Age | Commit message (Collapse) | Author | Files | Lines |
|
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.
This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal). This causes
changes in all the existing gensec users.
Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.
Gensec has also taken over the role of auth/auth_ntlmssp.c
An important part of gensec, is the output of the 'session_info'
struct. This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.
The schannel code is reworked, to be in the same file for client and
server.
ntlm_auth is reworked to use gensec.
The major problem with this code is the way it relies on subsystem
auto-initialisation. The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.
There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.
Andrew Bartlett
(This used to be commit 07fd885fd488fd1051eacc905a2d4962f8a018ec)
|
|
Andrew Bartlett
(This used to be commit 9002584c020a48ab37cce103b4413e871aae2985)
|
|
Add some 'multi init' code, until we get a better set of infrustructure.
Andrew Bartlett
(This used to be commit 982422b2d286335378531ae9523e74192340af3c)
|
|
because this is the connection state per transport layer (tcp)
connection
I also moved the substructs directly into smbsrv_connection,
because they don't need a struct name and we should allway pass the complete
smbsrv_connection struct into functions
metze
(This used to be commit 60f823f201fcedf5473008e8453a6351e73a92c7)
|
|
metze
(This used to be commit a6c0ca9de52b2395b092cb245bb94cbd55dfdd46)
|
|
metze
(This used to be commit 7b4ad993ad7c937ef9bee1a48a8bda62f2f5d3b9)
|
|
metze
(This used to be commit a85d2db5826a84b812ea5162a11f54edd25f74e3)
|
|
metze
(This used to be commit 99473fab4b1ff87a795f3c08f4c521d9beb504c0)
|
|
metze
(This used to be commit a9ba29e00fc818e798079c42888da3f20f3d1634)
|
|
because I need server_context fot the generic server infastructure
metze
(This used to be commit 0712f9f30797e65362c99423c0cf158a2f539000)
|
|
(This used to be commit cf4e9080d52a5461650062f21f95b7887e3f3411)
|
|
use them in the enumprinters server code.
(This used to be commit 5fcba0aa2019e489e3936ec13dd11a5e8d74ba9f)
|
|
metze
(This used to be commit 52e2d038252bd745d53c687d266ad3ad62efa6fc)
|
|
(This used to be commit 60e48790dc7ee8a98be1914ff4a2c335d25639a8)
|
|
similar dbs.
(This used to be commit 1162e2fcff177cbbe84506efea0f79f68ecb233c)
|
|
which the offset applies to. In an array of structures containing
relative members, the offset applies to the start of the array element
being marshalled. Previously, there was no way to access the relevant
structure start as by the time we have hit buffers, the head of the
offset list will be the last structure being marshalled.
Interestingly enough, this makes relstrs go away. I think we thought
they were a special case in samba 3 but it turns out they are just
regular relative elements in the idl. This makes spoolss a lot simpler
than I thought it would be.
I've run the samr and lsa tests and this doesn't seem to break anything.
It looks like security descriptors are the only structures that contain
relative members.
Oh yeah, this will probably require a 'make clean && make' otherwise you
will get bizzare errors.
(This used to be commit d379dcdfd5f41e7cf7668354c3011b8ace190953)
|
|
(This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
|
|
(This used to be commit 6b24ee38646f3476eaf8eda946488b46180038e2)
|
|
structures.
(This used to be commit 6a39b17f6d8776ae695dc5c6caa0990ab2733e3c)
|
|
Andrew Bartlett
(This used to be commit e03195335931194372468bed2d758d4b9f686fe2)
|
|
ndr_<push|pull>_format_blob()
simular to ndr_<push|pull>_struct_blob()
metze
(This used to be commit b25dd341e0febd550a2936ca484b6fecce2ff8c2)
|
|
we should do it manualy too.
