Age | Commit message (Collapse) | Author | Files | Lines |
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
(This used to be commit 28914c89dc1400d8364c13258ec0e8558acc7dfd)
|
|
Fix a couple of bugs in the new cli_credentials code
(This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
- added async support to the negprot client code
- removed two unused parameters from smbcli_full_connection() code
- converted smbclient to use smbcli_full_connection() rather than
reinventing everything itself
(This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
|
|
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
|
|
parsing, so that module init can take account of lp_ parms (thats
why gensec:krb5=no wasn't working)
- added a BASE-DISCONNECT torture test that tests server response to
clients disconnecting with open lock and open requests pending
(This used to be commit 5205f598b8c0be6985e61cc842cc5da109ba5b7e)
|
|
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)
The build system will define :
- SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
- BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on
This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
|
|
(This used to be commit 558de54ec6432a4ae90aa14a585f32c6cd03ced2)
|
|
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
|
|
possible to a structure creation routine. This makes for much easier
global cleanup.
(This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
|
|
- use lp_maxprotocol() in the libcli/raw/ negotiate code, so we obey
the smb.conf "max protocol" option
- better handling of -M option in masktest
(This used to be commit 8685a584c92ab73a35b29a8c719f1ec207562837)
|
|
rename CLI_ -> SMBCLI_
metze
(This used to be commit 8441750fd9427dd6fe477f27e603821b4026f038)
|
|
- retry connections a few times when reconnecting
(This used to be commit d0d0734845e37a2639ade2545bccef1615e17d63)
|
|
metze
(This used to be commit 57151e80eb1090281401930c8fe25b20a8cf3a38)
|
|
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
|
|
only users are smbclient and smbtorture.
(This used to be commit 54cb508c78e5c1faa3ade46b46b165983c880d10)
|
|
smbtorture to use the new interface.
Part 2 will be to eliminate cli_state from smbtorture as this is now
the only place where it is used.
(This used to be commit db1cc96af62ea42837d60592877fc3f93cef143b)
|
|
(This used to be commit 4cf3839b727c77a727abb558bd9473119a092913)
|
|
(This used to be commit b0510b5428b3461aeb9bbe3cc95f62fc73e2b97f)
|