Age | Commit message (Collapse) | Author | Files | Lines |
|
Remove checks and replace with krb5_c_string_to_key().
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
The remaining gssapi_parse functions were used exclusively in
gensec_krb5. Move them there and make them static.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
This is clearly a utiliy function generic to gensec. Also the 3 callers
had identical implementations. Provide a generic implementation for all
of them and avoid duplicating the code everywhere.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
|
|
|
|
|
|
se_access_check accepts.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar 14 05:08:03 CET 2012 on sn-devel-104
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar 14 02:26:34 CET 2012 on sn-devel-104
|
|
It's a bit confusing to mix low-level and high-level libraries. We had
multiple libraries in one directory, and there were have circular
dependencies with other libraries outside that directory (in this case,
samba-hostconfig).
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Mar 10 01:33:45 CET 2012 on sn-devel-104
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Sun Mar 4 15:10:38 CET 2012 on sn-devel-104
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
|
|
* FORCE_LEVELII_OPLOCKS
* ENABLE_HASH_V1
* ENABLE_HASH_V2
* ENCRYPT_DATA
|
|
|
|
* continuous avaliability
* cluster
* scaleout
|
|
* multi channel
* persistent handles
* directory leasing
* encryption
|
|
These are the tags for the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2
and SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2, the second version
of the SMB2_CREATE_DURABLE_HANDLE_REQUEST (DHnQ) and
SMB2_CREATE_DURABLE_HANDLE_RECONNECT (DHnC), which are only
available for SMB 2.2 (and newer).
|
|
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Sat Mar 3 09:04:40 CET 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Feb 29 09:01:54 CET 2012 on sn-devel-104
|
|
This uses the key diveration function from "NIST Special Publication 800-108"
in counter mode (section 5.1).
Thanks to Jeremy, Michael and Volker for the debugging!
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104
|
|
metze
|
|
This implements a simplified version of "NIST Special Publication 800-108" section 5.1
using hmac-sha256.
Thanks to Jeremy, Michael and Volker for the debugging!
metze
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Feb 27 14:26:32 CET 2012 on sn-devel-104
|
|
metze
|
|
smb2cli_conn_dispatch_incoming()
metze
|
|
metze
|
|
signing_key
The signing_key is fix across all channels and is used for session setups
on a channel binding.
Note:
- the last session setup response is signed with the new channel signing key.
- the reauth session setups are signed with the channel signing key.
It's also not needed to remember the main session key.
metze
|
|
metze
|
|
"n" is size_t, so it is always >=0.
|
|
has no permission for that, but token has SeTakeOwnershipPrivilege
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
|
|
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess. We will also get the client code in common very soon.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
gensec_gssapi
Thie ensures that both code bases use the same logic to determine the use
of NEW_SPNEGO.
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
|
|
The SMB1 negprot request already consumed the SMB2 sequence '0'.
This also happens for the SMB 2.02 case.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 27 15:27:41 CET 2012 on sn-devel-104
|
|
This allows the compiler to catch uses of incorrectly typed arguments
for [NT_STATUS|W_ERROR]_IS_OK() and [NT_STATUS|W_ERROR]_EQUAL(). I.e.
WERROR werr;
werr = my_fn(); /* XXX returns WERROR type */
if (NT_STATUS_EQUAL(werr, NT_STATUS_OBJECT_NAME_COLLISION)) {
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Jan 21 01:28:54 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This is rather than via a now one-element union.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also fixes the support for smb sealing with krb5 in make test, as
this now relies on secrets.tdb rather than /etc/krb5.keytab.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
Ensure we process the entire ACE list instead of returning ACCESS_DENIED
and terminating the walk - ensure we only return the exact bits that cause
the access to be denied. Some of the S3 fileserver needs to know if we
are only denied DELETE access before overriding it by looking at the
containing directory ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
|
|
|
|
|
|
|