Age | Commit message (Collapse) | Author | Files | Lines |
|
The samba_server_gensec_start() has already set the credentials
on the gensec_security context.
Andrew Bartlett
|
|
when we change our build rules to move a C file, we need to remove the
old ('stale') .so and .o files from the build directory, or they may
be used as part of the new build, which means that old code will be
linked in.
This expands the list of stale files that we remove on rule changes to
include .so and .o files
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Oct 19 09:02:23 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Wed Oct 19 05:04:33 CEST 2011 on sn-devel-104
|
|
|
|
Modified code to handle -k and --kerberos options to:
1. Throw the correct exception
2. On error, display the correct user's specified option
|
|
Throw an exception when the --option value is invalid
|
|
Throw an exception when --option value is not in the form "a=b"
|
|
Raise exception when -d or --debuglevel value is <0
|
|
calculation.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Oct 19 03:10:40 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
When a DC goes down hard, winbind can end up in a 100% CPU loop. The next
(small) RPC request to the DC ends up as a trans2 request. If the connection
goes down, we end up trying to discard the request via the loop in
cli_state_notify_pending(). Because this is a trans2 request,
cli_smb_req_unset_pending will not kick in. Thus the pending array will always
remain at length 1.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 19 00:05:45 CEST 2011 on sn-devel-104
|
|
|
|
potential segfault
The second of two digits was read without checking for the length of the input
string. For a non-zero-terminated input string, this might have caused a
segfault.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue Oct 18 22:32:59 CEST 2011 on sn-devel-104
|
|
The description did not match the function's behaviour.
|
|
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Allows the user to store hex blobs in a tdb.
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
This interface needs to be publicly available, unid_t here is not really useful
and makes it harder to use it as unid_t is not a public union.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104
|
|
We do not need it on the auth_ntlmssp_state any longer.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104
|
|
This removes the need to have if (ans->gensec_security) everywhere.
Andrew Bartlett
|
|
This will allow it to be a wrapper around a gensec module, which
requires that they options be set on a context, but before the
mechanism is started.
This also simplfies the callers, by moving the lp_*() calls
into one place.
Andrew Bartlett
|
|
This can be an ordinary talloc child without causing any problem.
This seems to have been inherited from a time when ntlmssp_client_start()
returned malloc() based memory.
Andrew Bartlett
|
|
thanks to Volker for the content
Autobuild-User: Björn Jacke <bj@sernet.de>
Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104
|
|
If mappings use ID_TYPE_BOTH.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
|
|
This removes the smb.conf parameters per-database, replacing these
with hard-coded database names in well known (and configurable)
directories.
The wins.ldb is now always in the "state dir", rather than being in
both state and lock dir (ie, a bug).
Less smb.conf parameters means less parameters to try and sync up
between the loadparm subsystems.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 18 05:39:54 CEST 2011 on sn-devel-104
|
|
|
|
This will help with having "sidHistory" support in future.
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This ensures that only gensec_update() will require an event context argument
when the API is refactored.
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
DCE/RPC clients
Because of the calling convention, this is the best place to assert
that we have not been subject to a downgrade attack on the negotiated
features. (In DCE/RPC, this isn't a negotiation, the client simply
specifies the level of protection that is required).
Andrew Bartlett
(some formatting fixes)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This uses the top level gensec_ntlmssp helper functions which are identical
to the parts of ntlmssp_wrap.c that are now not called.
(Includes formatting and correctness fixes from Metze)
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
If you do not specify one however, you better know that the modules
you are using do not need one!
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This moves the allocation of the ntlmssp pointer back to the callers.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
I have done plenty of work here, I deserve some of the blame :-)
Andrew Bartlett
|
|
smb.conf
If a user specified -W or --realm on the command line, then this is
of level SPECIFIED, not UNINITIALISED, despite it going via the
loadparm system.
This helps us to ensure that -W server -Ulocaluser is parsed the
same as -Userver\localuser. This matters as otherwise we might
instead attempt to use kerberos to the realm from the smb.conf.
Andrew Bartlett
|
|
If we specify a domain, then we indicate that we must use that domain
which overrides the credentials cache we found in the environment.
Andrew Bartlett
|
|
This reverts commit f7f6992a20dd29bd7643291e3b3d05bc8f6c9c76 because
75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which
was a race in ldb startup.
Andrew Bartlett
|