summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2012-01-20s3-libsmb: use struct gensec_security directlyAndrew Bartlett2-13/+13
This is rather than via a now one-element union. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-libcli Change krb5 smb sealing to call via gensec and gensec_gseAndrew Bartlett2-285/+82
This also fixes the support for smb sealing with krb5 in make test, as this now relies on secrets.tdb rather than /etc/krb5.keytab. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-gse: make sure GSS_C_CONF_FLAG implies GSS_C_INTEG_FLAGStefan Metzmacher1-0/+6
metze
2012-01-20s3-gse: implement fill_mem_keytab_from_[system|dedicated]_keytabStefan Metzmacher1-6/+234
metze
2012-01-20s3-gse: create memory keytab in gse_krb5_get_server_keytab()Stefan Metzmacher1-27/+25
The other functions just add entries to it. metze
2012-01-20s3-gse: fix SECRETS_AND_KEYTAB fallback in gse_krb5_get_server_keytab()Stefan Metzmacher1-6/+13
metze
2012-01-20s3:kerberos_verify: ads_dedicated_keytab_verify_ticket() only needs read accessStefan Metzmacher1-1/+1
metze
2012-01-20s3:smbd/proto.h: remove unused do_map_to_guest() prototypeStefan Metzmacher1-4/+0
metze
2012-01-20build: Add -lz to wbinfo to fix build on some hostsAndrew Bartlett1-1/+1
This is required after the rework of the object lists for gensec_gse Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jan 20 23:33:14 CET 2012 on sn-devel-104
2012-01-20s3: Fix the build on FreeBSD8Volker Lendecke1-5/+6
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Jan 20 21:58:04 CET 2012 on sn-devel-104
2012-01-20s3:configure.in: move gss_wrap_iov check to the other function checksStefan Metzmacher1-1/+1
This also makes sure we search for it if it's in -lgssapi instead of -lgssapi_krb5 or -lgss. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 20 20:23:13 CET 2012 on sn-devel-104
2012-01-20s3:configure.in: require gssapi for ads supportStefan Metzmacher1-0/+1
This matches the waf checks. metze
2012-01-20s3:configure.in: move krb5_set_real_time check to other function checksStefan Metzmacher1-2/+1
metze
2012-01-20s3:build: for now do not require gsskrb5_extract_authz_data_from_sec_contextStefan Metzmacher2-9/+10
We do not use it yet. metze
2012-01-20s3:configure.in: fix the shell logic in krb5 checksStefan Metzmacher1-1/+1
metze
2012-01-20s3-spoolss: fix printer_driver_files_in_use() call orderingDavid Disseldorp1-8/+10
printer_driver_files_in_use() performs two tasks: it returns whether any of the files in the to-be-deleted driver overlap with other drivers, it also trims such files from the info structure passed in. In processing a DeletePrinterDataEx request with DPD_DELETE_UNUSED_FILES set, printer_driver_files_in_use() must be called to ensure files in use by other drivers are not removed. https://bugzilla.samba.org/show_bug.cgi?id=4942 Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-20s3-spoolss: fix printer driver version deletionDavid Disseldorp1-167/+111
Spoolss delete printer driver code currently makes invalid version assumptions based on the architecture requested by the client. Ugly hacks are in place to cover removal of other versions (2 and 3). This change wraps multi version deletion in a simple for loop. Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-20s3-spoolss: prefix print$ path on driver file deletionDavid Disseldorp1-44/+37
Driver file paths stored in the registry do not include the server path prefix. delete_driver_files() incorrectly assumes such a prefix. https://bugzilla.samba.org/show_bug.cgi?id=8697 Signed-off-by: Andreas Schneider <asn@samba.org>
2012-01-19s3: Fix a typoVolker Lendecke1-1/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Jan 19 13:43:07 CET 2012 on sn-devel-104
2012-01-19Now make_connection_snum() is a static function that takes aJeremy Allison1-33/+26
connection_struct as a parameter, fix the interface to allow it to return an NTSTATUS. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 19 07:25:49 CET 2012 on sn-devel-104
2012-01-18Fix bug 8710 - connections.tdb - major leak with SMB2.Jeremy Allison3-22/+78
Ensure the cnum used to claim the connection for SMB2 is the id that will be used for the SMB2 tcon. Based on code from Ira Cooper <ira@wakeful.net>. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 18 23:14:32 CET 2012 on sn-devel-104
2012-01-18s3-aio-pthread: num threads should be intVolker Lendecke1-4/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Jan 18 21:04:20 CET 2012 on sn-devel-104
