Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 3a2a8973bee1d7e4b21cf807ef549ad3498b4e9d)
|
|
but is not the same as the default case
metze
(This used to be commit 5fe88379ad2de0a346bb7155e74eb00cfa3ef44c)
|
|
metze
(This used to be commit f5240737629ccd57693f8fb162ba7baca53a4672)
|
|
I actually don't like this idea of sharing the request buffer
structure between client and server, and I'll see if I can convince
abartlet to revert it. It ties the two pieces of code far more
intimately than is justified, and will certainly lead to ugliness as
the client and server take different paths of development. I would far
prefer we just pass 2 arguments (pointer and length) to the signing
calls instead of 1 (the request).
(This used to be commit 70838a921185c091d0e774dd5fb0546693999e8f)
|
|
This breaks the request structure out into a common part between the
client and server, which the signing code now uses.
Andrew Bartlett
(This used to be commit 33de58455a3674e8fc803fb043d26af4e2794c30)
|
|
- This causes our client and server code to use the same core code,
with the same debugs etc.
- In turn, this will allow the 'mandetory/fallback' signing algorithms
to be shared, and only written once.
Updates to the SPNEGO code
- Don't wrap an empty token to the server, if we are actually already finished.
Andrew Bartlett
(This used to be commit 35b83eb329482ac1b3bc67285854cc47844ff353)
|
|
connection being removed between calls.
(This used to be commit 446306f054b27e903c50e1d96d23041e3a8e5705)
|
|
(This used to be commit 0c5a5632a8584e55a1013da634a279c6b3a9e085)
|
|
(This used to be commit 9af821c4dfa47d68be5e062028331c80df64f82b)
|
|
this fixes a crash bug in smbd with multiple RPC clients
(This used to be commit 6e102f732e4404fc5f9b2851d12b00d2d083b43d)
|
|
and call talloc_destroy(srv_conn->mem_ctx)
also don't follow NULL pointers
metze
(This used to be commit 786c00c3d4f510c870a45f11af69281298ba176d)
|
|
metze
(This used to be commit a8ec53c81ad939156654c9ad99a53aa2d679f711)
|
|
close_connection fn of a specific service
metze
(This used to be commit 0e1f5e66d37deb7a77ae9f545e60685428fd9d21)
|
|
metze
(This used to be commit d7dd5347dd9414cfa604eeb24cb2f6dc5f99e703)
|
|
destruction
(This used to be commit e966d8a1f398dc1ddf5843bc3327a3160f0d49f9)
|
|
this might explain the tdb corruption that metze found - it caused heap corruption that affected tdb
(This used to be commit 31d55dfb443612a341ff6ade77c6e4477c4fefca)
|
|
(This used to be commit fb5796b0dccf7cd518db03e6456d986f17e50345)
|
|
the end of RPC PDUs.
It turns out that NT3.1 adds junk onto the end of every PDU.
(This used to be commit a4a89cffd85c213a4d751c24ccda438e44df4d2e)
|
|
SPNEGO, but I'll leave andrew to tackle that.
(This used to be commit 5dd71be8d9e49277f17668877e47729c340f0f67)
|
|
must think carefully about packet chaining when dealing with any
authentication or SMB parsing issues. The particular problem here was
that a chained tconX didn't get the req->session setup after an
initial sesstion setup call, so the tconx used a bogus VUID.
(This used to be commit 6f2a335cd623211071b01d982d4e7c69b49a5602)
|
|
to a struct smbsrv_session that the same as cli_session for the client
we need a gensec_security pointer there
(spnego support will follow)
prefix some related functions with smbsrv_
metze
(This used to be commit f276378157bb9994c4c91ce46150a510de5c33f8)
|
|
Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.
In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.
