summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17288: Don't mess with entries in the local password prefix, and fix constAndrew Bartlett1-5/+21
warnings. Andrew Bartlett (This used to be commit 4569c58a42e1d65ae71ee57e391b9e3dbaba2218)
2007-10-10r17287: Add the local_password module to the tree, so it doesn't get lost inAndrew Bartlett3-3/+904
ldb API changes. Andrew Bartlett (This used to be commit 44806c67dbabe2952fe355de76d7fa51f772775f)
2007-10-10r17286: Simply fail the tls_initialise if we don't have TLS compiled in.Andrew Bartlett2-8/+13
Adjust the web_server code to cope with this. Andrew Bartlett (This used to be commit 3043969708edbdab58ee57e2fbffa293b6406813)
2007-10-10r17285: some reformatingStefan Metzmacher1-10/+23
metze (This used to be commit c865aea260dd22b8b5d63e60fd917a52ed719993)
2007-10-10r17284: move the input checking stuff from ntlmssp_update() into itsStefan Metzmacher1-40/+44
own function. metze (This used to be commit ee81ad57938a9f54533a0028b87fd84bde90db8d)
2007-10-10r17283: use the async calls of auth_check_password() and gensec_update()Stefan Metzmacher2-245/+330
in the smb server. metze (This used to be commit 216e02c69cf5914487f0000d836d1082795487b2)
2007-10-10r17282: test some simple operation with the LANMAN1 and LANMAN2 protocol,Stefan Metzmacher1-1/+7
that finally tests our RAW_SESSSETUP_OLD code metze (This used to be commit 43f99f11719374636d960fbc7b801ae69769aaf0)
2007-10-10r17281: we now have client/server max protolStefan Metzmacher1-1/+1
metze (This used to be commit 1d74291626399d283c180e136a3f7a8c27ecdb37)
2007-10-10r17280: NT_STATUS_INVALID_HANDLE maps to ERRbadfid, which is wrong in thisStefan Metzmacher1-14/+20
places, so only overwrite ERRbaduid and ERRinvnid when NTSTATUS support is given. metze (This used to be commit c70edc3fb8ef02ce12c784fad7ee9d5ac782bf98)
2007-10-10r17278: fix un uninitialized value found by valgrindStefan Metzmacher1-0/+1
metze (This used to be commit fe463bc568e8ac78ca161bcba3e867d33bb828b3)
2007-10-10r17277: we need to trigger an event when we return directly,Stefan Metzmacher1-1/+1
otherwise the callers callback function will not be called and the caller is hanging forever... metze (This used to be commit e231eba828486e68c9d3a246e1e0c943fdb8301c)
2007-10-10r17274: fix typosStefan Metzmacher1-2/+2
metze (This used to be commit 699dee70aaa13bddbe8be760033aa81dd583208a)
2007-10-10r17273: add an async version of auth_check_password() on the publicStefan Metzmacher2-31/+185
auth interface and implement the sync version as wrapper to auth_check_password_send/recv() as next all callers need to be converted to the async interface and then the modules metze (This used to be commit ed40bb3c16279f9727be67e889270da5efb8ddb9)
2007-10-10r17272: move the callback stuff into a substructureStefan Metzmacher1-8/+10
metze (This used to be commit c49e27d5d0289e3525f7f6197b031e7d300df81b)
2007-10-10r17270: split the logic of saying this auth backend wants to handle thisStefan Metzmacher7-41/+140
request from the password checking. This will help to make the password checking hook async later metze (This used to be commit 5b26cbc3428b4c186235cc08c9ace1c23f59dd7f)
2007-10-10r17268: change the smb2 session setup to use the new ↵Stefan Metzmacher1-61/+91
gensec_update_send/recv() api metze (This used to be commit 14ecc563431335c99df33f4a454b3b02380ae165)
2007-10-10r17267: - add an async interface for gensec_update() to the public gensec apiStefan Metzmacher2-0/+78
