Age | Commit message (Collapse) | Author | Files | Lines |
|
This layer is used for DCERPC security, as well as ntlm_auth at this
time. It expect things like SASL and the CIFS layer to use it as
well.
The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.
Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.
Andrew Bartlett
(This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1)
|
|
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.
Andrew Bartlett
(This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b)
|
|
smb.h should end with only smb protocol specific stuff in it
metze
(This used to be commit fda8e59f3d057bf849598f96f78f50f62d8514fe)
|
|
metze
(This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
|
|
- added printf style format attribute checking to samdb varargs fns
- fix nt_time_to_unix() for zero and -1 times
(This used to be commit 41f9b144f9fe77e92f960bd11b1df397a63fd2d5)
|
|
- remove unused lib/smbpasswd.c
- don't set the pkt size twice when doing SMB signing
(This used to be commit 69a2942f7987647a32d43c71f41ac1a82a82ccda)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
|
|
metze
(This used to be commit 8f59daba0d03a2c58f7f23655153de05cbe47e81)
|
|
I really think that this is needed to get a better overview of what is currently used
Also this stuff is really out of date
so if we really ever need some of this stuff back,
a 'svn copy' from the SAMBA_3_0 branch should be no big problem...
metze
(This used to be commit 972598d511c64f29bdc849fe58c9c82fbcf6a4a2)
|
|
metze
(This used to be commit bacab322ce89979f0ad0811cd15b73d81eceb69d)
|
|
This commit kills passdb, which was only hosting the auth subsystem.
With the work tridge has done on Samba4's SAM backend, this can (and
now is) all hosted on ldb. The auth_sam.c file now references this
backend.
You will need to assign your users passwords in ldb - adding a new line:
unicodePwd: myPass
to a record, using ldbedit, should be sufficient. Naturally, this
assumes you have had your personal SAMR provisioning tutorial from
tridge. Everybody else can still use the anonymous logins.
Andrew Bartlett
(This used to be commit 2aa0b55fb86648731d5f2201fa5a6aa993b7ca48)
|
|
to the main SAMBA_4_0 tree.
NOTE: that it's not completely ready, but it's functional:-)
metze
(This used to be commit c78a2ddb28ec50d6570a83b1f66f18a5c3621731)
|
|
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
|
|
(This used to be commit 85e57684b4dc4edcfd6d4cd1492d63810f8ce211)
|
|
added ldbedit, a _really_ useful command
added ldbadd, ldbdel, ldbsearch and ldbmodify to build
solved lots of timezone issues, we now pass the torture tests with
client and server in different zones
fixed several build issues
I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that
fix.
(This used to be commit af34710d4da1841653624fe304b1c8d812c0fdd9)
|
|
breakage
caused by someone recently ...
1. Add configure check HAVE_COMPARISON_FN_T to see if this is defined. I
have not checked this on Linux yet, but will do so soon.
2. Add the definitions of malloc_p, realloc_p etc.
3. Check for LDAP and don't build stuff that depends on LDAP if we don't\
have it.
It currently builds on FreeBSD but there is one warning printed out at the end.
(This used to be commit 7b34fbe0f2ef175e5504e34e4f3cdf9a0563970f)
|
|
- fixed build of the ldb registry backend
(This used to be commit 0b66590330603efaa816fd2348c05a994a1580ef)
|
|
see source/lib/registry/TODO for details.
(This used to be commit 7cab3a00d7b4b1d95a3bfa6b28f318b4aaa5d493)
|
|
(This used to be commit b881b72cb9cb5a4a8ad27b621e8cbe9dcfa7ba7f)
|
|
and remove NET_GROUP stuff, this needs to be implemented
in a better way if we ever readd this
metze
(This used to be commit da5f22976fb40ec96160439c7a926a15805fc7f0)
|
|
metze
(This used to be commit cbfa29549e5b302f947c7f2ca14fbea257e46c33)
|
|
metze
(This used to be commit 5ebd6fb761370cbe2835a2a2631e24e35bcaffb4)
|
|
and schannel are both instances of possible security modules
- added schannel sign and sign/seal support to the dcerpc client
code. You select it with binding options of "schannel,sign" or
"schannel,seal".
