summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r1511: fixed a free() that should be ldb_free()Andrew Tridgell1-1/+1
this might explain the tdb corruption that metze found - it caused heap corruption that affected tdb (This used to be commit 31d55dfb443612a341ff6ade77c6e4477c4fefca)
2007-10-10r1510: add a commented out routine I used to test password change on NT3.Andrew Tridgell1-0/+61
(This used to be commit fb5796b0dccf7cd518db03e6456d986f17e50345)
2007-10-10r1509: in order to interoperate with NT3.1 we need to ignore extra data at ↵Andrew Tridgell1-3/+7
the end of RPC PDUs. It turns out that NT3.1 adds junk onto the end of every PDU. (This used to be commit a4a89cffd85c213a4d751c24ccda438e44df4d2e)
2007-10-10r1508: simple fix for broken server side signing. This may need more work forAndrew Tridgell1-1/+1
SPNEGO, but I'll leave andrew to tackle that. (This used to be commit 5dd71be8d9e49277f17668877e47729c340f0f67)
2007-10-10r1507: fixed the handling of SMB chaining with the new server structure. YouAndrew Tridgell2-17/+33
must think carefully about packet chaining when dealing with any authentication or SMB parsing issues. The particular problem here was that a chained tconX didn't get the req->session setup after an initial sesstion setup call, so the tconx used a bogus VUID. (This used to be commit 6f2a335cd623211071b01d982d4e7c69b49a5602)
2007-10-10r1499: combine struct user_struct and struct smbsrv_userStefan Metzmacher9-104/+90
to a struct smbsrv_session that the same as cli_session for the client we need a gensec_security pointer there (spnego support will follow) prefix some related functions with smbsrv_ metze (This used to be commit f276378157bb9994c4c91ce46150a510de5c33f8)
2007-10-10r1498: (merge from 3.0)Andrew Bartlett14-53/+102
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
2007-10-10r1497: add forward declaration for struct auth_session_infoStefan Metzmacher1-0/+2
(fix compiler warning) metze (This used to be commit 65147f5aa2a56220a387876d990a546beb93a2d7)
2007-10-10r1494: fix debug messageStefan Metzmacher1-1/+1
metze (This used to be commit 463982bf3f37bac67e1aaa488e4142d0ecc23307)
2007-10-10r1486: commit the start of the generic server infastructureStefan Metzmacher27-549/+1076
the idea is to have services as modules (smb, dcerpc, swat, ...) the process_model don't know about the service it self anymore. TODO: - the smbsrv should use the smbsrv_send function - the service subsystem init should be done like for other modules - we need to have a generic socket subsystem, which handle stream, datagram, and virtuell other sockets( e.g. for the ntvfs_ipc module to connect to the dcerpc server , or for smb or dcerpc or whatever to connect to a server wide auth service) - and other fixes... NOTE: process model pthread seems to be broken( but also before this patch!) metze (This used to be commit bbe5e00715ca4013ff0dbc345aa97adc6b5c2458)
2007-10-10r1483: build dynconfig.c also with PICFLAGSStefan Metzmacher1-1/+1
metze (This used to be commit fef597a76c0b0796ca834a31550cf279babe96fc)
2007-10-10r1482: today I saw DCERPC_AUTH_TYPE 16(0x10)Stefan Metzmacher1-0/+4
and it seems to be raw krb5, but I need to do some tests metze (This used to be commit 01612927902ed5e4d0109fec453307cdcb95336f)
2007-10-10r1481: add idl file and torture test dummiesStefan Metzmacher5-1/+350
for DRSUapi (the Active Directory Replication Protocol) I'll try to fill the idl file as part of a study project together with some other students... metze (This used to be commit 3fc9abcad712c4cc5c9879df0acaa5a19a3d8718)
2007-10-10r1480: gwsam has unresolved symbols in itStefan Metzmacher1-1/+2
(on my SuSE 9.1) so I disable it for now metze (This used to be commit 32d6f86d43394fea11ee5059c884dcaf2736747b)
2007-10-10r1479: print out domain tooStefan Metzmacher1-0/+1
(This used to be commit 2758c26ac96a62d7e0853e5d5fa95925ddce3420)
2007-10-10r1476: Don't print messages about the CCACHE not being found - this is normal.Andrew Bartlett1-2/+6
Andrew Bartlett (This used to be commit 30d88580efe45dc792f8d5c04f4abe0497d1551c)
