summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-09-23selftest: run smb signing tests as part of make quicktestStefan Metzmacher1-0/+1
metze
2008-09-23selftest: test some smb signing combinations against the member serverStefan Metzmacher1-0/+40
metze
2008-09-23s4:smb_server: remove the bogus smbsrv_signing_restart()Stefan Metzmacher2-41/+2
Real signing always starts with seqnumber 2, and once signing is on the session key never change anymore for the complete smb connection. metze
2008-09-23libcli/smb_composite: for spnego session setups check the smb signature manuallyStefan Metzmacher1-23/+57
We need to start signing when we got NT_STATUS_OK from the server and manually check the signature of the servers response. This is needed as the response might be signed with the krb5 acceptor subkey, which comes within the server response. With NTLMSSP this happens for the session setup: request1 => BSRSPYL seqnum: 0 response1 => BSRSPYL seqnum: 0 request2 => BSRSPYL seqnum: 0 response2 => <SIGNATURE> seqnum: 1 and with krb5: request1 => BSRSPYL seqnum: 0 response1 => <SIGNATURE> seqnum: 1 metze
2008-09-23libcli/raw: real signing starts at seqnumber 2Stefan Metzmacher1-0/+1
metze
2008-09-23libcli/raw: in SMB_SIGNING_ENGINE_BSRSPYL state it's ok to accept any signatureStefan Metzmacher1-0/+2
Even if signing is mandatory. With NTLMSSP this happens for the session setup: request1 => BSRSPYL response1 => BSRSPYL request2 => BSRSPYL response2 => <SIGNATURE> and with krb5: request1 => BSRSPYL response1 => <SIGNATURE> metze
2008-09-23libcli/raw: give the caller the chance to do the signing checks on its own.Stefan Metzmacher2-0/+10
metze
2008-09-23libcli/raw: give the caller the chance to prevent the talloc_free(req) in ↵Stefan Metzmacher2-1/+8
the _recv functions metze
2008-09-23gensec_krb5: only give away the session key, when the authentication is doneStefan Metzmacher1-0/+4
metze
2008-09-23gensec_gssapi: only give away the session key, when the authentication is doneStefan Metzmacher1-4/+5
metze
2008-09-23ntlmssp: only give away the session key, when the authentication is doneStefan Metzmacher1-0/+4
metze
2008-09-23RPC-PAC: loop in gensec_update() untill the server side is readyStefan Metzmacher1-5/+1
metze
2008-09-23s3-nbt: remove old samba3 libcli/nbt copy.Günther Deschner2-979/+0
Guenther
2008-09-23[s3]winbindd_group: don't list the domain twice when expanding internal aliasesMichael Adam1-1/+1
Before this, "getent group builtin\\administrators" expanded domain group members in the form DOMAIN\domain\user. Michael
2008-09-23[s3]winbindd_group: sanely handle NULL domain in add_member().Michael Adam1-1/+5
Michael
2008-09-23[s3]winbindd_ads: honour "winbind use default domain" in lookup_groupmem().Michael Adam1-9/+11
This fixes the output of "getent group" when "winbind use default domain = yes" with security = ads. Michael
2008-09-23[s3]winbindd_rpc: add domain prefix to username in lookup_groupmem().Michael Adam1-1/+4
This makes the output of "getent group" of a domain group show the domain prefix with "security = domain". Michael
2008-09-23[s3]winbindd_util: add fill_domain_username_talloc().Michael Adam1-0/+27
A talloc version of fill_domain_username(). Michael
2008-09-23[s3]winbindd_util: add prototype for fill_domain_username_talloc().Michael Adam1-0/+4
A talloc version of fill_domain_username(). Michael
2008-09-23[s3]winbindd: fix a comment typoMichael Adam1-1/+1
Michael
