Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-09-23 | s3-dcerpc: add spnego server helpers | Simo Sorce | 1 | -4/+75 | |
squashed: add michlistMIC signature checks Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-09-23 | s3-dsgetdcname: always pass in messaging context. | Günther Deschner | 1 | -26/+2 | |
Volker, please check. Guenther | |||||
2010-09-20 | s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. | Günther Deschner | 1 | -3/+4 | |
Guenther | |||||
2010-09-20 | s3-build: only include async headers where needed. | Günther Deschner | 11 | -1/+12 | |
Guenther | |||||
2010-09-17 | s3: fix order of arguments in nsec_time_diff call | Björn Jacke | 1 | -2/+2 | |
2010-09-17 | Fix array size of a memmber of struct cli_ulogoff_state | Sumit Bose | 1 | -1/+1 | |
The too small array makes UID-REGRESSION-FIX fail on 32bit architectures. Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-09-16 | s3: use nsec_time_diff instead of TspecDiff | Björn Jacke | 1 | -2/+2 | |
2010-09-15 | Fix all sid_parse returns to be checked. Tidy up some checks and error | Jeremy Allison | 1 | -1/+3 | |
messages. Jeremy. | |||||
2010-09-11 | s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs | Andrew Bartlett | 1 | -3/+1 | |
The idea of this patch is: Don't support a mix of different kerberos features. Either we should prepare a GSSAPI (8003) checksum and mark the request as such, or we should use the old behaviour (a normal kerberos checksum of 0 data). Sending the GSSAPI checksum data, but without marking it as GSSAPI broke Samba4, and seems well outside the expected behaviour, even if Windows accepts it. Andrew Bartlett | |||||
2010-09-10 | s3-errormap: map ERRSRV/ERRbaduid to NT_STATUS_USER_SESSION_DELETED | Stefan Metzmacher | 1 | -0/+2 | |
metze | |||||
2010-09-10 | s3-dsgetdcname: cleanup receive_getdc_response a little. | Günther Deschner | 1 | -14/+18 | |
Guenther | |||||
2010-09-09 | Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder ↵ | Jeremy Allison | 1 | -0/+5 | |
<andreas.moroder@gmx.net>". Jeremy. | |||||
2010-09-08 | s3: Remove a superfluous ; | Volker Lendecke | 1 | -1/+1 | |
2010-09-01 | s3: Print the IP of the server that stopped responding | Volker Lendecke | 1 | -1/+5 | |
2010-08-31 | s3: use monotonic clock for time deltas in namequery functions | Björn Jacke | 1 | -12/+12 | |
2010-08-30 | s3-kerberos: try to fix the build w/o kerberos support. | Günther Deschner | 1 | -1/+7 | |
Guenther | |||||
2010-08-26 | s3-build: only include krb5 environment variables where required. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-26 | s3-build: only include "fake_file.h" where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-21 | s3: Fix bug 7635 | Volker Lendecke | 1 | -2/+4 | |
2010-08-19 | s3-libsmbclient Convert dos error codes to NTstatus in async libsmbclient. | Jim McDonough | 2 | -8/+2 | |
DOS error codes were being lost with the conversion to async libsmbclient. If we're passing around NTSTATUS internally, let's just convert it when we get it. DOS ACCESS_DENIED on nautilus was not prompting for other credentials, because it was not being mapped. | |||||
2010-08-19 | s3-cli: fix uninitialized variable. | Günther Deschner | 1 | -1/+1 | |
Volker, please check. Guenther | |||||
2010-08-19 | s3-libsmb: fix some uninitialized variables. | Günther Deschner | 1 | -2/+2 | |
Volker, please check. Guenther | |||||
2010-08-18 | s3: async cli_list | Volker Lendecke | 2 | -396/+667 | |
2010-08-18 | s3: Add cli_flush | Volker Lendecke | 1 | -0/+83 | |
2010-08-18 | s3-build: only include smb_signing.h where needed. | Günther Deschner | 3 | -0/+3 | |
Guenther | |||||
2010-08-15 | s3: Remove some unused code | Volker Lendecke | 1 | -31/+0 | |
2010-08-14 | s3: Fix an uninitialized variable | Volker Lendecke | 1 | -0/+3 | |
2010-08-13 | s3-krb5 Only build ADS support if arcfour-hmac-md5 is available | Andrew Bartlett | 1 | -2/+0 | |