2007-10-10r1475: More kerberos workAndrew Bartlett10-53/+347
- We can now connect to hosts that follow the SPNEGO RFC, and *do not* give us their principal name in the mechListMIC. - The client code now remembers the hostname it connects to - We now kinit for a user, if there is not valid ticket already - Re-introduce clock skew compensation TODO: - See if the username in the ccache matches the username specified - Use a private ccache, rather then the global one, for a 'new' kinit - Determine 'default' usernames. - The default for Krb5 is the one in the ccache, then $USER - For NTLMSSP, it's just $USER Andrew Bartlett (This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
2007-10-10r1474: It is useful if talloc_strdup() behaves like strdup()Andrew Bartlett1-0/+3
- NULL in, NULL out Andrew Bartlett (This used to be commit 2cc0b3a2f1785c53268f018999a87c26539fd4a6)
2007-10-10r1470: Get the smb_trans2 structure out of the rap_cli_call struct.Volker Lendecke8-19/+546
Initial attempt at RAP server infrastructure. Look at rap_server.c for the dummy functions that are supposed to implement the core functionality. ipc_rap.c contains all the data shuffling. _rap_shareenum and _rap_serverenum2 in ipc_rap.c are (I think) regular enough to be auto-generated. I did not test all the corner cases yet, but nevertheless I would like some comments on the general style. Volker P.S: samba-3 smbclient now doesn't freak out anymore, although the results are not entirely correct :-) (This used to be commit 08140cc1a838b4eaa23c897b280a46c95b7ef3e0)
2007-10-10r1469: fix a segfault and compiler warning,Stefan Metzmacher1-3/+2
introduced by the "compiler warning fix" in rev 1460... metze (This used to be commit ffb7ba35cdb2fb19b8271a3585eef075948bef9c)
2007-10-10r1467: disable gensec_krb5 by default till abartletStefan Metzmacher1-1/+2
add the kinit code metze (This used to be commit 9a876be76cee3983676d8c89549162b5c4eba8b0)
2007-10-10r1466: the name "oid" is taken by some silly system headers - avoid it in ↵Andrew Tridgell1-2/+2
our code (This used to be commit ea5659b051f95402441e69ba4ce5aea1ed6f5c86)
2007-10-10r1465: always do a full C prototype, even if its only (void).Andrew Tridgell2-3/+3
this declaration: int foo(); is *not* the same as this one: int foo(void); the first means "I don't know what arguments it takes". The second means "it takes no arguments" (This used to be commit 6724932810772a10e7e51d2f6f2b106c02eafb73)
2007-10-10r1464: the recent build changes completely lost the speed advantage of usingAndrew Tridgell1-1/+1
PCH (in fact, it meant that PCH was a slowdown, not a speedup). To gain speed with PCH you must ensure that the .gch file is compiled with _exactly_ the same options as the normal object files. this fixes the .gch build options (This used to be commit 910ca1748648a58daaea6a04d5c96e6c62f79c40)
2007-10-10r1463: fix the krb5 buildStefan Metzmacher3-1/+6
metze (This used to be commit fc8d00b8ab28535da4ec0b7e6931bbf402a37013)
2007-10-10r1462: GENSEC Kerberos and SPENGO work:Andrew Bartlett10-111/+178
- Spelling - it's SPNEGO, not SPENGO - SMB signing - Krb5 logins are now correctly signed - SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not. Andrew Bartlett (This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
2007-10-10r1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.Andrew Bartlett2-1/+2
Andrew Bartlett (This used to be commit 67ac9600664e93aa2fe9426127313b57ddaec2cf)
2007-10-10r1460: Avoid a compile warning.Andrew Bartlett1-2/+5
Andrew Bartlett (This used to be commit 10a973da88441b255eda7cbc263ef5c4f2f0fcae)
2007-10-10r1458: Add a new configure option, to make it possible to both find errors,Andrew Bartlett1-0/+6
and compile with gtk. The --enable-developer option was just too noisy with buggy GTK headers. Andrew Bartlett (This used to be commit 54c3d98baf3d4f4b6fe40201b50922caf7364285)
2007-10-10r1457: Add the GSSAPI layer to our gensec_krb5 code.Andrew Bartlett2-33/+142
Andrew Bartlett (This used to be commit 893a9a3865d7046d8b1cb0418aaf48b88beefa05)
