Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 30980d218495d389d7a5db4b190ed717217c08d4)
|
|
(disabled by default, set parametric option: gensec:gssapi=yes to enable).
This module backs directly onto GSSAPI, and allows us to sign and seal
GSSAPI/Krb5 connections in particular. This avoids me reinventing the
entire GSSAPI wheel.
Currently a lot of things are left as default - we will soon start
specifiying OIDs as well as passwords (it uses the keytab only at the
moment). Tested with our LDAP-* torture tests against Win2k3.
My hope is to use this module to access the new SPNEGO implementation
in Heimdal, to avoid having to standards-verify our own.
Andrew Bartlett
(This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
|
|
(This used to be commit 1c2170ae21d60c22ee3053fbf249dba59de576ba)
|
|
provision.pl suggests hklm.ldb be put)
- fix the globals init not to wipe parametic values after initialising
them (this bug prevented default values for parametric parameters)
(This used to be commit 6a360c52c1723b4c3485a97ebcfeb907f840a051)
|
|
metze
(This used to be commit e62b36bef193f6a58ee035d581ef0f574f1e2910)
|
|
metze
(This used to be commit 33a185ec3b211f6137abd6367ccc81d5102e5f4f)
|
|
metze
(This used to be commit c44f4d44b51789916e50c9da93046d0a15245edc)
|
|
Andrew Bartlett
(This used to be commit cc47b4c6fc932f8257506276eaa1a98a41055f8b)
|
|
- don't use static const strings in the server_info
- fix segfault when auth_sam gets "" as username
metze
(This used to be commit 7fcbd483d4977cf6483f34ddd28e6c0182897ba2)
|
|
(This used to be commit 1235afa5fe3a396cd7a180cbc500834a30fbaa80)
|
|
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
|
|
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)
|
|
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
|
|
use:
gensec:krb5=yes
gensec:ms_krb5=yes
to enable it
or -k on the client tools on the command line
metze
(This used to be commit 0ae5794cf44933d2554e0356baaca24c7a784f71)
|
|
metze
(This used to be commit a6fb416f519688cb012dc9098306bbe5b7950e1d)
|
|
(This used to be commit f280770c8184465c364f497b8931e9753f97e970)
|
|
(This used to be commit e995a1c0e5d2ee2dc50c31c01ce281a303dd5231)
|
|
conditional compilation of xattr client code
(This used to be commit 321fb06a627f4deae649ab014bc881721d37b3dd)
|
|
(This used to be commit 558de54ec6432a4ae90aa14a585f32c6cd03ced2)
|
|
(This used to be commit 8e9212ecfc61c509f686363d8ec412ce54bc1c8d)
|
|
ioctl.h)
(This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
|
|
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
|
|
the ldb part isn't ideal, I will have to think of a better solution
(This used to be commit 6b1f86aea8427a8e957b1aeb0ec2f507297f07cb)
|
|
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
|
|
The thing that finally convinced me that minimal includes was worth
pursuing for rpc was a compiler (tcc) that failed to build Samba due
to reaching internal limits of the size of include files. Also the
fact that includes.h.gch was 16MB, which really seems excessive. This
patch brings it back to 12M, which is still too large, but
better. Note that this patch speeds up compile times for both the pch
and non-pch case.
This change also includes the addition iof a "depends()" option in our
IDL files, allowing you to specify that one IDL file depends on
another. This capability was needed for the auto-includes generation.
(This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
|
|
(This used to be commit 3f902f8d851d32fa81d89ed61bfda6edaea00984)
|
|
Samba4.
(This used to be commit 01f5c1c72d9fc8f21029adc586154b0c54f76c9e)
|
|
setting of "server signing = auto", which means to offer signing
only if we have domain logons enabled (ie. we are a DC). This is a
better match for what windows clients want, as unfortunately windows
clients always use signing if it is offered, and when they use signing
they not only go slower because of the signing itself, they also
disable large readx/writex support, so they end up sending very small
IOs for.
- changed the default max xmit again, this time matching longhorn,
which uses 12288. That seems to be a fairly good compromise value.
(This used to be commit e63edc81716fefd58a3be25deb3b25e45471f196)
|
|
multi-part code
A higher max xmit avoids multi-part trans requests
(This used to be commit 23f4ce3a7d207db0c2705295cbb8d46dc5290b1a)
|
|
most other calls
return WERR_NOT_SUPPORTED for now.
