Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit dbabec633881d7b2521aa17b484e425e6db36e01)
|
|
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
|
|
and only have private depdendencies
metze
(This used to be commit f37c9f4d920c1a2dc160ce1c26cf70fbb45c653f)
|
|
metze
(This used to be commit f02f7ed19db2be8e23b1a5850082c9f9da35c028)
|
|
metze
(This used to be commit 59fe6cfaba2eb39cb5ff33110e830c4c9b21fb95)
|
|
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.
This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases.
In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC. This matches windows behavour. We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).
This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.
Andrew Bartlett
(This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
|
|
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
|
|
places where this was currently not the case.
(This used to be commit 3894497a232df8cf0457c7439c9ae347f63f24a1)
|
|
(This used to be commit eefa64cbe392c4c4dcbf71b8bcf5128cce0339ba)
|
|
libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
|
|
(This used to be commit f11112d7f0a6b1550008fd8192be2592412fb222)
|
|
(This used to be commit e46d8ed53f8eb4ba596ab6fc1924eb7f1829a3df)
|
|
(This used to be commit 6a2144caab60073b40577dc1f66f663f817d6cbd)
|
|
(This used to be commit 8b622c5ded0732df0eaf9f6226f52a27b6eacd73)
|
|
(This used to be commit 1adf65b4d7c5d2d4f65d4b28575bdf2368a42139)
|
|
(This used to be commit c079cedb084d621c5a0aac59310b237ba375df20)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
with NULL.
metze
(This used to be commit 3711b968adf8a0951171ad1a90be65a9ae0dc03b)
|
|
Should fix some build farm machine
(This used to be commit 15b8fafb991d3ce4b40c144702399d6f705a8e8e)
|
|
Commit the classic backwards compatible module which is the default one
(This used to be commit a89cc346b9296cb49929898d257a064a6c2bae86)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
(This used to be commit 8d95bf14b93326b097884366a527753f8ad93d47)
|
|
(This used to be commit d72c5c8f755277eb22e1f6834d98202f00c09934)
|
|
system - these should be removed later on.
(This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
|
|
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
|
|
prototype
but --with-setproctitle wasn't used
metze
(This used to be commit 0754154f5154e8285608c7f17e15aa223f04adea)
|
|
with local
(empty) libpopt.a overriding global one
(This used to be commit 2f06305e53478e5030c24550954f221a9a97c83f)
|
|
metze
(This used to be commit 35936fd4743554bb4ba9b2f61ec3651762189bee)
|
|
the subsystems in question
(This used to be commit 2fbb4d91fa580ccb64e36f0b082f23af33123b13)
|
|
(This used to be commit 555ca1df1c57e5798e75b19f66b62b253a066e21)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
"." for "..". These express the intention better that strcmp or strequal
and improve searchability via cscope/ctags.
(This used to be commit 7e4ad7e8e5ec266b969e3075c4ad7f021571f24e)
|
|
metze
(This used to be commit 2b0ce388a4d955ce9bf0cdb00a13cd82f8acc87d)
|
|
(This used to be commit 3ebdae4217be9c00150ae4ceb76c94ba619bbf6a)
|
|
(This used to be commit 5f1d52f232051324082b840f29dd7719a9328bd5)
|
|
doesn't
work yet.
(This used to be commit d3106699dba7a4344511134dd2cf1bfa2f4bc7ab)
|
|
I don't know why this causes problems on my laptop today...
anyway we have done this change in smbtorture month ago...
metze
(This used to be commit ad84a69db276e3a655b2dc477214bbe0ed68411a)
|
|
- the process module subsystem should not know about smb_server.h
- the smb_server module should not know about process models
metze
(This used to be commit bac95bb8f4ad35a31ee666f5916ff9b2f292d964)
|
|
subsystems in case a library doesn't make sense.
(This used to be commit ed382873fd01457a53e0a1e1f5ba6753dfbc0646)
|
|
left now...
(This used to be commit e71cca7f0cec62357eba6ba02d13f1c3f04edaa7)
|
|
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
|
|
rebuilt when a header file is changed. It also means parallel builds work now.
It will take a minute or so to generate all the dependency information,
but there should be no need to rebuild that information later on, unless
a file changes.
This behaviour is only enabled when building in developer mode
(--enable-developer) and requires a GNU make (or compatible). In all other
cases, the file 'static_deps.mk' is included, which contains some basic
hardcoded dependency information.
(This used to be commit eb435386f015ce1d89eb6f7e7837622ebd9e1951)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
all this changes really help ccache to speed up the samba4 build:-)
metze
(This used to be commit 180a79d1036e54fc0c50572b820818e9aafa28e9)
|
|
metze
(This used to be commit defc9438d10d51f5f59a8ee69e6baf40b8d9278e)
|
|
--with-setproctitle enables it
metze
(This used to be commit fb9e7d176a3379d451bdbfad567426ddfb91a8bf)
|
|
(This used to be commit b6ffad3860ba2cf9d8f3423d65be91dcfc962ca2)
|
|
metze
(This used to be commit 63778a76be8212baad8f4668b0ffcc3b6732857e)
|
|
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections
metze
(This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
|
|
to fix the process_model standard
metze
(This used to be commit a465126e15490c5605064eb2387fb589d312db7b)
|