(This used to be commit 05db0b9d942cad8f1dd574dc35b759e5e79d4195)
|
|
metze
(This used to be commit 041dc8c83df21c4cff9a62b9381ebc68b3876e77)
|
|
SMB_SUBSYSTEM() scheme
- some const fixes in ntvfs
metze
(This used to be commit af89a78123068767b1d134969c5651a0fd978b0d)
|
|
ldap and krb5 configure tests
libads/*.c and libcli/raw/clikrb5.c from 3.0
metze
(This used to be commit 64b5bfcd73d7626d6f687a641b11e64821144df7)
|
|
and exclude some files from Makefile.in
metze
(This used to be commit f77990cf2496f72d02566f09477349436be3dfcd)
|
|
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
|
|
(This used to be commit d0bef33ffa21ce5caaf8e052cbbd2bb32db40b0c)
|
|
don't cause fragmented pdus (I'll add fragments shortly)
* change data_blob_talloc() to not zero memory when the 2nd argument
is NULL. The zeroing just masks bugs, and can't even allow a DOS
attack
* modified pidl to ensure that [ref] arguments to the out side of
functions are allocated when parsing the in side. This allows rpc
backends to assume that [ref] variables are all setup. Doesn't work
correctly for [ref] arrays yet
* changed DLIST_ADD_END() to take the type instead of a tmp
variable. This means you don't need to declare a silly tmp variable in
the caller
(This used to be commit 46e0a358198eeb9af1907ee2a29025d3ab23b6d1)
|
|
(This used to be commit 5fb01b0ec0321724c25669151ea7c20e6ec182d0)
|
|
* updated tdb to latest version from Samba3
* removed some extraneous ';' in tdbutil.c (Thanks to Erlend Aasland
for pointing this out)
(This used to be commit f3eaf270e57d8d2e2157a6a36e260860c7f71c19)
|
|
(This used to be commit fbccf58539827ef368f8a0be122e45edcd0f070e)
|
|
* moved ntlmssp code into libcli/auth/, and updated to latest ntlmssp
code from samba3 (thanks Andrew! the new interface is great)
* added signing/ntlmssp support in the dcerpc code
* added a dcerpc_auth.c module for the various dcerpc auth mechanisms
(This used to be commit c18c9b5585a3e5f7868562820c14f7cb529cdbcd)
|
|
CVS: Enter Log. Lines beginning with `CVS:' are removed automatically
CVS:
CVS: Committing in .
CVS:
CVS: Modified Files:
CVS: Makefile.in configure.in include/includes.h include/ntvfs.h
CVS: include/smb.h lib/iconv.c lib/module.c ntvfs/ntvfs_base.c
CVS: ntvfs/cifs/vfs_cifs.c ntvfs/ipc/vfs_ipc.c
CVS: ntvfs/posix/vfs_posix.c ntvfs/print/vfs_print.c
CVS: ntvfs/reference/vfs_ref.c ntvfs/simple/vfs_simple.c
CVS: passdb/pdb_interface.c
CVS: Added Files:
CVS: include/module.h
CVS: ----------------------------------------------------------------------
Update to the modules system. Fixed:
- get rid of smb_probe_module
- merge older updates from 3.0
- introduced register_subsystem() and register_backend() functions
- adapt ntvfs and charset to use new register functions
- made smb_load_modules() work recursively (e.g. 'preload modules = /usr/lib/samba')
- got rid of some old remains
Things that still need work:
- Did I break tankFS? I don't think so, but I can't test it here :-(
- Add 'postload modules = ' (for modules that need to be loaded after fork() in smbd, if applicable)
- Convert RPC, auth, passdb, etc to use new register_{subsystem,backend}() functions
- Accept wildcards in 'preload modules' option, instead of loading recursively
(This used to be commit 7512b9ab1a8b3103f7a6c13f736353c46a26b668)
|
|
In general I prefer "struct foo" to just "foo" for most
structures. There are exceptions.
(This used to be commit 04eb12b56c653f98801ab29411f47564ab32fa58)
|
|
files around, but also added the first bits of auto-generated code for
the lsa pipe.
I haven't updated the Makefile to call pidl yet, so for now the code
was cut-and-pasted into librpc/ndr/ndr_lsa.c manually
(This used to be commit 6b222d3b6541ee74cf8bf3f0913cd444903ca991)
|
|
(This used to be commit 8cff335dab438aa2dbcca91a717e14ef5a8288dd)
|
|
successful LSA OpenPolicy using smbtorture
(This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
|
|
- added SMBD_LISTEN_BACKLOG in local.h
- added the beginnings of a ndr/rpc parsing framework for Samba4. It
currently correctly parses security descriptors for the nttrans
QUERY_SECDESC call, but I hope it will become a reasonable framework
that an idl based generator can work to
(This used to be commit 9bf904fc34f88e0581f93656e73d3c01ca96f761)
|
|
(This used to be commit ac05e976f20796202deb1731f9488d5a52e2b25f)
|
|
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
|