| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
gensec_update() ensures that DCE-style and sign/seal are negotiated correctly
for DCE/RPC pipes. Also, the smb sealing client/server already check for the
gensec_have_feature().
This additional check just keeps causing trouble, and is 'protecting'
an already secure negoitated exchange.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104
|
|
metze
|
|
This is not honoured by the common SPNEGO code.
This matches mondern windows versions which do not send this value, as
it would be insecure for a client to rely on it. (See also the
depricated client use spnego principal directive).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This was previously needed because SPNEGO was only available in the AD DC.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Using gss_krb5_export_lucid_sec_context() is a problem with MIT krb5, as
it (reasonably, I suppose) invalidates the gssapi context on which it
is called. Instead, we look to the type of session key which is
negotiated, and see if it not AES (or newer).
If we negotiated AES or newer, then we set GENSEC_FEATURE_NEW_SPENGO
so that we know to generate valid mechListMic values in SPNEGO.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
This prepares us for handling SPNEGO via gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
.bzrignore can cause unwanted effects, if one e.g. maintains
a packaging (like debian) of the generated distribution in bzr.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu Feb 16 13:47:52 CET 2012 on sn-devel-104
|
|
.gitignore can cause unwanted effects, if one e.g. maintains
a packaging (like debian) of the generated distribution in git
|
|
|
|
|
|
so that the adminpass can be logged at the end
(otherwise we get "None")
|
|
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
As far as I can tell, this simply referred to the posix_s3.sh script
that originally ran these tests.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Feb 16 06:57:09 CET 2012 on sn-devel-104
|
|
The selftest system now skips launching these if the environment is not available.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
This will help weed out session key errors in the krb5 code.
Andrew Bartlett
|
|
Otherwise we may re-provision the dc just because we started it via s3member or s4member
first.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Found by testing with wintest. When the variables were made non-static in
c21f6a1c6869a5086634bb830d6c3689dea539a3 the implicit initialisation to 0
was lost.
Andrew Bartlett
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb 15 21:10:22 CET 2012 on sn-devel-104
|
|
The printer list database format was recently changed to accommodate for
the printcap location field.
One of the tdb_pack calls is not provided with a location string
argument, this causes a crash on some platforms.
https://bugzilla.samba.org/show_bug.cgi?id=8762
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Jim McDonough <jmcd@samba.org>
Signed-off-by: Lars Müller <lars@samba.org>
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Wed Feb 15 19:34:38 CET 2012 on sn-devel-104
|
|
This fixes an uninitialized read introduced by my fix for the tevent_signal
destructors. From looking at the code you might believe that this kicks in only
when talloc failed. But with -O3 I do see it in normal operations.
Sorry for that.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Wed Feb 15 17:58:37 CET 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Feb 14 19:14:29 CET 2012 on sn-devel-104
|
|
Now we can build the test binaries: the CCAN style is to compile
everything called "compile_ok*.c", compile and run everything called
"run*.c", compile, link with the module, and run everything called
"api*.c", and link any other C files (presumably test helpers) into
all the tests.
Unfortunately, actually passing that between the various parts of
wscript is painful, so I open-coded the names.
Also, the tests expect to be run in a (temporary) directory they can
pollute, with the test directory found in test/ (to find the canned
TDB files, for example).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Tue Feb 14 06:53:46 CET 2012 on sn-devel-104
|
|
1) Make sure we include "tdb_private.h" first, to get the right headers
(esp. the correct setting of _FILE_OFFSET_BITS before unistd.h).
2) Fix 3G file test since expand logic has changed.
3) Fix nested transaction test, since default is to allow nesting.
4) Capture fdatasync, which was slowing down transaction expand.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
We could use subunit, but that's overkill. Just print messages when
we fail, and use exit status.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
I pulled tdb into CCAN as an experiment a while ago; it doesn't belong
there, but it has accumulated some important unit tests.
These are copied from CCAN version init-1486-gc438ec1 with #include "../"
changed to #include "../common/".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
The most convenient way to write unit tests in C is to directly
#include the C files (CCAN uses this, for example). That works quite
well, but it means that tdb_private.h now needs to be protected
against multiple inclusions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
this mimics Word 2010 saving a file
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Mon Feb 13 18:33:43 CET 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Feb 13 15:06:29 CET 2012 on sn-devel-104
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Feb 13 13:09:10 CET 2012 on sn-devel-104
|