metze
(This used to be commit d3b80fd40a07575c18593523070986b7aed6de92)
|
|
But I don't know how to fix this correct,
so maybe this needs to be fixed
(tridge: can you please look at this)
metze
(This used to be commit b8b4d0d5bf037c79102709ea995ad8b8d6a9caff)
|
|
-move process_model code to smbd/process_model.c
-remove some used code
metze
(This used to be commit 10dd8487290a2876253ce69033e374d23b42e704)
|
|
rename <read|write|free>_spnego_data() into
spnego_<read|write|free>_data
metze
(This used to be commit 3f57c8f596eb6ad31a024acaf60fefcfd28d8387)
|
|
(jra: please use: void, char int, uint_t, [u]int<8|16|32|64>_t types in new code)
metze
(This used to be commit 626bb153c45405f93a96bc5019241af506fac163)
|
|
metze
(This used to be commit 238acc5acf026d341186ed2debcf5d131f2dde96)
|
|
can be used here - neat!
(This used to be commit 5d0013438e6f838da44e6c7e74e4c49d477da3f1)
|
|
string looks like. I'm not sure relstrs can be shoehorned into the ndr
code as easily as adding a LIBNDR_STR flag.
(This used to be commit e216c6a707ee3927d4187962774d59828550e380)
|
|
(This used to be commit 487211f1ae105fd1972fecf521654dab81175c86)
|
|
rpcclient enumprinters prints this information OK.
Some minor cut&paste cleanups.
(This used to be commit 1c749a3a348a2df477808d4fcc5377832bffa5e9)
|
|
(This used to be commit 2b9f364ed052c43b6074da9f5f03908ac81840f3)
|
|
Make PrinterInfo1 struct public so we can call the push function in
spoolss_EnumPrinters().
(This used to be commit f4309f3ced337cf5d968f62e80adee1eb75201af)
|
|
(This used to be commit e21f324937df2fe70b693112bd0b6fe6575d70ed)
|
|
(This used to be commit a5e3a26fc9a7e2c616302ed3b4a021f5755a4a13)
|
|
of things.
(This used to be commit 3e79a6219eca3b96fe04d66b6cdfb11400c1771d)
|
|
This layer is used for DCERPC security, as well as ntlm_auth at this
time. It expect things like SASL and the CIFS layer to use it as
well.
The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.
Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.
Andrew Bartlett
(This used to be commit 902af49006fb8cfecaadd3cc0c10e2e542083fb1)
|
|
just a alloc_asprintf().
(makes it easier to use in a loop)
Andrew Bartlett
(This used to be commit 5816d09c47252d2ee8732722b3cc44ea865b8fcc)
|
|
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.
Andrew Bartlett
(This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b)
|
|
Andrew Bartlett
(This used to be commit 57ca89eab37b9d3dd83124d9d0f5a526aca0979f)
|
|
Andrew Bartlett
(This used to be commit 4f06bf4ab8cc61aec730f84766306119eb976c57)
|
|
call, avoid code duplication in the torture suite.
Andrew Bartlett
(This used to be commit b6128c2a9d8e23dad0b14106f45a0638655d6cd7)
|
|
of a bogus WERROR.
(This used to be commit 261531ce0a7f33eda5358319312877dc85386edb)
|
|
* Remove unreached counter increment
* Print the correct NTLMSSP key.
(This used to be commit b96700695479c19c7b2c190616420762409fdf0d)
|
|
still be broken.
Andrew Bartlett
(This used to be commit da5f311732d626c500dc5eaf6d457fee49e2da99)
|
|
Doesn't do much at the moment except compile.
(This used to be commit ed9c4d7d70041879fa5005222f6cf84af558abef)
|
|
ethereal.
(This used to be commit bf8e255d2e53fe50c2d37065aac8c6582712f0b0)
|
|
endpoint.
Andrew Bartlett
(This used to be commit e12ad47c69098b6865f5b10527aa44ff322e4b18)
|
|
are variable length.
Remove extra casts
Andrew Bartlett
(This used to be commit 84f86b83f88cea5564347f3aa623be2d9feeb4b3)
|
|
- implement key weakening
- don't create large 'hashes' when we only want a key (signing subkeys)
- make more useful debugs.
NTLM2 is still off by default, till I figure out how to do NTLM2 signing.
Andrew Bartlett
(This used to be commit 079c2654851536b0a7918d408ac9597abbab8fd2)
|