summaryrefslogtreecommitdiff
path: root/source3
AgeCommit message (Collapse)AuthorFilesLines
2011-08-05s3:rpc_transport_tstream: only use tstream_cli_np_use_trans() for sync requestsStefan Metzmacher1-0/+6
Currently the caller doesn't cope with multiple async requests anyway, so this is just protection for the future. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Aug 5 22:31:12 CEST 2011 on sn-devel-104
2011-08-05s3: Make srv_enc_ctx staticVolker Lendecke2-2/+1
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Aug 5 18:29:24 CEST 2011 on sn-devel-104
2011-08-05s3: Fix a debug messageVolker Lendecke1-1/+1
2011-08-05s3: Fix some nonempty blank linesVolker Lendecke2-6/+6
2011-08-05s3: Fix "ISO C90 forbids mixed declarations and code"Volker Lendecke1-7/+7
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Aug 5 16:58:37 CEST 2011 on sn-devel-104
2011-08-05s3: Fix some nonempty blank linesVolker Lendecke1-25/+25
2011-08-05s3: make linking of pthreadpooltest work on more platformsBjörn Jacke1-1/+1
Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Fri Aug 5 12:48:55 CEST 2011 on sn-devel-104
2011-08-05s3/ldap: delay the ldap search alarm termination a bitBjörn Jacke1-2/+13
do the alarm termination of the the ldap search a bit delayed so the LDAP server has a chance to tell us that the time limit was reached and the search was abandoned. If the search is terminated this way we also get the correct LDAP return code in the logs. If alarm() stops the search the ldap search routine will report that the LDAP server is down which would trigger us to rebind to the server needlessly which we also want to avoid.
2011-08-04s3-nmbd: fix talloc/malloc mismatch in create_listen_pollfds().Günther Deschner1-1/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Thu Aug 4 19:06:39 CEST 2011 on sn-devel-104
2011-08-04s3/swat: use strlcat instead of strncat to fix build on old Linux distrosBjörn Jacke1-1/+1
SLES 9's glibc for example had weird macros where the use of strncat resulted in the use of strcat which we don't allow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Thu Aug 4 17:50:24 CEST 2011 on sn-devel-104
2011-08-04s3-ntlmssp void function cannot return valueAndrew Bartlett1-3/+3
Removing the return is reasonable here because while no callers currently specify more than one flag at a time, the ntlmssp_want_feature code allows it. Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Aug 4 02:19:46 CEST 2011 on sn-devel-104
2011-08-03s3: Fix some nonempty blank linesVolker Lendecke1-19/+18
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Wed Aug 3 22:00:19 CEST 2011 on sn-devel-104
2011-08-03s3-printing: fix some build warnings in queue_process.cGünther Deschner1-1/+2
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Aug 3 17:48:33 CEST 2011 on sn-devel-104
2011-08-03ntlmssp: Add ntlmssp_blob_matches_magic()Andrew Bartlett2-2/+2
This avoids having the same check in 3 different parts of the code Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
2011-08-03s3-ntlmssp Remove rudundent commentAndrew Bartlett1-1/+0
This is explained where SESSION_KEY maps to SIGN at the NTLMSSP layer Andrew Bartlett
2011-08-03s3-ntlmssp Remove a level of nesting in if/else statementAndrew Bartlett1-3/+2
2011-08-03selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett6-1/+45
Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
2011-08-03s3-ntlmssp clarify session key behaviour after create_local_token() changesAndrew Bartlett1-2/+1
2011-08-03s3-ntlmssp Remove auth_ntlmssp_state_destructor, use the talloc tree insteadAndrew Bartlett1-16/+5
2011-08-03s3-auth directly return the result of make_server_info_guest()Andrew Bartlett1-2/+2
2011-08-03s3-auth rename auth_ntlmssp_steal_session_info()Andrew Bartlett5-14/+14
There is no longer any theft of memory as the underlying routines now produce a new auth_session_info for this caller, allocating it on the supplied memory context. Andrew Bartlett
2011-08-03s3-smbd Be consistent with %U subs on guest loginsAndrew Bartlett1-1/+1
The NTLMSSP code always specified "" as the username, and this makes guest logins via the old-style session setup do the same. Andrew Bartlett
2011-08-03s3-auth use auth_generic_start to get full GENSEC in Samba3 session setupAndrew Bartlett4-30/+80
This tests if the auth_generic_start() hook is available on the auth context during the negprot, and if so it uses auth_generic_start() to hook to GENSEC to handle the full SPNEGO blob. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Add function to start any GENSEC mech by OIDAndrew Bartlett2-5/+22
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-smbd clarify behaviour by not passing an OID that will not be usedAndrew Bartlett1-1/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-smbd Ensure we do not read past the end of a possible NTLMSSP blobAndrew Bartlett2-2/+2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth clarify the role of these session keysAndrew Bartlett1-8/+6
This comment can be clarified now the auth subsystem does not use the same structure as the rest of the code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth remove sanitized_username from auth_serversupplied_infoAndrew Bartlett5-41/+1
