summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2012-02-17s3-lib: Remove unused standard_sub_conn()Andrew Bartlett2-20/+0
2012-02-17s3-lib Remove unused sys_fcntl_long()Andrew Bartlett2-15/+0
2012-02-17s3-lib Remove unused sys_fseek()Andrew Bartlett2-18/+0
2012-02-17s3-registry Remove unused dup_registry_value() and free_registry_value()Andrew Bartlett2-56/+0
2012-02-17auth: Make more of the ntlmssp code private or staticAndrew Bartlett1-0/+1
Now that there is only one gensec_ntlmssp server, some of these functions can be static For the rest, put the implemtnation of the gensec_ntlmssp code into ntlmssp_private.h Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use common gensec_ntlmsspAndrew Bartlett3-40/+5
There is no longer any samba3-specific code left here. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use common gensec_ntlmssp_server_startAndrew Bartlett1-127/+1
This is now identical code, so there is no need to duplicate it. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use the gensec-supplied DNS domain name and hostname.Andrew Bartlett2-28/+76
Also have a reasonable fallback for when it is not set. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Allow NTLMSSP features to be disabled with smb.conf options for testingAndrew Bartlett1-9/+23
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use the lpcfg_ wrapper calls to set some variablesAndrew Bartlett1-31/+10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Remove a layer of indirection and reorder to match ↵Andrew Bartlett1-18/+15
gensec_ntlmssp_server_start()
2012-02-17s3-auth: Only allow LM_KEY cryptography when extra options are setAndrew Bartlett1-1/+6
This crypto is incredibly poor, and can technically be enabled on an otherwise more secure connection that uses NTLM for the actual authentication leg. Therefore disable it by default. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Inline ntlmssp_server_start() into gensec_ntlmssp3_server_start()Andrew Bartlett1-9/+60
This will help syncing this rotuine up with gensec_ntlmssp_server_start(). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth Use the common gensec_ntlmssp_update in gensec_ntlmssp3_serverAndrew Bartlett2-21/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Use common gensec_ntlmssp server functions for more of ↵Andrew Bartlett2-182/+3
gensec_ntlmssp3_server This is possible because we now supply the auth4_context abstraction that this code is looking for. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth: Add extra error messages on authentication or authorization failureAndrew Bartlett2-0/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett1-6/+6
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-auth Hook checking passwords and generating session_info via the ↵Andrew Bartlett3-59/+259
auth4_context This avoids creating a second auth_context, as it is a private pointer in the auth4_context that has already been passed in, and makes the gensec_ntlmssp code agnostic to the type of authentication backend behind it. This will in turn allow the ntlmssp server code to be further merged. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17s3-build: Use credentials_ntlm.c in the autoconf build as wellAndrew Bartlett1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett2-125/+3
gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
2012-02-17s3-gse: Allow kerberos key type OID to be optionalAndrew Bartlett1-4/+11
2012-02-17s3-gse: Fix OID to read for kerberos key typeAndrew Bartlett1-2/+2
2012-02-17s3-librpc: Remove backup declaration of GSS_C_DCE_STYLEAndrew Bartlett1-4/+0
All our supported krb5 libs provide this. Andrew Bartlett
2012-02-17s3-gse: Remove unused OID declarationAndrew Bartlett1-9/+0
2012-02-17Replace smbd_server_connection_loop_once() with tevent_loop_once() directly.Jeremy Allison1-63/+6
We no longer need to call poll() directly inside smbd ! Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Feb 17 02:49:13 CET 2012 on sn-devel-104
2012-02-16lib/util: Remove sys_poll as it is no longer neededAndrew Bartlett6-19/+14
sys_poll() is only needed if the signal pipe is set up and used, but as no signal handler ever writes to the pipe, this can all be removed. signal based events are now handled via tevent. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-02-16s3-librpc: Remove gse_verify_server_auth_flagsAndrew Bartlett1-50/+0
gensec_update() ensures that DCE-style and sign/seal are negotiated correctly for DCE/RPC pipes. Also, the smb sealing client/server already check for the gensec_have_feature(). This additional check just keeps causing trouble, and is 'protecting' an already secure negoitated exchange. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Feb 16 21:19:44 CET 2012 on sn-devel-104
2012-02-16s3-param Remove off-by-default and unused "send spnego principal"Andrew Bartlett2-11/+0
This is not honoured by the common SPNEGO code. This matches mondern windows versions which do not send this value, as it would be insecure for a client to rely on it. (See also the depricated client use spnego principal directive). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16s3-smbd Remove unused code now we always have SPNEGO via gensecAndrew Bartlett4-49/+7
