| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2012-02-17 | auth/kerberos: Move gse_get_session_key() to common code and use in ↵ | Andrew Bartlett | 5 | -158/+155 | |
| gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett | |||||
| 2012-02-17 | s3-gse: Allow kerberos key type OID to be optional | Andrew Bartlett | 1 | -4/+11 | |
| 2012-02-17 | s3-gse: Fix OID to read for kerberos key type | Andrew Bartlett | 1 | -2/+2 | |
| 2012-02-17 | s3-librpc: Remove backup declaration of GSS_C_DCE_STYLE | Andrew Bartlett | 1 | -4/+0 | |
| All our supported krb5 libs provide this. Andrew Bartlett | |||||
| 2012-02-17 | s3-gse: Remove unused OID declaration | Andrew Bartlett | 1 | -9/+0 | |
| 2012-02-17 | wintest: give host longer to register the SRV record | Andrew Bartlett | 1 | -1/+1 | |
| 2012-02-17 | wintest: use net rpc to put authenticated users into TelentClients if we need to | Andrew Bartlett | 1 | -0/+13 | |
| 2012-02-17 | wintest: Allow Windows VM to have no default route | Andrew Bartlett | 1 | -3/+4 | |
| 2012-02-17 | Replace smbd_server_connection_loop_once() with tevent_loop_once() directly. | Jeremy Allison | 1 | -63/+6 | |
| We no longer need to call poll() directly inside smbd ! Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Feb 17 02:49:13 CET 2012 on sn-devel-104 | |||||
| 2012-02-16 | lib/util: Remove sys_poll as it is no longer needed | Andrew Bartlett | 8 | -110/+14 | |
| sys_poll() is only needed if the signal pipe is set up and used, but as no signal handler ever writes to the pipe, this can all be removed. signal based events are now handled via tevent. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> | |||||
| 2012-02-16 | lib/util: Remove unused sys_select_signal() | Andrew Bartlett | 2 | -19/+0 | |
| Now sys_poll needs to be cleaned up not to refer to the pipe that is now not used. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> | |||||
| 2012-02-16 | s3-librpc: Remove gse_verify_server_auth_flags | Andrew Bartlett | 1 | -50/+0 | |
| gensec_update() ensures that DCE-style and sign/seal are negotiated correctly for DCE/RPC pipes. Also, the smb sealing client/server already check for the gensec_have_feature(). This additional check just keeps causing trouble, and is 'protecting' an already secure negoitated exchange. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104 | |||||
| 2012-02-16 | docs-xml: remove docs for "send spnego principal" | Stefan Metzmacher | 1 | -28/+0 | |
| metze | |||||
| 2012-02-16 | s3-param Remove off-by-default and unused "send spnego principal" | Andrew Bartlett | 2 | -11/+0 | |
| This is not honoured by the common SPNEGO code. This matches mondern windows versions which do not send this value, as it would be insecure for a client to rely on it. (See also the depricated client use spnego principal directive). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
| 2012-02-16 | s3-smbd Remove unused code now we always have SPNEGO via gensec | Andrew Bartlett | 4 | -49/+7 | |
| This was previously needed because SPNEGO was only available in the AD DC. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
| 2012-02-16 | s3-librpc: Use gensec_spnego for DCE/RPC authentication | Andrew Bartlett | 10 | -1009/+42 | |
| This ensures that we use the same SPNEGO code on session setup and on DCE/RPC binds, and simplfies the calling code as spnego is no longer a special case in cli_pipe.c A special case wrapper function remains to avoid changing the application layer callers in this patch. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
| 2012-02-16 | s3-gse: Use the session key type, not the lucid context to set NEW_SPNEGO | Andrew Bartlett | 1 | -67/+69 | |
| Using gss_krb5_export_lucid_sec_context() is a problem with MIT krb5, as it (reasonably, I suppose) invalidates the gssapi context on which it is called. Instead, we look to the type of session key which is negotiated, and see if it not AES (or newer). If we negotiated AES or newer, then we set GENSEC_FEATURE_NEW_SPENGO so that we know to generate valid mechListMic values in SPNEGO. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
| 2012-02-16 | s3-librpc: Remove unused bool gensec_hook | Andrew Bartlett | 1 | -2/+0 | |
| Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
| 2012-02-16 | s3:rpc_client: fix comment | Stefan Metzmacher | 1 | -1/+1 | |
| metze | |||||
| 2012-02-16 | s3-librpc: make gensec result handling more generic | Andrew Bartlett | 1 | -11/+11 | |
| This prepares us for handling SPNEGO via gensec Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