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org> | |||||
2010-08-10 | libcli/auth Make the source3/ implementation of the NTLMSSP server common | Andrew Bartlett | 1 | -527/+0 | |
This means that the core logic (but not the initialisation) of the NTLMSSP server is in common, but uses different authentication backends. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Split the NTLMSSP server into before and after authentication | Andrew Bartlett | 1 | -62/+148 | |
This allows for a future where the auth subsystem is async, and the session key generation needs to happen in a callback. This code is originally reworked into this style by metze for the source4/ implementation. The other change here is to introduce an 'out_mem_ctx', which makes the API match that used in source4. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Always call ntlmssp_sign_init() | Andrew Bartlett | 1 | -3/+1 | |
There is no code path that sets nt_status before this point, without a return. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for now | Andrew Bartlett | 1 | -2/+2 | |
This code will, I hope, soon be merged in common, and the Samba4 use case does not currently support talloc_tos() properly. Use another context for now. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2 | Andrew Bartlett | 1 | -1/+4 | |
This is another 'belts and braces' check to avoid the use of the weak 'LM_KEY' encryption when the client has chosen NTLMv2. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not available | Andrew Bartlett | 1 | -0/+15 | |
This ensures the client isn't confused and we don't enter this weaker authentication scheme when we don't really, really need to. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Don't use the lm key if the user didn't supply one. | Andrew Bartlett | 1 | -3/+3 | |
This may help to avoid a number of possible MITM attacks where LM_KEY is spoofed into the session. If the login wasn't with lanman (and so the user chose to disclose their lanman response), don't disclose back anything based on their lanman password. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Add extra DEBUG() message for auth system failures | Andrew Bartlett | 1 | -0/+2 | |
Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key' | Andrew Bartlett | 1 | -2/+4 | |
This will allow this to be handled via common code in the future Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-10 | libcli/auth Move some source3/ NTLMSSP functions to the common code. | Andrew Bartlett | 1 | -87/+0 | |
libcli/auth Use true and false rather than True and False in common code Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org> | |||||
2010-08-06 | s3-libsmb: include nbt.h in namequery_dc code. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-06 | s3-krb5: include krb5pac.h where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-06 | s3-rap: include svcctl.h where needed. | Günther Deschner | 1 | -0/+1 | |
Guenther | |||||
2010-08-06 | s3-passdb: include samr.h where needed. | Günther Deschner | 1 | -1/+1 | |
Guenther | |||||
2010-08-05 | s3: Remove some direct cli->inbuf references in interpret_long_filename | Volker Lendecke | 1 | -2/+2 | |
2010-08-05 | s3: Remove a pointless wrapper function | Volker Lendecke | 2 | -6/+1 | |
2010-08-05 | s3: Explicitly pass flags2 to clistr_pull_talloc | Volker Lendecke | 4 | -9/+22 | |
Required to eventually make cli_list async | |||||
2010-08-05 | s3: Remove some pointless wrapper functions | Volker Lendecke | 1 | -4/+7 | |
2010-08-05 | s3: Remove some pointless wrapper functions | Volker Lendecke | 4 | -16/+23 | |
2010-08-05 | s3: Save the received trans2 from the inbuf in cli_trans | Volker Lendecke | 5 | -15/+28 | |
2010-08-05 | s3-popt: Only include popt-common.h when needed. | Andreas Schneider | 2 | -0/+2 | |
2010-08-05 | s3-secrets: only include secrets.h when needed. | Günther Deschner | 2 | -0/+2 | |
Guenther |