Age | Commit message (Collapse) | Author | Files | Lines |
|
The remaining gssapi_parse functions were used exclusively in
gensec_krb5. Move them there and make them static.
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
to follow.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 11 02:29:04 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Mar 26 00:56:13 CEST 2012 on sn-devel-104
|
|
|
|
CommonCrypto/CommonDigest is available on Mac and there is function in
the libc for MD5 calculation. MD5Final is a C define of CC_MD5_Final.
Under some circumstance we have the symbol defined twice in samba
binaries on Snow Leopard at least.
By detecting CommonCrypto/CommonDigest we end up always using the system
version if available.
|
|
It's a bit confusing to mix low-level and high-level libraries. We had
multiple libraries in one directory, and there were have circular
dependencies with other libraries outside that directory (in this case,
samba-hostconfig).
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
|
|
This is in preparation of getting rid of chain_reply.
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
Thanks to Jeremy, Michael and Volker for the debugging!
metze
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Wed Feb 29 01:13:03 CET 2012 on sn-devel-104
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
gensec_ntlmssp3_server
This is possible because we now supply the auth4_context abstraction that this
code is looking for.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
As far as I am aware, we do not actually build on any platforms that
require this. The last Stratos VOS release on
ftp://ftp.stratus.com/vos/samba/samba.html was 3.0.5
Andrew Bartlett
|
|
|
|
RIP, long live zlib.
|
|
This reverts commit 88daf798fec56a99e5eb3aed67f3b58572d97d34.
This is not needed as 5c88cfcc525290d0ad1c322401685c60c1abdf10 is the better
fix, see https://bugzilla.samba.org/show_bug.cgi?id=8711
metze
|
|
This is required after the rework of the object lists for gensec_gse
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jan 20 23:33:14 CET 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 20 21:58:04 CET 2012 on sn-devel-104
|
|
The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also allows the spnego_parse_krb5_wrap() function to be shared.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This brings in part of the s4 gensec_gssapi as the boilerplate for the
new module.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 18 14:46:18 CET 2012 on sn-devel-104
|
|
as well.
Guenther
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 13 06:32:30 CET 2012 on sn-devel-104
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
To do this some defines need to move to common_auth.h
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
These were left around after the selftest.pl script was introduced.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jan 9 06:13:21 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
Compiles but not yet tested.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 5 01:43:51 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
metze
|
|
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.
Andrew Bartlett
|
|
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
|
|
It is importante to not use the database backend implementation
in the upgrade. Otherwise this would only work as long as this
is the newset version. In future versions of the registry, this
(then) intermediate upgrade step would change in behaviour and not
work as expected any more.
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
|
|
metze
|
|
metze
|
|
code
metze
|