Hive backends can be set like this:
registry:HKEY_LOCAL_MACHINE = ldb:tdb://registry.tdb
registry:HKEY_CURRENT_USER = gconf
registry:HKEY_USERS = dir:/tmp/registry
registry:HKEY_CLASSES_ROOT = nt4:/path/to/NTUSER.DAT
registry:HKEY_PERFORMANCE_DATA = w95:/path/to/USER.DAT
(This used to be commit 42844a4e3422bbbe891ba944c0e97861db7763ec)
|
|
backend that the underlying filesystem is case insensitive, so it can
bypass the directory search if the name is not found.
(This used to be commit d84ade90ce7e03ec749d6ae8dcdcb41de85d836e)
|
|
transports.
ncalrpc uses the new config option "ncalrpc dir" for creating unix sockets.
(This used to be commit b15cfbe2512961a199ecb069730d9a19787579f5)
|
|
(This used to be commit 069305adaf5e88d83f4591acced807d5ea1aa194)
|
|
don't need a path
(This used to be commit a8c49a0de3f806bddaf6bd594ec052cf9f4a3fab)
|
|
(This used to be commit dac00ef3b0d0f8467367d7b6ff77db7b63a042cc)
|
|
- with DsBind and DsUnbind implmented :-)
the RPC-DRSUAPI test works
metze
(This used to be commit 536af87ef12024615728ce0060b557f6f504e33f)
|
|
- switch the fallback case tables to use talloc
- moved the used-once octal_string() inline in loadparm.c
(This used to be commit b04202eaacc87d264d463f75673ee0e68cd54f94)
|
|
provisioning.
- enable the unixuid module by default on all backends
(This used to be commit e335cd4933fccc1bb53641131eb6505faca857ce)
|
|
something like:
ntvfs handler = nbench posix
and the nbench pass-thru module will be called before the posix
module. The chaining logic is now much saner, and less racy, with each
level in the chain getting its own private pointer rather than relying
on save/restore logic in the pass-thru module.
The only pass-thru module we have at the moment is the nbench one
(which records all traffic in a nbench compatibe format), but I plan
on soon writing a "unixuid" pass-thru module that will implement the
setegid()/setgroups()/seteuid() logic for standard posix uid
handling. This separation of the posix backend from the uid handling
should simplify the code, and make development easier.
I also modified the nbench module so it can do multiple chaining, so
if you want to you can do:
ntvfs module = nbench nbench posix
and it will save 2 copies of the log file in /tmp. This is really only
useful for testing at the moment until we have more than one pass-thru
module.
(This used to be commit f84c0af35cb54c8fdc4933afefc18fa4c062aae4)
|
|
Andrew Bartlett
(This used to be commit 543401990aa9eb650cb93fa6cb60d2a0adf7b274)
|
|
(This used to be commit 7478f50c2f5c011a1eec04be06f9ecdc48e85f17)
|
|
to process init_globals(). This also allows all global options to be
set using lp_set_cmdline() or --option
a side effect is that init_globals() is slower. If this turns out to
be a problem we can try a different approach.
(This used to be commit ccfc2106a03bd5143d28e6fdedab773cf7abbe5a)
|
|
commandline
(This used to be commit 2c0b5e119eddc6389500bcc80d1ae417dd9bfbb9)
|
|
smb.conf to be set on the command line. For example, you can use:
smbtorture --option 'unicode=false'
or
smbtorture --option 'netbios name=myname'
(This used to be commit 360a6b530e2295976ddefc138d1333411a94484d)
|
|
(This used to be commit 6c1a72c5d667245b1eec94f58e68acd22dd720ce)
|
|
classic case for a list)
(This used to be commit e53d32c65ab0751b3e01f4f699f5d0e1892369ae)
|
|
(This used to be commit d2553aac0a75591026b9b1fcf46065e5b03ed19c)
|
|
the idea is to have services as modules (smb, dcerpc, swat, ...)
the process_model don't know about the service it self anymore.
TODO:
- the smbsrv should use the smbsrv_send function
- the service subsystem init should be done like for other modules
- we need to have a generic socket subsystem, which handle stream, datagram,
and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server
, or for smb or dcerpc or whatever to connect to a server wide auth service)
- and other fixes...
NOTE: process model pthread seems to be broken( but also before this patch!)
metze
(This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
|
|
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
|
|
so I set 'use spnego = True'
metze
(This used to be commit e06898f88c82c286574f9d73de1a9de829b1ded8)
|