2012-01-18s3-gse: align common elements between gse_context and gensec_gssapi_stateAndrew Bartlett1-7/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gensec: Add hook to allow gensec to know if kerberos is permittedAndrew Bartlett1-0/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse: Make gensec_gse cope with non-DCE GSSAPIAndrew Bartlett1-5/+8
The validation of the mutual authentication reply produces no further data to send to the server. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse: the server should not check for GSS_C_MUTUAL_FLAGStefan Metzmacher1-6/+0
It up to the client to ask for GSS_C_MUTUAL_FLAG, except for the dcerpc case, where the server is stricter. metze
2012-01-18s3-gse: verify that we got GSS_C_DCE_STYLE when expectedStefan Metzmacher1-0/+11
GSS_C_DCE_STYLE implies GSS_C_MUTUAL_FLAG, so also check for it. metze
2012-01-18s3-gse Remove authenticated flag from gseAndrew Bartlett1-7/+0
The only user for this flag is called only directly after it was set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse remove special more_processing hook from gseAndrew Bartlett1-12/+2
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec is expecting in any case. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Rename gss_c_flags and ret_flags in gseAndrew Bartlett1-18/+18
This make it clearer what type of flags these are and matches gensec_gssapi Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Rename gss_ctx to match gensec_gssapi_contextAndrew Bartlett1-17/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Rename delegated_creds to match gensec_gssapi_contextAndrew Bartlett1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc: pass struct ndr_interface_table down to ↵Andrew Bartlett7-17/+16
cli_pipe_open_generic/spnego() This allows the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-utils/net: pass struct ndr_interface_table downAndrew Bartlett13-138/+137
This will allow the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-rpcclient: pass struct ndr_interface_table downAndrew Bartlett16-192/+187
This will allow the target service (as determined from the IDL) to be passed to GSSAPI (rather than the current, incorrect, "cifs"). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Make cli_rpc_pipe_open_spnego_ntlmssp() genericAndrew Bartlett5-130/+56
This also avoids passing NULL as the server to gensec_set_target_hostname() in spnego_generic_init_client(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse gss_wrap_iov_length() only needs the type and lengthStefan Metzmacher1-2/+4
metze
2012-01-18s3-gse Make seal parameter a boolean for clarityAndrew Bartlett1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove special case for spnego session keyAndrew Bartlett3-16/+8
SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove special case for spnego dcerpc sign/sealAndrew Bartlett1-92/+18
SPNEGO is implemented only in terms of gensec mechanisms now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Move GSS_C_DCE_STYLE backup definition to gse.cAndrew Bartlett2-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Add constAndrew Bartlett1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-gse Remove or make static unused/local-only GSE functionsAndrew Bartlett2-270/+33
The GSE layer is now used via the GENSEC module, so we do not need these functions exposed any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove unused dcesrv_gssapi.[ch] functionsAndrew Bartlett6-269/+1
The code from dcesrv_gssapi.c is now in source3/auth/auth_generic.c as an auth callback. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Remove layer around struct gensec_securityAndrew Bartlett3-13/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc: Simplify SPNEGO code now that all mechs use a struct gensec_securityAndrew Bartlett5-96/+32
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call SPENGO/GSSAPI via the auth_generic layer and gensecAndrew Bartlett6-231/+53
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Allow spnego_generic_init_client to handle kerberos tooAndrew Bartlett1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-librpc Call GSSAPI via the auth_generic layer and gensecAndrew Bartlett5-329/+17
This simplifies a lot of code, as we know we are always dealing with a struct gensec_security, and allows the gensec module being used to implement GSSAPI to be swapped when required for AD-server operation. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-18s3-libsmb Use the gse_krb5 gensec module as clientAndrew Bartlett2-2/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org>
generated by cgit (git 2.34.1) at 2024-07-02 04:17:40 +0000