- note this is still uses the sync update() hook of the gensec modules but it allows me to fix the callers first Later auth_check_password() will also get an async version, so that we can later implement an async version of auth_winbind using async IRPC to the winbind task. metze (This used to be commit d5638a4fafd1d60ccc4cd76e92a1b2b0093865a7)
2007-10-10r17265: some reformattingStefan Metzmacher1-57/+27
metze (This used to be commit e4c28001d336f69534437d3eaae1ec8b52455cd9)
2007-10-10r17264: - remove unused includes from tallocStefan Metzmacher2-15/+17
- check explicit check for varargs.h as fallback from stdarg.h and fail the build if both are not present metze (This used to be commit b091d182fe8f36dfb67b7ede933a963b74034d91)
2007-10-10r17263: export talloc_free_children()Stefan Metzmacher1-0/+1
metze (This used to be commit 195754b169f68399008dda074181a2a16e4ecce5)
2007-10-10r17257: make the size_t is to small error more verboseStefan Metzmacher1-0/+4
(hopefully nobody will ever see this:-) metze (This used to be commit 196803a6c6a2588f0d3315bc38a56112ecb81349)
2007-10-10r17256: fix 2 crash bugs, which are introduced by making parametersStefan Metzmacher1-0/+3
ref pointers! I'm sure there're more places and more care is needed when idl files are changed. Hopefully testing against windows in the build farm find such bugs in future... Why is in the client library this no more possible: NTSTATUS foo([in,out,ref] uint8 *foo); and then just r.in.foo = &foo; status = dcerpc_foo(p, mem_ctx, &r); and r.out.foo will set to r.in.foo via pidl magic, that worked some time ago... metze (This used to be commit d8952f00c77ba59e0806b0de802ac28ac977779c)
2007-10-10r17255: fixed BENCH-NBENCH for new smb_raw_find_first() syntaxAndrew Tridgell1-1/+2
(This used to be commit 7b05c007ea0a8df994af62625b529a164a104903)
2007-10-10r17253: add configure checks for writev/readv to see how portable they'reStefan Metzmacher1-0/+3
metze (This used to be commit b5c06d5b4ca4da6d1b582a33830471443a62d842)
2007-10-10r17251: - split out the starttls into its own functionStefan Metzmacher1-42/+96
- give an operations error when tls is already on the socket metze (This used to be commit 9190d134c9be774c53f6dae52b7c4cdcc053d00f)
2007-10-10r17250: Fix comment, the Samba3 winbind protocol uses the host byte order here.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit dc4500eb902fbb0a0e7d3b38a9d257ea839d00d3)
2007-10-10r17243: some svcctl idl fixes from <andrzej.hajda@wp.pl>Stefan Metzmacher1-7/+7
metze (This used to be commit 7b136ddf488b7b4a1aae31c9927b027216e60ae5)
2007-10-10r17241: substitude @datarootdir@ with old autoconf versions:-)Stefan Metzmacher1-0/+1
metze (This used to be commit ed5ffc7bfc57c72bb95562c88bd2ec290daed10c)
2007-10-10r17240: move extended operations to a new fileStefan Metzmacher3-78/+98
metze (This used to be commit 0b16350fa2da39a66c4479dbf74182b06f7ed91a)
2007-10-10r17238: Add datarootdir (required for newer autoconf versions)Jelmer Vernooij1-0/+1
(This used to be commit c575dee5c76ca33a07ab62dc59f80ece1bd84abc)
2007-10-10r17237: - keep pointer to the different socketsStefan Metzmacher4-3/+10
- we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze (This used to be commit 10cb9c07ac60b03472f2b0b09c4581cc715002ba)
2007-10-10r17230: don't overwrite the error with NT_STATUS_NO_MEMORYStefan Metzmacher1-10/+7
metze (This used to be commit f2196bf9b662d3f38d59eceb8c54f9d2e3f7b505)
2007-10-10r17227: don't call a function which takes some nonoptional argsStefan Metzmacher1-9/+15
with NULL. metze (This used to be commit 3711b968adf8a0951171ad1a90be65a9ae0dc03b)
