summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-01-13auth/gensec: add some more functions from gensec_start.c to gensec.hStefan Metzmacher2-16/+37
metze
2012-01-13auth/gensec: make sure functions from gensec.c are in gensec.hStefan Metzmacher2-5/+7
metze
2012-01-13s4:auth/gensec: fix compiler warnings in spnego.cStefan Metzmacher1-3/+0
metze
2012-01-13s3-selftest The krb5 encrypted CIFS test was wrongAndrew Bartlett2-1/+4
Sadly this fails in the test environement for now. It needs a /etc/krb5.keytab which we do not provide. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jan 13 04:57:22 CET 2012 on sn-devel-104
2012-01-13selftest: Do not run symbol check if setting up testenvAmitay Isaacs1-1/+1
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Fri Jan 13 03:11:20 CET 2012 on sn-devel-104
2012-01-13Add comments to all functions (to help me understand it better).Jeremy Allison2-0/+32
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jan 13 01:35:03 CET 2012 on sn-devel-104
2012-01-12s3: Fix nested get_share_mode_lock callsVolker Lendecke1-5/+57
This forces us to only do one real get_share_mode_lock call and share the data between the nested get_share_mode_lock calls. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Move the share_mode_lock handling to its own fileVolker Lendecke4-417/+465
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Put an indirection layer into share_mode_lockVolker Lendecke9-173/+193
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Introduce get_share_mode_lock_fresh()Volker Lendecke7-41/+40
This slightly simplifies the code path for all callers which assume that a share mode exists already. Only the callers in open_file_ntcreate and open_directory will ever create new share modes. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Replace fill_share_mode_lock()Volker Lendecke1-84/+67
This replaces fill_share_mode_lock() with the two routines fresh_share_mode_lock() and parse_share_modes(). This lifts the decision whether a share mode already existed on level up. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s4:repl_cleartext_pwd.py: add optional 'clear_utf16_name' parameterStefan Metzmacher1-7/+17
Not all cleartext password (machine passwords) can be converted to utf8, let's export the raw uint16_t array. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 23:58:12 CET 2012 on sn-devel-104
2012-01-12s4:repl_cleartext_pwd.py: add 'attmode' parameter to convert the attname to utf8Stefan Metzmacher1-5/+22
metze
2012-01-12s4:repl_cleartext_pwd.py: correctly compare attids as uint32_t valuesStefan Metzmacher1-5/+10
metze
2012-01-12s3-waf: auth_netlogond depends on tldap.Andreas Schneider1-0/+1
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Thu Jan 12 17:33:10 CET 2012 on sn-devel-104
2012-01-12s3-waf: link SECRETS3 only against samba3util.Andreas Schneider1-1/+1
2012-01-12s3-waf: Create a smaller samba3util subsystem.Andreas Schneider1-7/+18
2012-01-12s4:pygensec/tests: add test for gensec_set_max_update_size()Stefan Metzmacher1-0/+54
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 14:47:05 CET 2012 on sn-devel-104
2012-01-12s4:auth/gensec/spnego: add support for fragmented spnego messagesStefan Metzmacher2-4/+206
metze
2012-01-12s4:pygensec: add set_max_update_size() and max_update_size() functionsStefan Metzmacher1-0/+25
metze
2012-01-12auth/gensec: add gensec_*max_update_size()Stefan Metzmacher3-0/+22
This is only a hint for the backend, which may want to fragment update tokens. metze
2012-01-12s3: Split a line with 1 statementsVolker Lendecke1-1/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Jan 12 13:10:19 CET 2012 on sn-devel-104
2012-01-12s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKENStefan Metzmacher2-0/+6
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
2012-01-12Revert "make paranoia check less paranoid" - check that key types strictly matchAndrew Bartlett1-1/+1
This reverts commit c25af51232616061bb08eea86aae595b4f029490 because otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
2012-01-12make hmac-md5 the keyed checksum type for arcfour-hmac-md5Andrew Bartlett1-1/+1
2012-01-12use ETYPE_DES3_CBC_SHA1 for the verify step in verify_mic_des3Andrew Bartlett1-0/+8
This allows a strict link between checksum types and key types to be enforced. Andrew Bartlett
2012-01-12heimdal: remove checking of KDC PAC signature, delegate to wdc pluginAndrew Bartlett1-12/+2
The checking of the KDC signature is more complex than it looks, it may be of a different enc type to that which the ticket is encrypted with, and may even be prefixed with the RODC number. This is better handled in the plugin which can easily look up the DB for the correct key to verify this with, and can also quickly determine if this is an interdomain trust, which we cannot verify the PAC for. Andrew Bartlett
2012-01-12auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett3-9/+5
2012-01-12s4-kdc Do the KDC PAC checksum validation in the Samba pluginAndrew Bartlett6-44/+152
