summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-10-18gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett24-86/+93
This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth fix comment after s3 ntlmssp gensec moduleAndrew Bartlett1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett3-39/+77
This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
2011-10-18ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Refuse to seal if we did not negotiate to signAndrew Bartlett1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: Assert that we have not been subject to a downgrade attack in ↵Andrew Bartlett3-1/+48
DCE/RPC clients Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-smbd Give the nt error string when failing to set up encrypted transportAndrew Bartlett1-3/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett4-87/+229
This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18gensec: an event context is no longer mandetoryAndrew Bartlett1-10/+0
If you do not specify one however, you better know that the modules you are using do not need one! Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_stateAndrew Bartlett1-1/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett3-15/+28
This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett34-193/+220
This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18build: compile gensec_start.c and credentials.c in the autoconf buildAndrew Bartlett2-0/+53
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s4-s3-upgrade: Give a better clue when we cannot open secrets.tdbAndrew Bartlett2-2/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-18s3-auth Add my copyrightAndrew Bartlett2-2/+2
I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
2011-10-18credentials: Prioritise command-line specified options above defaults from ↵Andrew Bartlett3-3/+37
smb.conf If a user specified -W or --realm on the command line, then this is of level SPECIFIED, not UNINITIALISED, despite it going via the loadparm system. This helps us to ensure that -W server -Ulocaluser is parsed the same as -Userver\localuser. This matters as otherwise we might instead attempt to use kerberos to the realm from the smb.conf. Andrew Bartlett
2011-10-18s4-selftest When testing for a credentials cache, do not specify a domainAndrew Bartlett5-5/+5
If we specify a domain, then we indicate that we must use that domain which overrides the credentials cache we found in the environment. Andrew Bartlett
2011-10-18Revert "s4: Mark the winsreplication test as knownfail"Andrew Bartlett1-1/+1
This reverts commit f7f6992a20dd29bd7643291e3b3d05bc8f6c9c76 because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
2011-10-18Revert "s4:selftest: skip flakey samba4.nbt.winsreplication for now"Andrew Bartlett1-1/+0
This reverts commit 16fd935fc659555c203354b6c96fc23a55be5a3b because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
2011-10-18ldb: fixed a race in ldb initialisationAndrew Tridgell1-1/+9
This fixes a race when two processes initialise the same ldb database at the same time. One of them could fail due to the other creating the @BASEINFO record first. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 18 03:54:42 CEST 2011 on sn-devel-104
2011-10-18libsmbclient: initial ABI signaturesAndrew Tridgell1-0/+170
2011-10-18libsmbclient: add ABI checking and pc fileAndrew Tridgell2-2/+15
this gives us ABI checking for libsmbclient so that the waf build will prevent ABI breakage, and a public version number. The addition of the pc file makes this library available via pkgconfig, including querying of the version number Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-10-17Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman1-2/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
2011-10-17First part of fix for bug #8419 - Make VFS op "streaminfo" stackable.Frank Lahm8-14/+34
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
2011-10-17s3-waf: make sure we always build example pdb modules with --enable-developer.Günther Deschner3-1/+12
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 17 17:39:36 CEST 2011 on sn-devel-104
2011-10-17s3-passdb: fix the build of example pdb test module.Günther Deschner1-32/+1
Guenther
2011-10-17s3-auth: remove dead prototype.Günther Deschner1-1/+0
Guenther
2011-10-17s3-waf: make sure we always build example auth modules with --enable-developer.Günther Deschner3-0/+11
Guenther
2011-10-17s3-auth: fix the build of skel auth example module.Günther Deschner1-5/+20
Guenther
2011-10-17s4:dlz_bind9: add no memory checksStefan Metzmacher1-0/+4
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 14:07:25 CEST 2011 on sn-devel-104
2011-10-17s4:dlz_bind9: Copy dn before changing in b9_has_soaStefan Gohmann1-1/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-17s4:dlz_bind9: add missing earch bases for windows 2000 domainsStefan Gohmann1-0/+1
By default the samba4 dlz_bind9 backend searches under CN=MicrosoftDNS,DC=DomainDnsZones and CN=MicrosoftDNS,DC=ForestDnsZones. In my samba4 test setup all DNS zones are under CN=MicrosoftDNS,CN=System. After adding the attached patch it works fine for me. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-17s3: Before adding KDC's to the krb5.conf, cldap ping themVolker Lendecke3-49/+104
Some Kerberos libraries don't do proper failover. This fixes the situation where a KDC exists in DNS but is not reachable for some reason. Ported to master by Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
2011-10-17Add cldap_multi_netlogon_send/recvVolker Lendecke2-42/+314
Make ads_cldap_netlogon use it. It does not need the fancy multi stuff, but excercising that code more often is better. And because we have to ask over the network, the additional load should be neglectable. Ported to master by Stefan Metzmacher <metze@samba.org>
2011-10-17s4 provision: DNS backend should be set by callerKai Blin4-8/+13
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Mon Oct 17 09:51:12 CEST 2011 on sn-devel-104
2011-10-17s4 provision/dns: Clean up os level handlingKai Blin1-10/+12
2011-10-17s4 provision/dns: Clean up backend handlingKai Blin1-6/+13
2011-10-17s4 provision: Default to win2k3 domain function levelKai Blin1-1/+1
2011-10-17s4 provision: Reword opinionated dns backend help text, add NONE backendKai Blin2-5/+13
2011-10-17s4 provision: Rename bind9 flatfile backend to BIND9_FLATFILEKai Blin3-8/+8
2011-10-16provision: fix the docMatthieu Patou1-1/+1
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Oct 16 01:31:21 CEST 2011 on sn-devel-104
2011-10-16s4-interfaces: allow pure ipv6 to workMatthieu Patou1-1/+2
This is the complementary part of patch abe5afc580dcaaab70f136904d98fa83bfae7b6e for samba4.
2011-10-16s4: check that the xattr are supported in the folder where we want to provisionMatthieu Patou2-2/+9
By default we were checking this on the default folder for tempfile.NamedTemporaryFile (usualy /tmp) but this folder can be mounted on tmpfs (which didn't support xattr currently). Now we should check on the filesystem where the provision will be done.
2011-10-15Removed unused variable.Jeremy Allison1-1/+0
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 15 00:38:28 CEST 2011 on sn-devel-104
2011-10-14Remove unused function.Jeremy Allison1-18/+0
2011-10-14Fix printf warning.Jeremy Allison1-1/+1
2011-10-14Fix const warnings.Jeremy Allison1-4/+4
2011-10-14Fix const warnings.Jeremy Allison1-3/+3
2011-10-14Fix bug with Samba not recognising an 6to4 IPv6 interface.Matthieu Patou1-0/+13
"The 6to4 interface has the flags IFF_POINTTOPOINT interface but no ifa_dstaddr as it's not at the IPv6 level a point to point interface (at least from my understanding), as we don't have a IFF_BROADCAST flag set (I have the impression that this flag is only set on a interface that has also an IPv4 address) the first test is not valid also, which result in a skipped interface."