This structure element was only written to, not read. It is filled into the companion structure, auth_session_info() by create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth set session_info->sanitized_username in create_local_token()Andrew Bartlett11-60/+23
Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Split auth_ntlmssp_start into two functionsAndrew Bartlett6-25/+93
This helps map on to the GENSEC semantics better, and ensures that the full set of desired features are set before the mechanism starts. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Split calls to gensec plugin into prepare and startAndrew Bartlett4-21/+23
GENSEC has the concept of starting the GENSEC subsystem before starting the actual mechansim. Between these two stages is when most context methods are called, to specify credentials and features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove auth_ntlmssp_and_flags()Andrew Bartlett5-20/+0
There is no need to mask out these flags as they simply are not set yet. The correct abstraction is to ask for NTLMSSP features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove rpccli_get_pwd_hash and auth_ntlmssp_get_nt_hashAndrew Bartlett6-74/+26
The session key we want here (the only one that is availble to the encryption layer) is the one obtained by cli_get_session_key(), as NTLMSSP creates a per-session session key via key exchange and NTLMv2 negotiation. The key was never directly the NT hash anyway (this is simply a mistake, the extra MD4() was lost during my previous cleanup f28f113d8e76824b080359c90efd9c92de533740 in 2008), but was MD4(NT hash) in early implementations of NTLMSSP. However, regardless this call is not available on domain trusts between AD domains and Windows 2003 R2, making this less useful. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Add hook to start a GENSEC mech to auth_samba4Andrew Bartlett2-1/+89
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove auth_ntlmssp_or_flagsAndrew Bartlett5-15/+7
We now just use auth_ntlmssp_want_feature to get extra flags on the NTLMSSP context Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove calls to auth_ntlmssp_and_flags from the serverAndrew Bartlett7-11/+15
This is changed so that the callers ask for the additional flags that they need, starting with no additional flags. This helps to create a proper abstraction layer in ntlmssp_wrap/auth_ntlmssp. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_updateAndrew Bartlett9-37/+36
This clarifies the lifetime of the returned token. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp NTLMSSP sealing implies signing, so set both flagsAndrew Bartlett1-0/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add hooks to optionally call into GENSEC in auth_ntlmsspAndrew Bartlett5-15/+93
This allows the current behaviour of the NTLMSSP code to be unchanged while adding a way to hook in an alternate implementation via an auth module. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Add mem_ctx argument to auth_ntlmssp_get_session_key()Andrew Bartlett4-8/+8
2011-08-03s3-auth Allow auth modules to provide an initialised GENSEC contextAndrew Bartlett2-2/+18
This will allow auth plugins such as auth_samba4 to provide an initialised GENSEC context to auth subsystem callers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Use auth_ntlmssp_*() functions in more placesAndrew Bartlett7-29/+30
This allows auth_ntlmssp_get_ntlmssp_state() to be removed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove unused auth_ntlmssp_get_domain()Andrew Bartlett1-6/+1
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-ntlmssp Remove unused auth_ntlmssp_get_clientAndrew Bartlett1-5/+0
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-rpc_server use session_info to print user detailsAndrew Bartlett1-4/+3
This is the authoritative source for what the user was actually authenticated as. The previous message printed only what they claimed, and the DC might map this. The workstation is no longer printed in the logs, as it allows auth_ntlmssp_get_client() to be removed. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Use else if in do_map_to_guest_server_infoAndrew Bartlett1-3/+1
This means we can't ever call make_server_info_guest() twice. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3-auth Move map to guest to directly after the check_password callsAndrew Bartlett5-97/+49
This means we no longer need two different map to guest functions and have consistent logic with fewer layering violations. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03gensec: Remove mem_ctx from calls that do not return memoryAndrew Bartlett1-2/+2
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-08-03s3:libsmb/clifile: make use of cli_set_timeout()Stefan Metzmacher1-12/+22
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Aug 3 10:16:18 CEST 2011 on sn-devel-104
2011-08-03s3:cli_np_tstream: make use of cli_set_timeout()Stefan Metzmacher1-1/+2
metze