| 2012-02-16 | wafsamba: exclude '.brzignore' from "make dist" | Michael Adam | 1 | -1/+1 | |
| .bzrignore can cause unwanted effects, if one e.g. maintains a packaging (like debian) of the generated distribution in bzr. Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Thu Feb 16 13:47:52 CET 2012 on sn-devel-104 | |||||
| 2012-02-16 | wafsamba: exclude '.gitignore' from "make dist" | Michael Adam | 1 | -0/+1 | |
| .gitignore can cause unwanted effects, if one e.g. maintains a packaging (like debian) of the generated distribution in git | |||||
| 2012-02-16 | wafsamba: fix blacklist handling in "make dist" | Michael Adam | 1 | -1/+1 | |
| 2012-02-16 | s4:provision: only print the adminpass if it was generated (not user-provided) | Michael Adam | 1 | -1/+5 | |
| 2012-02-16 | s4:provision: generate the adminpass provision() instead of provision_fill() | Michael Adam | 1 | -2/+3 | |
| so that the adminpass can be logged at the end (otherwise we get "None") | |||||
| 2012-02-16 | s4:provision: don't log the ldap admin password - it is internal only | Michael Adam | 1 | -3/+0 | |
| 2012-02-16 | s4-scripting: samba-tool: Fix domain info usage message | Björn Baumbach | 1 | -1/+1 | |
| Signed-off-by: Michael Adam <obnox@samba.org> | |||||
| 2012-02-16 | s4-selftest: fix output of opened connections in torture_holdcon | Björn Baumbach | 1 | -1/+1 | |
| Signed-off-by: Michael Adam <obnox@samba.org> | |||||
| 2012-02-16 | Rename obscure defined constants. | Christopher R. Hertel (crh) | 11 | -25/+27 | |
| Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104 | |||||
| 2012-02-16 | s3-selftest: Remove .posix_s3 from s3 test names | Andrew Bartlett | 3 | -10/+10 | |
| As far as I can tell, this simply referred to the posix_s3.sh script that originally ran these tests. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Feb 16 06:57:09 CET 2012 on sn-devel-104 | |||||
| 2012-02-16 | selftest: Remove 'if have_ads_support:' from tests.py | Andrew Bartlett | 2 | -64/+41 | |
| The selftest system now skips launching these if the environment is not available. Andrew Bartlett | |||||
| 2012-02-16 | s3-smbd: Avoid starting log lines with the word 'error' | Andrew Bartlett | 1 | -2/+10 | |
| 2012-02-16 | selftest: skip plugin_s4_dc if we do not have ADS | Andrew Bartlett | 1 | -0/+5 | |
| 2012-02-16 | selftest: Run nsstest against more environments | Andrew Bartlett | 1 | -4/+5 | |
| 2012-02-16 | selftest: skip targets that are not compiled in if we do not have ADS | Andrew Bartlett | 1 | -0/+25 | |
| 2012-02-16 | s3-selftest: Require SMB signing for ktest environment | Andrew Bartlett | 1 | -0/+1 | |
| This will help weed out session key errors in the krb5 code. Andrew Bartlett | |||||
| 2012-02-16 | selftest: Do not start up an already-running test environment | Andrew Bartlett | 2 | -0/+8 | |
| Otherwise we may re-provision the dc just because we started it via s3member or s4member first. Andrew Bartlett | |||||
| 2012-02-16 | selftest: Make plugin_s4_dc set the cached environment correctly | Andrew Bartlett | 1 | -10/+12 | |
| 2012-02-16 | wintest: update WinXP-1 snapshot | Andrew Bartlett | 1 | -1/+1 | |
| 2012-02-16 | wintest: Change Windows 7 VM | Andrew Bartlett | 1 | -3/+3 | |
| 2012-02-16 | wintest: Give the Windows VM a little more time to start back up | Andrew Bartlett | 1 | -1/+1 | |
| 2012-02-16 | wintest: Samba is now all version 4.0 | Andrew Bartlett | 1 | -4/+4 | |
| 2012-02-16 | wintest: Cope with nc not timing out even when -w 1 is specified | Andrew Bartlett | 1 | -2/+16 | |
| 2012-02-16 | wintest: s3 moved smb.conf to /etc | Andrew Bartlett | 1 | -2/+2 | |
| 2012-02-16 | wintest: Update VM used for W2K8R2A | Andrew Bartlett | 1 | -2/+2 | |
| 2012-02-16 | wintest: Allow access denied when turning off the firewall | Andrew Bartlett | 1 | -2/+2 | |
| 2012-02-16 | wintest: Retry joining the domain a few times | Andrew Bartlett | 1 | -4/+12 | |
| 2012-02-16 | wintest: connect to correct hostname in test_net_use | Andrew Bartlett | 2 | -4/+4 | |
| 2012-02-16 | s3-nmbd: Initialise newly non-static variables | Andrew Bartlett | 1 | -4/+4 | |
| Found by testing with wintest. When the variables were made non-static in c21f6a1c6869a5086634bb830d6c3689dea539a3 the implicit initialisation to 0 was lost. Andrew Bartlett | |||||
| 2012-02-15 | s3: Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY, bug 8760 | Volker Lendecke | 4 | -6/+40 | |
| Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Feb 15 21:10:22 CET 2012 on sn-devel-104 | |||||
 |
index : samba | |
| Unnamed repository; edit this file 'description' to name the repository. | ben |
| summaryrefslogtreecommitdiff |