0251)
the caller should free it
this fixed a double free bug noticed by
Дейтер Александр Валериевич <tiamat@komi.mts.ru>
metze
(This used to be commit ee1a5d5419f4d79af5c447a6b397a0f4dc89310a)
This builds on the work tridge did to make -lcrypt conditional, rather
than globally linked. This was needed for Heimdal stuff, but then I
'fixed' heimdal, and we now reintroduce it here.
Andrew Bartlett
(This used to be commit 83d9d8f4827280a68dfd07beccf2924c9e0825b0)
not having these platforms they are untested,
let's hope the buildfarm can catch any problem
(This used to be commit 08ec299dcbdc8dba12568b95b636866f147b2e7c)
in the ncacn_np trnaport
it's now supported to use the ip address in smbtorture for ncacn_np tests
that use dcerpc_server_name(),
and we can now pass the dns host name in the tree connect when we have the dns name
on the smbtorture command line
metze
(This used to be commit e29edbc7e62c738564ae842c9c01c969f5c70e5d)
list() returns a list of strings, but maybe it should be a list of
objects with size, attrib, short name etc.
(This used to be commit 696aa182d5a159c26b80829e1eae9a9894cb7986)
