Age | Commit message (Collapse) | Author | Files | Lines |
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This ensures that only gensec_update() will require an event context argument
when the API is refactored.
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
DCE/RPC clients
Because of the calling convention, this is the best place to assert
that we have not been subject to a downgrade attack on the negotiated
features. (In DCE/RPC, this isn't a negotiation, the client simply
specifies the level of protection that is required).
Andrew Bartlett
(some formatting fixes)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This uses the top level gensec_ntlmssp helper functions which are identical
to the parts of ntlmssp_wrap.c that are now not called.
(Includes formatting and correctness fixes from Metze)
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
If you do not specify one however, you better know that the modules
you are using do not need one!
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This moves the allocation of the ntlmssp pointer back to the callers.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
I have done plenty of work here, I deserve some of the blame :-)
Andrew Bartlett
|
|
smb.conf
If a user specified -W or --realm on the command line, then this is
of level SPECIFIED, not UNINITIALISED, despite it going via the
loadparm system.
This helps us to ensure that -W server -Ulocaluser is parsed the
same as -Userver\localuser. This matters as otherwise we might
instead attempt to use kerberos to the realm from the smb.conf.
Andrew Bartlett
|
|
If we specify a domain, then we indicate that we must use that domain
which overrides the credentials cache we found in the environment.
Andrew Bartlett
|
|
This reverts commit f7f6992a20dd29bd7643291e3b3d05bc8f6c9c76 because
75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which
was a race in ldb startup.
Andrew Bartlett
|
|
This reverts commit 16fd935fc659555c203354b6c96fc23a55be5a3b because
75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which
was a race in ldb startup.
Andrew Bartlett
|
|
This fixes a race when two processes initialise the same ldb database
at the same time. One of them could fail due to the other creating the
@BASEINFO record first.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Oct 18 03:54:42 CEST 2011 on sn-devel-104
|
|
|
|
this gives us ABI checking for libsmbclient so that the waf build will
prevent ABI breakage, and a public version number. The addition of the
pc file makes this library available via pkgconfig, including querying
of the version number
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 17 17:39:36 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 17 14:07:25 CEST 2011 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
By default the samba4 dlz_bind9 backend searches under
CN=MicrosoftDNS,DC=DomainDnsZones and CN=MicrosoftDNS,DC=ForestDnsZones.
In my samba4 test setup all DNS zones are under CN=MicrosoftDNS,CN=System.
After adding the attached patch it works fine for me.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Some Kerberos libraries don't do proper failover. This fixes the situation
where a KDC exists in DNS but is not reachable for some reason.
Ported to master by Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
|
|
Make ads_cldap_netlogon use it. It does not need the fancy multi stuff, but
excercising that code more often is better. And because we have to ask over the
network, the additional load should be neglectable.
Ported to master by Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Mon Oct 17 09:51:12 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Oct 16 01:31:21 CEST 2011 on sn-devel-104
|
|
This is the complementary part of patch
abe5afc580dcaaab70f136904d98fa83bfae7b6e for samba4.
|
|
By default we were checking this on the default folder for
tempfile.NamedTemporaryFile (usualy /tmp) but this folder can be mounted
on tmpfs (which didn't support xattr currently). Now we should check on
the filesystem where the provision will be done.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 15 00:38:28 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
"The 6to4 interface has the flags IFF_POINTTOPOINT interface but no
ifa_dstaddr as it's not at the IPv6 level a point to point interface
(at least from my understanding), as we don't have a IFF_BROADCAST
flag set (I have the impression that this flag is only set on a
interface that has also an IPv4 address) the first test is not valid
also, which result in a skipped interface."
|