Age | Commit message (Collapse) | Author | Files | Lines |
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Jelmer
|
|
|
|
|
|
gensec_session_key()
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
|
|
The two error tables need to be combined, but for now seperate the names.
(As the common parts of the tree now use the _common function,
errmap_unix.c must be included in the s3 autoconf build).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
|
|
tevent_req
metze
|
|
It should be after smb2_composite_setpathinfo_create_done().
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Apr 28 21:38:53 CEST 2011 on sn-devel-104
|
|
It should be after smb2_composite_setpathinfo_send().
metze
|
|
metze
|
|
and vars
metze
|
|
I have seen domain controllers rejecting NTLMv2 blobs presented to
NetrLogonSamLogonEx with LOGON_FAILURE when the MsvAvNbComputerName
was a FQDN or an IP address
I have not seen this field in NTLMv2 blobs send by Windows clients
when extended security was not available, so omitting the field
makes Samba similar to Windows.
This prevents errors with some smbtorture testcases that disable
spnego and when a target name is specified that is not a valid
netbios name.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Apr 14 02:19:08 CEST 2011 on sn-devel-104
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
These were causing thousands of warnings on solaris8
|
|
This avoids pulling the address into a string and back again if given
a name, by letting the next async layer down do the name resolution.
If it was an IP address to start with, then the resolver library just
converts that to the struct socket_address.
Andrew Bartlett
|
|
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
|
|
We were creating the name resolution context as a child of lp_ctx,
which meant when we gave up on a connection the timer on name
resolution kept running, and when it timed out the callback crashed as
the socket was already removed.
|
|
These references were triggering the ambiguous talloc_free errors from
the recent talloc changes when the server is run using the 'standard'
process model instead of the 'single' process model. I am aiming to
move the build farm to use the 'standard' process model soon, as part
of an effort to make our test environment better match the real
deployment of Samba4.
The references are not needed as the way that the event context is
used is as the 'top parent', so when the event context is freed then
all of the structures that were taking a reference to the event
context were actually freed as well, thus making the references
redundent.
|
|
metze
|
|
|
|
metze
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
|
|
Eventually, we should move some of these parameters into a separate
struct (perhaps into smb_transport_options?), to avoid the long lists of
parameters.
|
|
should in the future only contain some settings required for gensec.
|
|
|
|
|
|
|
|
|
|
|
|
functions.
|
|
|
|
|
|
using global_loadparm.
|
|
We need to manually free the request, otherwise the timeout handler is
triggered later.
metze
|
|
We need to start signing when we got NT_STATUS_OK from the server
and manually check the signature of the servers response.
This is needed as the response might be signed with the krb5 acceptor subkey,
which comes within the server response.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL seqnum: 0
response1 => BSRSPYL seqnum: 0
request2 => BSRSPYL seqnum: 0
response2 => <SIGNATURE> seqnum: 1
and with krb5:
request1 => BSRSPYL seqnum: 0
response1 => <SIGNATURE> seqnum: 1
metze
|
|
(This used to be commit e90c7587385598a1dd976c2420798f9bd682b43d)
|
|
(This used to be commit 1e0c24b2760f2a632333b51710cd9581f0cee851)
|
|
(This used to be commit 1323aab11fbf346e19c4cef227d727ddfcaa7d60)
|
|
(This used to be commit 67290e0ad69df2f2fe651249c6550b8e32dd641b)
|
|
(such as unlink)
(This used to be commit 433038f3fea60087bdca07dcc856d0be4a4753f3)
|
|
The rest of this file reads bottom-up, but this function
(connect_send_negprot()) was out of place.
Andrew Bartlett
(This used to be commit f0c95cd74fb6fea57cef89b59e5d2f10ea25c138)
|
|
Rather than add a new 'out' member to the API, simply fill in the
'tree' early enough that we can access the server challenge there.
Andrew Bartlett
(This used to be commit 6dbbcf8aaf9b93af970d1701dfb185460d4dc788)
|
|
The ability to short-circuit the connection code to only do a negprot
allows us to do the rest once we have the user's password. We return
the 8 byte challenge so we can pass it to the client.
Andrew Bartlett
(This used to be commit 40fe386b0374df8b390b995c332d048dbbc08f1b)
|
|
the code.
Make sure we pass around the event_context where we need it instead.
All test but a few python ones fail. Jelmer promised to fix them.
(This used to be commit 3045d391626fba169aa26be52174883e18d323e9)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
(This used to be commit 4472d7e1e47d4fe6b1c60e28d168cce99b237979)
|
|
(This used to be commit 5de88728ac5c567d3711d1ac6862bbdaced84b75)
|