Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-03-16 | s3-build: stop including ldap and lber headers everywhere in the code. | Günther Deschner | 1 | -0/+1 | |
Instead use new header smb_ldap.h where all LDAP API related things are handled, while smbldap.h only deals with our smbldap_X() API. Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Mar 16 10:54:51 CET 2011 on sn-devel-104 | |||||
2011-03-10 | Quite some callers of sid_split_rid do not care about the rid | Volker Lendecke | 1 | -2/+1 | |
2011-02-27 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -10/+9 | |
2011-02-25 | s3-libads: make ndr_print_ads_auth_flags() static. | Günther Deschner | 2 | -2/+2 | |
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Fri Feb 25 01:55:26 CET 2011 on sn-devel-104 | |||||
2011-02-18 | s3-libads Remove MIT-specific krb5_princ_realm macro calls. | Andrew Bartlett | 1 | -55/+19 | |
When compiled against heimdal, we need to use a more elegant API. Andrew Bartlett | |||||
2011-02-11 | s3-libads: make ads_guess_service_principal static. | Günther Deschner | 3 | -71/+69 | |
Guenther | |||||
2011-02-10 | s3: give ../librpc/ndr/util.c its own header. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2011-01-21 | s3:libads: use dcerpc_spoolss_X() functions | Stefan Metzmacher | 1 | -2/+4 | |
metze Signed-off-by: Andreas Schneider <asn@samba.org> | |||||
2011-01-12 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -8/+8 | |
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 12 19:04:25 CET 2011 on sn-devel-104 | |||||
2011-01-07 | netlogon: move netlogon helpers to ../libcli/netlogon. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-12-10 | s3-libads Default to NOT using the server-supplied principal from SPNEGO | Andrew Bartlett | 1 | -3/+5 | |
This principal is not supplied by later versions of windows, and using it opens up some oportunities for man in the middle attacks. (Becuase it isn't the name being contacted that is verified with the KDC). This adds the option 'client use spnego principal' to the smb.conf (as used in Samba4) to control this behaivour. As in Samba4, this defaults to false. Against 2008 servers, this will not change behaviour. Against earlier servers, it may cause a downgrade to NTLMSSP more often, in environments where server names are not registered with the KDC as servicePrincipalName values. Andrew Bartlett | |||||
2010-11-20 | s3: Remove unused ads_get_attrname_by_oid | Volker Lendecke | 2 | -42/+0 | |
2010-11-20 | s3: Make ads_get_attrnames_by_oids static | Volker Lendecke | 2 | -8/+7 | |
2010-11-20 | s3: Make ads_ranged_search_internal static | Volker Lendecke | 2 | -14/+16 | |
2010-11-20 | s3: Fix some nonempty blank lines | Volker Lendecke | 1 | -8/+8 | |
2010-11-20 | s3: Remove unused ads_search_retry_extended_dn | Volker Lendecke | 2 | -19/+0 | |
2010-11-20 | s3: Make ads_do_search_retry_args() static | Volker Lendecke | 2 | -8/+4 | |
2010-10-12 | libcli/security Provide a common, top level libcli/security/security.h | Andrew Bartlett | 1 | -0/+1 | |
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104 | |||||
2010-09-23 | Fix bug 7694 - Crash bug with invalid SPNEGO token. | Jeremy Allison | 1 | -1/+2 | |
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server as we indirect the first returned value OIDs[0], which is returned as NULL. Jeremy. | |||||
2010-09-20 | s3-libads call common GUID_from_ndr_blob() | Andrew Bartlett | 1 | -19/+17 | |
This does a length-limited check, and so avoids reading beyond the allocated memory if the server sends less than 16 bytes. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-09-20 | s3: Replace sid_binstring and sid_guidstring with PIDL-based alternatives | Andrew Bartlett | 1 | -1/+2 | |
This reduces the manual marshalling of these structures by removing the duplication here. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-09-20 | s3-build: only include smbldap.h where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-09-15 | Fix all sid_parse returns to be checked. Tidy up some checks and error | Jeremy Allison | 1 | -1/+3 | |
