Age | Commit message (Collapse) | Author | Files | Lines |
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
|
|
- only touch session->vuid when needed
- it make no sense to set an .spnego.out.vuid
metze
(This used to be commit 1940fbed154c89d29214ddf293128a70a97bf923)
|
|
- zero state struct
metze
(This used to be commit 97fb407a4cfcf71e95663e437cb7f638ac4028fc)
|
|
Andrew Bartlett
(This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
|
|
RPC-SAMBA3SPOOLSS and
others that might need the server name.
Volker
(This used to be commit 03eaf0edf9f8a6d70375f9f12810b4fbb860290a)
|
|
Guenther
(This used to be commit d9562e0f83d76043da7955e89b1fff8a1d921a36)
|
|
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
- http://gleg.net/protover_ldap_sample.shtml
Also fixes found by a subsequent audit of the code for similar issues.
(This used to be commit 441a4f6262459dabfefd9bb12622ada9c007a60c)
|
|
fix RPC-LSA on AIX.
(This used to be commit 6cce709d08579f4e00b44b692332a557b0ea3b86)
|
|
(This used to be commit 27114fe1752f20c58948b34264e38db263f7a0ea)
|
|
took a _LONG_ time to find.
The problem was that when encoding/decoding password buffers we use
the pull/push string functions, which by default align unicode
strings. But on solaris sparc the buffer is not aligned always (its a
stack variable, an array of uint8_t). That perfectly OK in C, so we
just tell the pull/push functions not to auto-align.
(This used to be commit bb7835eced00607eb6b1725be6d96a6dcb842049)
|
|
were getting ENOBUFS, which mapped to NT_STATUS_NO_MEMORY, which in
turn caused the messaging code to loop trying until it gave up.
Now it correctly falls back to select. Messaging speed goes from 3
messages per second to over 7000 on my test vmware box. Not bad for a
one line change :)
(This used to be commit 6568f30adf980c572f9ffd6ff884336ebe652f90)
|
|
Guenther
(This used to be commit 692746ff8d1352a93a19ba9d537ca894a2ea186f)
|
|
(This used to be commit 1e34e4d5a1fd3d74080424140e4ab276b6042d12)
|
|
(This used to be commit f55de25ab30f9270bbd139dc1e683101db1069c8)
|
|
Guenther
(This used to be commit e2879f6fc21e5ca96b24ed11e4a460a0ebada8c3)
|
|
library. Even though we don't like to that library, it gets loaded via
nss-ldap, which means nss-ldap calls into the samba ldap lib with the
wrong parameters, and crashes.
We really need to use a completely different namespace in libcli/ldap/
(This used to be commit c440e0eed9afae5fe69995a7416971e7c8560779)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
(This used to be commit 4860d0256547b33709cdc109bdf7bb0310c2a5b6)
|
|
(This used to be commit f4b4bd945f5c3955aab0c3cf89ad6cdda7529dac)
|
|
finished when we need to trigger the continuation immediately.
Via a fairly complex path, this fixes the problem where all hosts in
the build farm that do not have ipv6 failed a lot of the RPC
tests. This happened because the dcerpc_connect() async code used a
composite_continue() on a context which was already in an error state,
due to the socket backend saying that ipv6 was unavailable
(This used to be commit dbf935d38b6b1fea5ed00e94c9b1a518cb14768b)
|
|
always at it as first private dependencies
metze
(This used to be commit 135d096776b53ae09ffc2b4f767dfbd18139570f)
|
|
this should fix a pile of printf format warnings
(This used to be commit fe209e360e3857f39355335e4fa6a43b2db23038)
|
|
happier now
(This used to be commit 18542f184f75074e56a9793a9e3b6c6d747bb9e6)
|
|
ldapi://).
Andrew Bartlett
(This used to be commit 556a21faeed0b6e3cc6efcfa8e0939b151a802de)
|
|
Andrew Bartlett
(This used to be commit 1920cb8b3978f745cba7e854410deb9174de2dc0)
|
|
OpenLDAP backend.