Andrew Bartlett
(This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
|
|
(fix compiler warning)
metze
(This used to be commit 65147f5aa2a56220a387876d990a546beb93a2d7)
|
|
metze
(This used to be commit 463982bf3f37bac67e1aaa488e4142d0ecc23307)
|
|
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
|
|
metze
(This used to be commit fef597a76c0b0796ca834a31550cf279babe96fc)
|
|
and it seems to be raw krb5, but I need to do some tests
metze
(This used to be commit 01612927902ed5e4d0109fec453307cdcb95336f)
|
|
for DRSUapi (the Active Directory Replication Protocol)
I'll try to fill the idl file as part of a study project
together with some other students...
metze
(This used to be commit 3fc9abcad712c4cc5c9879df0acaa5a19a3d8718)
|
|
(on my SuSE 9.1)
so I disable it for now
metze
(This used to be commit 32d6f86d43394fea11ee5059c884dcaf2736747b)
|
|
(This used to be commit 2758c26ac96a62d7e0853e5d5fa95925ddce3420)
|
|
Andrew Bartlett
(This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)
|
|
- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
- The client code now remembers the hostname it connects to
- We now kinit for a user, if there is not valid ticket already
- Re-introduce clock skew compensation
TODO:
- See if the username in the ccache matches the username specified
- Use a private ccache, rather then the global one, for a 'new' kinit
- Determine 'default' usernames.
- The default for Krb5 is the one in the ccache, then $USER
- For NTLMSSP, it's just $USER
Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
|
|
- NULL in, NULL out
Andrew Bartlett
(This used to be commit 2cc0b3a2f1785c53268f018999a87c26539fd4a6)
|
|
Initial attempt at RAP server infrastructure. Look at rap_server.c for the
dummy functions that are supposed to implement the core functionality.
ipc_rap.c contains all the data shuffling. _rap_shareenum and _rap_serverenum2
in ipc_rap.c are (I think) regular enough to be auto-generated.
I did not test all the corner cases yet, but nevertheless I would like some
comments on the general style.
Volker
P.S: samba-3 smbclient now doesn't freak out anymore, although the results are
not entirely correct :-)
(This used to be commit 08140cc1a838b4eaa23c897b280a46c95b7ef3e0)
|
|
introduced by the "compiler warning fix" in rev 1460...
metze
(This used to be commit ffb7ba35cdb2fb19b8271a3585eef075948bef9c)
|
|
add the kinit code
metze
(This used to be commit 9a876be76cee3983676d8c89549162b5c4eba8b0)
|
|
our code
(This used to be commit ea5659b051f95402441e69ba4ce5aea1ed6f5c86)
|
|
this declaration:
int foo();
is *not* the same as this one:
int foo(void);
the first means "I don't know what arguments it takes". The second
means "it takes no arguments"
(This used to be commit 6724932810772a10e7e51d2f6f2b106c02eafb73)
|
|
PCH (in fact, it meant that PCH was a slowdown, not a speedup). To
gain speed with PCH you must ensure that the .gch file is compiled
with _exactly_ the same options as the normal object files.
this fixes the .gch build options
(This used to be commit 910ca1748648a58daaea6a04d5c96e6c62f79c40)
|
|
metze
(This used to be commit fc8d00b8ab28535da4ec0b7e6931bbf402a37013)
|
|
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
|
|
Andrew Bartlett
(This used to be commit 67ac9600664e93aa2fe9426127313b57ddaec2cf)
|
|
Andrew Bartlett
(This used to be commit 10a973da88441b255eda7cbc263ef5c4f2f0fcae)
|
|
and compile with gtk.
The --enable-developer option was just too noisy with buggy GTK headers.
Andrew Bartlett
(This used to be commit 54c3d98baf3d4f4b6fe40201b50922caf7364285)
|
|
Andrew Bartlett
(This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)
|
|
Andrew Bartlett
(This used to be commit 39d8949d25793e2602e0ab5ec37e213f9ccae658)
|
|
- Start working on 'gwsam'
- Add GtkSelectDomainDialog and GtkSelectHostDialog
(This used to be commit bea47671aa791f3c4d22263f9444aea1a73f47f1)
|
|
Add a missing file.
Volker
(This used to be commit 2bc6147c118a61f7f37f3414cce3df44625ade65)
|
|
Volker
(This used to be commit 1506da85b9e53c71a470b1ef0579e0096451b5a7)
|
|
(make sure to actually return the result).
Andrew Bartlett
(This used to be commit 8d449bbe2b9aa29315e894be1400a9475ef99468)
|