This was previously needed because SPNEGO was only available in the AD DC. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16s3-librpc: Use gensec_spnego for DCE/RPC authenticationAndrew Bartlett10-1009/+42
This ensures that we use the same SPNEGO code on session setup and on DCE/RPC binds, and simplfies the calling code as spnego is no longer a special case in cli_pipe.c A special case wrapper function remains to avoid changing the application layer callers in this patch. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16s3-gse: Use the session key type, not the lucid context to set NEW_SPNEGOAndrew Bartlett1-67/+69
Using gss_krb5_export_lucid_sec_context() is a problem with MIT krb5, as it (reasonably, I suppose) invalidates the gssapi context on which it is called. Instead, we look to the type of session key which is negotiated, and see if it not AES (or newer). If we negotiated AES or newer, then we set GENSEC_FEATURE_NEW_SPENGO so that we know to generate valid mechListMic values in SPNEGO. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16s3-librpc: Remove unused bool gensec_hookAndrew Bartlett1-2/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16s3:rpc_client: fix commentStefan Metzmacher1-1/+1
metze
2012-02-16s3-librpc: make gensec result handling more genericAndrew Bartlett1-11/+11
This prepares us for handling SPNEGO via gensec Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-16Rename obscure defined constants.Christopher R. Hertel (crh)11-25/+27
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-16s3-selftest: Remove .posix_s3 from s3 test namesAndrew Bartlett1-1/+1
As far as I can tell, this simply referred to the posix_s3.sh script that originally ran these tests. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Feb 16 06:57:09 CET 2012 on sn-devel-104
2012-02-16selftest: Remove 'if have_ads_support:' from tests.pyAndrew Bartlett1-46/+32
The selftest system now skips launching these if the environment is not available. Andrew Bartlett
2012-02-16s3-smbd: Avoid starting log lines with the word 'error'Andrew Bartlett1-2/+10
2012-02-16s3-nmbd: Initialise newly non-static variablesAndrew Bartlett1-4/+4
Found by testing with wintest. When the variables were made non-static in c21f6a1c6869a5086634bb830d6c3689dea539a3 the implicit initialisation to 0 was lost. Andrew Bartlett
2012-02-15s3: Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY, bug 8760Volker Lendecke4-6/+40
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Feb 15 21:10:22 CET 2012 on sn-devel-104
2012-02-15s3-printing: fix crash in printer_list_set_printer()David Disseldorp1-1/+1
The printer list database format was recently changed to accommodate for the printcap location field. One of the tdb_pack calls is not provided with a location string argument, this causes a crash on some platforms. https://bugzilla.samba.org/show_bug.cgi?id=8762 Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Jim McDonough <jmcd@samba.org> Signed-off-by: Lars Müller <lars@samba.org> Autobuild-User: David Disseldorp <ddiss@samba.org> Autobuild-Date: Wed Feb 15 19:34:38 CET 2012 on sn-devel-104
2012-02-14s3: files_struct->mode is only written, remove itVolker Lendecke4-5/+0
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Feb 14 19:14:29 CET 2012 on sn-devel-104
2012-02-13s3-auth: On successful user mapping set mapped_to_guest to false.Sumit Bose1-0/+1
Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Mon Feb 13 13:09:10 CET 2012 on sn-devel-104
2012-02-13s3-selftest: Do not assume $USERNAME is the same as $DC_USERNAMEAndrew Bartlett1-3/+3
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Feb 13 06:13:38 CET 2012 on sn-devel-104
2012-02-13s3-build: expliticly require gssapi for HAVE_KRB5 and remove HAVE_GSSAPIAndrew Bartlett2-6/+1
The requirement for gss functions already make this happen, but this is clearer. No code depends on HAVE_GSSAPI any more. Andrew Bartlett
2012-02-13s3-libads: Move to using only the HAVE_KRB5 defineAndrew Bartlett2-13/+11
HAVE_KRB5 already implies that GSSAPI is present as well. Andrew Bartlett
2012-02-11mkversion: Add quotes around various version stringsAmitay Isaacs1-3/+3
This fixes compilation errors when VENDOR strings are specified. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Sat Feb 11 09:07:54 CET 2012 on sn-devel-104
2012-02-10s3-waf: add dependency on talloc or it won't build if talloc.h is not in the ↵Matthieu Patou2-5/+10
default include path The problem occurs only if talloc, tdb and ldb are used as system libraries and talloc is not installed in a default. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Feb 10 23:27:29 CET 2012 on sn-devel-104
2012-02-10s3-winbindd: set the can_do_validation6 also for trusted domainMatthieu Patou1-0/+2
The flag can_do_validation6 was only set for the domain to which winbindd is the member. Setting this flag in other domains (trusted domain) if it's active directory domain is a good idea as it allow to do level 6 validation also when winbindd is querying them directly.
2012-02-10s3:smbd/oplock_linux: don't overwrite private_dataStefan Metzmacher1-2/+0
We set ctx->private_data = sconn a few lines above and expect 'sconn' in the signal event handler. Thanks to Christian Ambach <ambi@samba.org> for the bug report. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Feb 10 21:48:18 CET 2012 on sn-devel-104