Age | Commit message (Collapse) | Author | Files | Lines |
|
auth4_context
This avoids creating a second auth_context, as it is a private pointer
in the auth4_context that has already been passed in, and makes the
gensec_ntlmssp code agnostic to the type of authentication backend
behind it. This will in turn allow the ntlmssp server code to be
further merged.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
gensec_gssapi
Thie ensures that both code bases use the same logic to determine the use
of NEW_SPNEGO.
Andrew Bartlett
|
|
|
|
|
|
All our supported krb5 libs provide this.
Andrew Bartlett
|
|
|
|
We no longer need to call poll() directly inside smbd !
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Feb 17 02:49:13 CET 2012 on sn-devel-104
|
|
sys_poll() is only needed if the signal pipe is set up and used, but as
no signal handler ever writes to the pipe, this can all be removed.
signal based events are now handled via tevent.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
gensec_update() ensures that DCE-style and sign/seal are negotiated correctly
for DCE/RPC pipes. Also, the smb sealing client/server already check for the
gensec_have_feature().
This additional check just keeps causing trouble, and is 'protecting'
an already secure negoitated exchange.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104
|
|
This is not honoured by the common SPNEGO code.
This matches mondern windows versions which do not send this value, as
it would be insecure for a client to rely on it. (See also the
depricated client use spnego principal directive).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This was previously needed because SPNEGO was only available in the AD DC.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This ensures that we use the same SPNEGO code on session setup and on
DCE/RPC binds, and simplfies the calling code as spnego is no longer
a special case in cli_pipe.c
A special case wrapper function remains to avoid changing the
application layer callers in this patch.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Using gss_krb5_export_lucid_sec_context() is a problem with MIT krb5, as
it (reasonably, I suppose) invalidates the gssapi context on which it
is called. Instead, we look to the type of session key which is
negotiated, and see if it not AES (or newer).
If we negotiated AES or newer, then we set GENSEC_FEATURE_NEW_SPENGO
so that we know to generate valid mechListMic values in SPNEGO.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
This prepares us for handling SPNEGO via gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
As far as I can tell, this simply referred to the posix_s3.sh script
that originally ran these tests.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Feb 16 06:57:09 CET 2012 on sn-devel-104
|
|
The selftest system now skips launching these if the environment is not available.
Andrew Bartlett
|
|
|
|
Found by testing with wintest. When the variables were made non-static in
c21f6a1c6869a5086634bb830d6c3689dea539a3 the implicit initialisation to 0
was lost.
Andrew Bartlett
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb 15 21:10:22 CET 2012 on sn-devel-104
|
|
The printer list database format was recently changed to accommodate for
the printcap location field.
One of the tdb_pack calls is not provided with a location string
argument, this causes a crash on some platforms.
https://bugzilla.samba.org/show_bug.cgi?id=8762
Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Jim McDonough <jmcd@samba.org>
Signed-off-by: Lars Müller <lars@samba.org>
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Wed Feb 15 19:34:38 CET 2012 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Feb 14 19:14:29 CET 2012 on sn-devel-104
|
|
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Feb 13 13:09:10 CET 2012 on sn-devel-104
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 13 06:13:38 CET 2012 on sn-devel-104
|
|
The requirement for gss functions already make this happen, but
this is clearer. No code depends on HAVE_GSSAPI any more.
Andrew Bartlett
|
|
HAVE_KRB5 already implies that GSSAPI is present as well.
Andrew Bartlett
|
|
This fixes compilation errors when VENDOR strings are specified.
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Sat Feb 11 09:07:54 CET 2012 on sn-devel-104
|
|
default include path
The problem occurs only if talloc, tdb and ldb are used as system
libraries and talloc is not installed in a default.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
|
|
The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
|
|
We set ctx->private_data = sconn a few lines above
and expect 'sconn' in the signal event handler.
Thanks to Christian Ambach <ambi@samba.org> for the
bug report.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb 10 21:48:18 CET 2012 on sn-devel-104
|
|
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Feb 10 20:14:12 CET 2012 on sn-devel-104
|
|
|
|
Setting the creation time through SetFileTime on a GPFS file system and
querying it with GetFileTime shows a mismatch.
The vfs_gpfs module first retrieves the information from the operating
system and the flag st_ex_calculated_birthtime is set to false. When
vfs_gpfs retrieves the birthtime from GPFS the flag
st_ex_calculated_birthtime has to be set to true. Otherwise the birth
time will get overwritten by a call to update_stat_ex_mtime, reporting
the wrong time to a client system.
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
metze
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
metze
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
metze
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
metze
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri Feb 10 16:44:23 CET 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Feb 10 15:02:51 CET 2012 on sn-devel-104
|
|
Also remove the unused configure tests for krb5_c_enctype_compare.
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Also remove the unused configure tests for krb5_c_enctype_compare.
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Also remove now-unused configure checks for krb5_mk_error().
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|
|
piddir.c calls lp_piddir() directly.
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html
Andrew Bartlett
|