messages. Jeremy. | |||||
2010-09-09 | Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder ↵ | Jeremy Allison | 1 | -3/+13 | |
<andreas.moroder@gmx.net>". Jeremy. | |||||
2010-09-07 | s3/libads: use monotonic clock for ldap connection timeouts | Björn Jacke | 2 | -2/+2 | |
2010-09-07 | s3/libads: use monotonic clock for DNS timeouts | Björn Jacke | 1 | -5/+5 | |
2010-08-31 | s3-libads: avoid crashing in ads_keytab_list(). | Günther Deschner | 1 | -0/+1 | |
Heimdal's krb5_kt_start_seq_get() will leave a non 0 fd in the krb5_kt_cursor struct when it cannot find a given keytab. Guenther | |||||
2010-08-30 | s3-krb: Reformat and add doxygen comment to decode_pac_data() | Simo Sorce | 1 | -63/+91 | |
Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-19 | s3-ads: Fix wrong test in if statement | Simo Sorce | 1 | -1/+1 | |
2010-08-18 | s3-ads: Remove unused wrapper and make function static | Simo Sorce | 1 | -27/+12 | |
2010-08-18 | s3-ads: cleanup ads_keytab_list() | Simo Sorce | 1 | -13/+16 | |
2010-08-18 | s3-ads: cleanup ads_keytab_create_default() | Simo Sorce | 1 | -113/+136 | |
2010-08-18 | s3-ads: cleanup ads_keytab_add_entry() | Simo Sorce | 1 | -57/+80 | |
2010-08-18 | s3-ads: Split, simplify and cleanup keytab functions | Simo Sorce | 1 | -169/+172 | |
add helper function for both smb_krb5_kt_add_entry_ext() and ads_keytab_flush() | |||||
2010-08-17 | s3-ads: Remove unused function and file | Simo Sorce | 2 | -30/+0 | |
2010-08-13 | s3-krb5 Only build ADS support if arcfour-hmac-md5 is available | Andrew Bartlett | 2 | -7/+4 | |
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org> | |||||
2010-08-06 | s3-krb5: include krb5pac.h where needed. | Günther Deschner | 2 | -0/+3 | |
Guenther | |||||
2010-08-05 | s3-secrets: only include secrets.h when needed. | Günther Deschner | 4 | -0/+4 | |
Guenther | |||||
2010-08-05 | s3: avoid global include of ads.h. | Günther Deschner | 20 | -82/+363 | |
Guenther | |||||
2010-07-31 | s3-printing: remove unused get_local_printer_publishing_data() call. | Günther Deschner | 1 | -14/+0 | |
Guenther | |||||
2010-07-31 | s3-build: avoid to globally include printing and spoolss headers. | Günther Deschner | 1 | -1/+2 | |
This shrinks precompiled headers by 3MB and will slightly speed up any build. Guenther | |||||
2010-07-30 | cleanups: Trailing spaces, line length, etc... | Simo Sorce | 1 | -111/+163 | |
2010-07-20 | s3-libsmb: Use data_blob_talloc to get krb5 ticket and session keys | Simo Sorce | 2 | -2/+4 | |
2010-07-20 | Add approriate TALLOC_CTX's thoughout the spnego code. No more implicit NULL ↵ | Jeremy Allison | 1 | -4/+4 | |
contexts. Jeremy. | |||||
2010-07-20 | Fix one more data_blob -> data_blob_talloc. Move away from implicit NULL ↵ | Jeremy Allison | 1 | -3/+6 | |
context tallocs. Jeremy. | |||||
2010-07-20 | Add TALLOC_CTX argument to spnego_parse_negTokenInit, reduce | Jeremy Allison | 1 | -1/+1 | |
use of malloc, and data_blob(). Jeremy. | |||||
2010-07-20 | Rename spnego_gen_negTokenTarg() -> spnego_gen_krb5_negTokenInit() | Jeremy Allison | 1 | -1/+1 | |
as this correctly describes what this function does. Jeremy. | |||||
2010-07-20 | Remove gen_negTokenTarg(), as it's not actually creating a TokenTarg frame, ↵ | Jeremy Allison | 1 | -1/+1 | |
but a TokenInit one. Move to using spnego_gen_negTokenInit() instead. Jeremy | |||||
2010-07-19 | Remove gen_negTokenInit() - change all callers to spnego_gen_negTokenInit(). | Jeremy Allison | 1 | -1/+2 | |
We now have one function to do this in all calling code. More rationalization to follow. Jeremy. | |||||
2010-07-19 | Remove parse_negTokenTarg(), as it's actually incorrect. We're processing | Jeremy Allison | 1 | -1/+1 | |
negTokenInit's here. Use common code in spnego_parse_negTokenInit(). Jeremy. |