Age | Commit message (Collapse) | Author | Files | Lines |
|
The validation of the mutual authentication reply produces no further
data to send to the server.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It up to the client to ask for GSS_C_MUTUAL_FLAG,
except for the dcerpc case, where the server is stricter.
metze
|
|
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it.
metze
|
|
The only user for this flag is called only directly after it was set.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec
is expecting in any case.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This make it clearer what type of flags these are and matches
gensec_gssapi
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also avoids passing NULL as the server to
gensec_set_target_hostname() in spnego_generic_init_client().
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
SPNEGO is implemented only in terms of gensec mechanisms now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The GSE layer is now used via the GENSEC module, so we do not need these
functions exposed any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also allows the spnego_parse_krb5_wrap() function to be shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow non-krb5 services to get the full user groups
without need to do an online s4u2self.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow gensec_gse to parse the PAC.
This is a copy from source3/rpc_server/dcesrv_generic.c to preserve
behaviour. A future commit will enable the samlogon cache.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan 18 16:21:52 CET 2012 on sn-devel-104
|
|
|
|
This reverts commit 5a2b5b6cfed74e0e9c2965525995f64cdad7b7c9.
|
|
But 8175 was fixed in a way that brlock.tdb was always locked before
locking.tdb. This patch fixes the bug in a different way. locking.tdb
is the central tdb for files and should always be locked first.
This patch solves the problem by postponing the level2 break messages,
which are async anyway.
|
|
This makes sure we do not deadlock from doing two dbwrap_fetch_locked in two
processes in different orders. At open time, we assign a strict order to all
databases. lock_order 1 will be locked first, lock_order 2 second. No two
records of the same lock order may be locked at the same time.
|
|
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jan 17 18:55:01 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 17 17:17:56 CET 2012 on sn-devel-104
|
|
This also restores the defaults from Samba 3.6.x:
"${libdir}" or "${libdir}/samba" in FHS mode.
metze
|
|
and datarootdir in Makefile
Otherwise $prefix is "NONE" without explicit --prefix
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jan 17 09:45:30 CET 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|