2007-10-10r1456: Rename this parameter to avoid shadowing a badly-named GTK global.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 39d8949d25793e2602e0ab5ec37e213f9ccae658)
2007-10-10r1455: More Gtk+ updates:Jelmer Vernooij12-65/+1194
- Start working on 'gwsam' - Add GtkSelectDomainDialog and GtkSelectHostDialog (This used to be commit bea47671aa791f3c4d22263f9444aea1a73f47f1)
2007-10-10r1454: Today is the day of broken builds, now I get my share ... :-)Volker Lendecke2-0/+85
Add a missing file. Volker (This used to be commit 2bc6147c118a61f7f37f3414cce3df44625ade65)
2007-10-10r1453: Change the RAP client to use the ndr routines for moving bytes around.Volker Lendecke1-295/+100
Volker (This used to be commit 1506da85b9e53c71a470b1ef0579e0096451b5a7)
2007-10-10r1452: Thanks to Volker for spotting that this code was certainly not tested...Andrew Bartlett1-0/+1
(make sure to actually return the result). Andrew Bartlett (This used to be commit 8d449bbe2b9aa29315e894be1400a9475ef99468)
2007-10-10r1451: More missing files...Jelmer Vernooij2-0/+12
(This used to be commit 7e9884799e4f450b9693b6e29d7490288ebc969e)
2007-10-10r1450: Oops.. Missing files :-)Jelmer Vernooij2-0/+47
(This used to be commit eaa2940ba039f59e13d44c6e2dda919ed8e388f5)
2007-10-10r1449: Use the config system somewhat better in libcli/authJelmer Vernooij5-33/+5
(This used to be commit 69de0d95c585c1a73072e921884cbd427c160176)
2007-10-10r1448: Indent this so proto doesn't pick it up.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 1164be10af8e1b47824df391196ec37c395a4040)
2007-10-10r1447: Fix compile.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit b97ea8a63f044d2c20781c876575978cc4725285)
2007-10-10r1446: Another funciton to avoid in proto.hAndrew Bartlett1-0/+6
Andrew Bartlett (This used to be commit 310a570936c0d2d5af168aeca1b33206622d8355)
2007-10-10r1445: Ensure get_auth_data_from_tkt doesn't get into proto.hAndrew Bartlett2-2/+4
Andrew Bartlett (This used to be commit 159c234589e8e148180217f9ef4853b3031877db)
2007-10-10r1443: More changes towards Kerberos in Samba4's GENSEC.Andrew Bartlett2-132/+24
The kerberos context is now tied in life to the GENSEC context. Andrew Bartlett (This used to be commit 64e99170c3b53a14d7f8d29cf78283f2bc22c1f7)
2007-10-10r1442: I was going to rename kerberos.c -> kerberos_kinit.c, but didn't.Andrew Bartlett1-1/+1
Fix config.mk... (oh, and this file is somehow marked as binary...) Andrew Bartlett (This used to be commit 3e9aa67e3fdd9be18bdead6d45a982d30e5fd5b4)
2007-10-10r1441: Indentation and comment fixes.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit 231e505dea9e9aca28eb336bcbcfb2b7b83c089c)
2007-10-10r1440: GENSEC improvements:Andrew Bartlett2-1/+66
- Infrustructure for kerberos - Don't segfault on un-implemented backend functions - Add comments. Andrew Bartlett (This used to be commit 1c31aa42710421917428d6ba86328ea5179751bd)
2007-10-10r1439: Once we are authenticated, always return NT_STATUS_OK. (Makes SPENGOAndrew Bartlett1-1/+1
easier to code, as it may return an 'ok' with an empty blob). Andrew Bartlett (This used to be commit e48557158ed99eee7d3ef8231c629bbd14cda9d3)
2007-10-10r1438: Record the principal name we are sent in the SPENGO mechListMIC in aAndrew Bartlett2-3/+3
seperate char *, not a DATA_BLOB. This allows us to tell if we were sent a string here, or a real MIC. (This used to be commit 06b997c826e3ec00e0528da800e3eae0e3497a54)
2007-10-10r1437: Intermediate commit of krb5 for GENSEC.Andrew Bartlett2-40/+360
The session key in the client is wrong, we don't do signing/sealing and we are sending raw Kerberos, not GSSAPI. But it's a start, and if we continue to have to call Krb5 directly, this will be the basis. I also intend to provide an alternate implementation, using just GSSAPI. Andrew Bartlett (This used to be commit eb0dd4a821dc3dbe370aea9a9c9fb05cf2592e4d)
2007-10-10r1436: Move GENSEC across to config.mkAndrew Bartlett2-17/+25
Andrew Bartlett (This used to be commit 2de3a3082344fd292b1084a73a332549d6b2e25d)