summaryrefslogtreecommitdiff
path: root/source4/ntp_signd/ntp_signd.c
AgeCommit message (Collapse)AuthorFilesLines
2013-01-09Use the new directory_create_or_exist_strict() function.Andreas Schneider1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-12ntp_signd: Only allow group access to the ntp signd directory.Andrew Bartlett1-1/+1
Existing installations running ntp as group 'ntp' will need to change the permissions on the ntp_signd socket directory (eg PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd) The reason is that allowing other users on the host access to this directory would allow them to potentially spoof time on the network, or attack the password database with a chosen plaintext attack. Permissions should be changed to: ownership root:ntp (if ntp runs as gid ntp) mode 0750 (this is what it will be created as) If the permissions are not changed, Samba will refuse to start the ntp_signd server, and NTP operations will not be signed. As the error is declared fatal, in the future, Samba may totally refused to start. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
2012-08-14s4:ntp_signd: fix SEGV if SID cannot be foundArvid Requate1-1/+5
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
2011-03-19source4/: Fix prototypes for all functions in various subsystems.Jelmer Vernooij1-0/+2
2011-02-10ldb: use #include <ldb.h> for ldbAndrew Tridgell1-2/+2
thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-15s4-server: make server sockets a child of the task contextAndrew Tridgell1-1/+2
We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-30s4-smbd: don't initialise process models more than onceAndrew Tridgell1-1/+1
this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-1/+1
2010-09-13s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵Matthias Dieter Wallnöfer1-1/+2
LDAP filters This makes also lookups through special backends as "samba3sam" work.
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-4/+4
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-29s4:ntp_signd/ntp_signd.c - add casts to suppress warnings on Solaris 10Matthias Dieter Wallnöfer1-2/+2
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-7/+2
2010-04-13Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer1-1/+1
We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
2010-02-26s4-ntp: Fixed the memory context of tstream_bsd_existing()Andreas Schneider1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-13s4-ntp_signd: Migrate to tsocket.Andreas Schneider1-131/+284
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-1/+1
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell1-3/+3
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-08-22s4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpdAndrew Bartlett1-3/+1
The change to protocol version 1 was not intentional, and broke the protocol established with the ntp.org project. Andrew Bartlett
2009-08-11s4:torture Add test for the NTP signd serverAndrew Bartlett1-0/+7
This is used by at patch to the NTP project to supply authenticated time as required by MS-SNTP. (ie, to keep windows clients in time sync in the domain) Andrew Bartlett
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-4/+4
metze
2009-02-02s4:ntp_signd: s/private/private_dataStefan Metzmacher1-4/+4
metze
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-1/+1
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze
2008-08-11Only allow trust accounts access to the NTP signing service.Andrew Bartlett1-3/+9
(This used to be commit 30da1b534f00ba6ef6cf86cba603732bc6e1ad43)
2008-06-19Don't sign NTP packets to disabled accountsAndrew Bartlett1-1/+10
(As this would allow an offline attack on their password) Andrew Bartlett (This used to be commit e28481fc0976231c6f4cb7a5f7c7708f4becdb18)
2008-05-29Allow the ntp_signd socket to be set from configure.Andrew Bartlett1-4/+18
This will allow distributions to hard-code this path, particularly for selinux, and matches how we handle the winbind socket dir. Andrew Bartlett (This used to be commit c8b441650400ed1b24c89991f5752dad3c87795f)
2008-05-29Final fixes to for a functional NTP signing deamon.Andrew Bartlett1-15/+118
Andrew Bartlett (This used to be commit 4dcc0cd06ef2f6c496e2112f6378088a1c27d2f2)
2008-05-28Bring up the ntp signing deamonAndrew Bartlett1-19/+24
This starts ntp_signd at startup, and fixes some build issues. Andrew Bartlett (This used to be commit cb0dcd5c3dfe2a46755270a4594b7289f555d814)
2008-05-27Start an 'NTP signing server' in Samba4.Andrew Bartlett1-0/+260
I am modifying the ntp.org server to talk to this service, to sign packets per MS-SNTP. Andrew Bartlett (This used to be commit 0c15385e6068d2f70ff11aa5837adbd6d78410ae)