Andrew Bartlett
(This used to be commit da66b53e6ac39c5f020781830ee69d460aa0cae5)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
(This used to be commit bb393603707ada3d4b917f8374b7738f16c78f46)
|
|
snprintf seems
to be broken. The %lu modifies apparently can not cope with the high
bit==1. In dom_sid_string I added some printfs and got:
auth: 21
auth: 2666793276
auth: 679821296
auth: 2310223117
auth: 1206
sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206
The "auth:" values are direct printfs, the sid= is the resulting code from
dom_sid_string.
I could not reproduce it with a simple test program, and #ifdef'ing out
HAVE_SNPRINTF in config.h manually does not help either, probably because the
dynamic linker overwrites the symbol in lib/replace.
Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host
"sunx", I would like to see whether it also fixes IRIX and AIX.
Volker
(This used to be commit 1a9401738f652a87d377a32086342f5f98525fc2)
|
|
configure check for the interfaces.
should fix the build on some old sun boxes
metze
(This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
|
|
when I don't use the DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
flag on DsBind
metze
(This used to be commit 8458ee72c5c1005ab80b9f7ea6efe617e5c76106)
|
|
metze
(This used to be commit 96259f0f24b114e505241c9d2deb702a8b40f1b6)
|
|
metze
(This used to be commit 40dc7c1787c16bfc15ac87fee81d2d2d1f3d2fde)
|
|
metze
(This used to be commit 84e74a759cfa49ebc8b4ba1b8e729d6d920fc55a)
|
|
with this you can limit a search to a specific partitions
or a search over all partitions without getting referrals.
(Witch is the default behavior on the Global Catalog Port)
metze
(This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)
|
|
metze
(This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)
|
|
metze
(This used to be commit e15a015a1d9aa3872271c0c5542e7d055a6f673a)
|
|
metze
(This used to be commit 8f9e201b9a797c0772672efab0f8e6a7a6312eb0)
|
|
metze
(This used to be commit 683fc25f6524a3821ba70529251aabe97bad9370)
|
|
the composite_context structue, we should try to convert all code
to use this because there're a lot of places where the we have
bugs with this task...
- add a composite_continue_smb2() helper
We should try to hide the internals of the composite code from the users
to avoid errors (and I found a lot of them... and will fix then step by step)
metze
(This used to be commit a16180f20246844d05996d385fcb71893e08f589)
|
|
metze
(This used to be commit fe463bc568e8ac78ca161bcba3e867d33bb828b3)
|
|
otherwise the callers callback function will not be called
and the caller is hanging forever...
metze
(This used to be commit e231eba828486e68c9d3a246e1e0c943fdb8301c)
|
|
metze
(This used to be commit f2196bf9b662d3f38d59eceb8c54f9d2e3f7b505)
|
|
routines to return an NTSTATUS. This should help track down errors.
Use a bit of talloc_steal and talloc_unlink to get the real socket to
be a child of the GENSEC or TLS socket.
Always return a new socket, even for the 'pass-though' case.
Andrew Bartlett
(This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
- the 0xffffffffffffffff seqnum is reserved for SMB2 Break (oplock breaks)
so don't use it in a request. we should someday try to test this...
metze
(This used to be commit 730cdc4475822e28cb400116641294a7f98ad0b5)
|
|
security
descriptor. This is something that W2k3 does _not_ pass and probably is not
expected to, it seems the don't check access at tconX time.
Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the
length of the sd can be encoded in idl.
As metze says, there's probably more to the share secdesc, this needs more
testing. This one is here to walk the samba3 code.
Volker
(This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
|
|
metze
(This used to be commit 1f48e7dca6a06078f3655a7f7a8f109bd6c0cb8e)
|
|
metze
(This used to be commit 49b96ac44a883c020c69df7a12df154dc4faa4d5)
|