Here we can fetch the right key, and check if the PAC is likely to be signed by a key that we know. We cannot check the KDC signature on incoming trusts. Andrew Bartlett
2012-01-12s4-kdc: use IDL constant NETLOGON_GENERIC_KRB5_PAC_VALIDATEAndrew Bartlett1-1/+1
2012-01-12samba-tool:dns: DNS names are case insensitiveAmitay Isaacs1-3/+3
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Thu Jan 12 06:43:01 CET 2012 on sn-devel-104
2012-01-12s4-rpc:dnsserver: DNS names are case insensitiveAmitay Isaacs3-17/+17
2012-01-12Ensure we always free aio_ex on all error paths by moving the TALLOC_FREEJeremy Allison3-3/+4
call out of smbd_aio_complete_aio_ex() and into the caller. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 12 03:10:52 CET 2012 on sn-devel-104
2012-01-11Second part of fix for bug #8673 - NT ACL issue.Jeremy Allison1-3/+4
Ensure we process the entire ACE list instead of returning ACCESS_DENIED and terminating the walk - ensure we only return the exact bits that cause the access to be denied. Some of the S3 fileserver needs to know if we are only denied DELETE access before overriding it by looking at the containing directory ACL. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
2012-01-11First part of fix for bug #8673 - NT ACL issue.Jeremy Allison1-18/+31
Simplify the logic in the unlink/rmdir calls - makes it readable (and correct).
2012-01-11lib/param: avoid talloc_reference() in copy_service()Stefan Metzmacher1-3/+3
The memory reduction compared of talloc_reference() over talloc_strdup() is typically very low. As the strings are typically short compared to the talloc header overhead. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 11 16:13:50 CET 2012 on sn-devel-104
2012-01-11s3-rpcclient: add deldriverex flags argumentDavid Disseldorp2-11/+14
The spoolss DeletePrinterDriverEx command offers three flags for controlling how associated files and other versions of the driver are effected: DPD_DELETE_UNUSED_FILES (1), DPD_DELETE_SPECIFIC_VERSION (2) and DPD_DELETE_ALL_FILES (4). This commit adds an optional numeric flags argument to the rpcclient deldriverex command. Signed-off-by: David Disseldorp <ddiss@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: David Disseldorp <ddiss@samba.org> Autobuild-Date: Wed Jan 11 14:39:35 CET 2012 on sn-devel-104
2012-01-11spoolss: fix DPD_DELETE_ALL_FILES error returnDavid Disseldorp1-2/+1
If DeletePrinterDriverEx is called with DPD_DELETE_ALL_FILES and files assigned to the to-be-deleted driver overlap with other drivers then an error is returned. Change the error code here to match Windows 2k8r2. Signed-off-by: David Disseldorp <ddiss@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-11s4:auth: Make sure to check the optional auth_context hooks before using themAndrew Bartlett1-18/+26
These are optional to supply - some callers only provide an auth_context for the other plugin functions, and so we need to deal with this cleanly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 11 10:49:13 CET 2012 on sn-devel-104
2012-01-11gensec: Make sure to check the optional auth_context hooks before using themAndrew Bartlett1-1/+1
These are optional to supply - some callers only provide an auth_context for the other plugin functions, and so we need to deal with this cleanly. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11gensec: Rename want_flags and got_flags in gensec_gssapiAndrew Bartlett2-27/+27
This make it clearer what type of flags these are. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11gensec: make gensec_gssapi.h commonAndrew Bartlett1-0/+0
This will make it easier to share elements of the GSSAPI gensec mechs, in much the same way elements of the NTLMSSP mech are shared. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc Supply target service and server to spnego_generic_init_client()Andrew Bartlett3-0/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc: Rename spnego_ntlmssp_init_client and make genericAndrew Bartlett3-5/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-libsmb: split out auth_generic client functions into auth_generic.cAndrew Bartlett5-129/+164
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc: rename get_ntlmssp_auth_footer to be more genericAndrew Bartlett1-5/+5
This can handle any gensec auth type now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc Set target service and server into gensecAndrew Bartlett1-0/+10
This will allow cli_rpc_pipe_open_generic_auth() to handle kerberos mechanisms. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc Rename and rework cli_rpc_pipe_open_ntlmssp() to be genericAndrew Bartlett5-48/+61
This also includes renaming the helper function rpccli_ntlmssp_bind_data, and allows this function to operate on any gensec-supplied auth type. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11s3-librpc Rename create_ntlmssp_auth_rpc_bind_req() to be more genericAndrew Bartlett1-6/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-11gensec: move gensec_util.c to the top levelAndrew Bartlett7-11/+23
To do this some defines need to move to common_auth.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>