Age | Commit message (Collapse) | Author | Files | Lines |
|
Existing installations running ntp as group 'ntp' will need to change
the permissions on the ntp_signd socket directory (eg
PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd)
The reason is that allowing other users on the host access to this
directory would allow them to potentially spoof time on the network,
or attack the password database with a chosen plaintext attack.
Permissions should be changed to:
ownership root:ntp (if ntp runs as gid ntp)
mode 0750 (this is what it will be created as)
If the permissions are not changed, Samba will refuse to start the
ntp_signd server, and NTP operations will not be signed. As the error
is declared fatal, in the future, Samba may totally refused to start.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
|
|
|
|
thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.
Making them a child of the task allows the task to terminate and take
all its sockets with it.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
this also removes the event_context parameter from process model
initialisation. It isn't needed, and is confusing when a process model
init can be called from more than one place, possibly with different
event contexts.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
LDAP filters
This makes also lookups through special backends as "samba3sam" work.
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
We should use the "ldb_get_*_basedn" calls since they are available in the LDB
library.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
|
|
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
|
The change to protocol version 1 was not intentional, and broke the
protocol established with the ntp.org project.
Andrew Bartlett
|
|
This is used by at patch to the NTP project to supply authenticated
time as required by MS-SNTP. (ie, to keep windows clients in time sync
in the domain)
Andrew Bartlett
|
|
metze
|
|
metze
|
|
|
|
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
|
|
metze
|
|
(This used to be commit 30da1b534f00ba6ef6cf86cba603732bc6e1ad43)
|
|
(As this would allow an offline attack on their password)
Andrew Bartlett
(This used to be commit e28481fc0976231c6f4cb7a5f7c7708f4becdb18)
|
|
This will allow distributions to hard-code this path, particularly for
selinux, and matches how we handle the winbind socket dir.
Andrew Bartlett
(This used to be commit c8b441650400ed1b24c89991f5752dad3c87795f)
|
|
Andrew Bartlett
(This used to be commit 4dcc0cd06ef2f6c496e2112f6378088a1c27d2f2)
|
|
This starts ntp_signd at startup, and fixes some build issues.
Andrew Bartlett
(This used to be commit cb0dcd5c3dfe2a46755270a4594b7289f555d814)
|
|
I am modifying the ntp.org server to talk to this service, to sign
packets per MS-SNTP.
Andrew Bartlett
(This used to be commit 0c15385e6068d2f70ff11aa5837adbd6d78410ae)
|