2008-09-23[s3]winbind_util: fix an implicit cast compile warning.Michael Adam1-1/+1
Michael
2008-09-23s3-nbt: fix remaining callers of ndr_push/pull_struct_blob.Günther Deschner8-15/+15
Guenther
2008-09-23s3-nbt: use ../libcli/nbt helper.Günther Deschner2-18/+1
Guenther
2008-09-23s3: re-run make idl.Günther Deschner1-1/+1
Guenther
2008-09-23s3-nbt: refer to ../libcli/nbt in nbt.idl.Günther Deschner1-1/+1
Guenther
2008-09-23s4-nbt: use ../libcli/nbtGünther Deschner10-14/+14
Guenther
2008-09-23s4-nbt: move libcli/nbt up one level.Günther Deschner8-149/+149
Guenther
2008-09-23s4-nbt: merge some fixes from samba3 nbt helper.Günther Deschner2-24/+24
Guenther
2008-09-23s4-nbt: use private_data instead of private.Günther Deschner19-57/+57
Guenther
2008-09-23s3: use samba4 prototype for ndr_push/pull_struct_blob.Günther Deschner8-25/+29
Guenther
2008-09-23s3: re-run make idl.Günther Deschner3-7/+13
Guenther
2008-09-23s3-nbt: fix nbt.idl in order to use shared nbt helper.Günther Deschner1-3/+3
Guenther
2008-09-23s3-charset: add smb_iconv_convenience.Günther Deschner1-0/+2
Guenther
2008-09-23s4-nbt: remove unrequired include.Günther Deschner1-1/+0
Guenther
2008-09-23s4: add talloc_strdup_upper.Günther Deschner1-1/+7
Guenther
2008-09-22Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-develAndrew Bartlett9-1/+3756
2008-09-22Remove unused parameter from decode_pw_buffer and fail on invalidAndrew Bartlett3-13/+14
UTF-16 input The input checking is important, as otherwise we could set the wrong password. Andrew Bartlett
2008-09-22Remove unused variableAndrew Bartlett1-2/+0
2008-09-23Fix make pch in the merged buildVolker Lendecke1-1/+3
2008-09-22Explain why we use signing for DCs, but not file serversAndrew Bartlett1-0/+9
2008-09-22idmap_adex: Add new idmap plugin for support RFC2307 enabled AD forests.Gerald (Jerry) Carter9-0/+3753
The adex idmap/nss_info plugin is an adapation of the Likewise Enterprise plugin with support for OU based cells removed (since the Windows pieces to manage the cells are not available). This plugin supports * The RFC2307 schema for users and groups. * Connections to trusted domains * Global catalog searches * Cross forest trusts * User and group aliases Prerequiste: Add the following attributes to the Partial Attribute Set in global catalog: * uidNumber * uid * gidNumber A basic config using the current trunk code would look like [global] idmap backend = adex idmap uid = 10000 - 19999 idmap gid = 20000 - 29999 idmap config US:backend = adex idmap config US:range = 20000 - 29999 winbind nss info = adex winbind normalize names = yes winbind refresh tickets = yes template homedir = /home/%D/%U template shell = /bin/bash
2008-09-22Test re-setting the challenge after an auth3 in RPC-NETLOGONAndrew Bartlett1-0/+4
2008-09-22Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-develAndrew Bartlett8-1/+162
2008-09-22This torture test and skipping of the server-side check was bogus.Andrew Bartlett2-52/+1
The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
2008-09-22re-run make idl.Günther Deschner2-0/+8
Guenther
2008-09-22netapi: add more fields to USER_INFO_X.Günther Deschner1-0/+2
Guenther
2008-09-22netapi: add NetFile testsuite.Günther Deschner4-1/+151
Guenther
2008-09-22netapi: fix case statement in example NetUserSetModals code.Günther Deschner1-0/+1
Guenther
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher8-9/+10
metze
2008-09-22create-tarball: Adapt script to changed directory structure.Karolin Seeger1-3/+3
Karolin