2007-10-10r17226: add some comments about ldap binds and pending requestsStefan Metzmacher1-0/+14
metze (This used to be commit e8db1fb55833ab7b9e0be391ff822b34682cb38c)
2007-10-10r17225: Fix the build by fixing the spelling of START-TLS.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 4827a6b171d7b007f1641ef422d23449fb5a1606)
2007-10-10r17224: Accept the start-tls extended request. Getting OpenLDAP to recogniseAndrew Bartlett1-1/+58
our certificate, and proceed with the connection is left as an exercise for the reader... Andrew Bartlett (This used to be commit 9bd66d4c95dd971e2b1b6371ba3ffc6c178c0d4c)
2007-10-10r17223: In some protocols it is not possible to negoitate off some features,Andrew Bartlett1-5/+3
without the agreement of the peer. This can cause problems, because one side things sealing is disabled, while the other thinks it is enabled. Andrew Bartlett (This used to be commit 68ddc4921f43252b3fba73e9d85cc38c359d599d)
2007-10-10r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett8-78/+148
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
2007-10-10r17221: Add some integer wrap parinoia to data_blob_append().Andrew Bartlett1-5/+18
Andrew Bartlett (This used to be commit 7c5a25a423da3db982396ac507df985fa934be73)
2007-10-10r17215: Prepare the SASL socket before actually settting it. This allowsAndrew Bartlett1-29/+51
errors to be reported corectly, rather than just dropping the socket. Andrew Bartlett (This used to be commit 83dd22accfd565e86d831490043d6beaa9648c96)
2007-10-10r17210: I wonder how I missed this, build farm caught it.Simo Sorce1-1/+1
(This used to be commit e0af5cf51dbedccfe47cfd6ec5232847f586ece8)
2007-10-10r17209: Add dependency over the new share configuration module into smbdSimo Sorce1-1/+2
Should fix some build farm machine (This used to be commit 15b8fafb991d3ce4b40c144702399d6f705a8e8e)
2007-10-10r17208: Add a away to test the ldb module.Simo Sorce2-0/+257
Actually you can't test both classic and ldb together, but you can replace the standard script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action (This used to be commit d4c2b893504feb3a232e74d14584405b3aaaf942)
2007-10-10r17207: Add the ldb based shares configuration moduleSimo Sorce2-0/+291
(This used to be commit df1da91d4fe0233763398f46fe663e0b879054c3)
2007-10-10r17206: Add a modular API for share configuration.Simo Sorce30-230/+1005
Commit the classic backwards compatible module which is the default one (This used to be commit a89cc346b9296cb49929898d257a064a6c2bae86)
2007-10-10r17205: Even if this makes me look foolish, at least start to scratch on the ↵Volker Lendecke2-24/+308
surface of spoolss. If snum is to be removed, then we should make at least the attempt to walk parts of the code before and after the changes. This walks GetPrinterInfo level 0-7. Volker (This used to be commit 0c05f571a0eda2412896f340b7c751cf7cbdbd2a)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett18-248/+639
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17196: Clarify that SSL is used for LDAP as well as SWAT.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit d79bfbe87d4eb0e3541f5bdd7eed888ccb20a710)
2007-10-10r17195: Start thinking how to implement extended operations.Simo Sorce2-0/+18
Ad supports three extended operations: - start tls - dynamic objects - fast binds none of these are a priority. (This used to be commit 523e8f3ed4bf5fcf9dc0c9e2100e4ac3b8032be7)
2007-10-10r17193: Remove ancient stuff never really usedSimo Sorce2-364/+0
(This used to be commit a6709196ca4d50fdb84a562cd8f49db4275bb1dc)