Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 7520879bb08d191f0ab97508f14f525886b1b48b)
|
|
Now, to try and figure out why this logic failed for jra...
Andrew Bartlett
(This used to be commit a32066a9ecf7cd82f66eb8381e07d014f5ac5eff)
|
|
server as to the CIFS session key.
JRA had pain with this being wrong against NT4 (without spnego), hence
this specific test.
Andrew Bartlett
(This used to be commit 47f433708ba38db9bf569567cc048e65f2786ebe)
|
|
include/system/kerberos.h that I'm putting the #defines in...
Andrew Bartlett
(This used to be commit 31f7ec38e63fc86ad7c756de47414152d2809c8f)
|
|
(which gets included by heimdal, or shoudl be) into
auth/kerberos/kerberos.h (which is used by Samba, but not by the
Heimdal code).
Andrew Barteltt
(This used to be commit 3f473a93778b1350df3f7aac07b64008988a059d)
|
|
Andrew Bartlett
(This used to be commit 2a22f413c9704dbfc3befb819d4183523f75d393)
|
|
hdb-ldb module. This removes the need for the KRBTGT case to exist in
the broader heimdal code.
Andrew Bartlett
(This used to be commit fb83465dbccae8af5eb26f735e60f3f40e944446)
|
|
metze
(This used to be commit 6ad7ffab043c3b510f4dff052973a054e5a75779)
|
|
(This used to be commit df29f25140192b64b55012d0a3c36095fbbfb82d)
|
|
(This used to be commit f6abed5660ad8f7298eb2aebbaa25a8c355861a6)
|
|
replay attacks under SMB signing, where the session key is a fixed
derivitive of the user's password.
This removes the VID offset, but I'm not worried about random client
bytes mattering here, given the space (and the fact that it applies to
very, very old clients).
Andrew Bartlett
(This used to be commit eb1d37c5a91a6bc4515469e1ae026d28c12d7149)
|
|
(no need for it to hang around forever).
Add test for this behaviour.
Andrew Bartlett
(This used to be commit 36dc2491d778fbbff32c4abdf95faa9f83024e12)
|
|
declaring the static function. The attribute only works on the
prototype, not the function.
Andrew Bartlett
(This used to be commit 4c254754d25e5aa8b203d2d67a39895ffef3f393)
|
|
This will however still be useful when we have crypt() based
authentication.
Andrew Bartlett
(This used to be commit 005e2c0cfed11010685ebc3f3a69cf9f484c958a)
|
|
(This used to be commit 3fe00b61147e09159ef02328a7f1d8f7805abf0d)
|
|
(This used to be commit dcdf44024aa93e7eca54247d9058904c6950fae7)
|
|
(This used to be commit 0981a375cfa9d8d75b6c89613eadb9d14cf1064f)
|
|
This takes our link dependencies from this:
tridge@blu:~/samba/samba4/source$ ldd bin/ldbsearch
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fc9000)
libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0xb7f92000)
liblber.so.2 => /usr/local/lib/liblber.so.2 (0xb7f85000)
libpam.so.0 => /lib/libpam.so.0 (0xb7f7d000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7e48000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000)
libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7e36000)
libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7e09000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7df3000)
libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0xb7d8c000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7d7d000)
libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb7d6d000)
libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d20000)
libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d1c000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7d09000)
libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7cf5000)
to this:
tridge@blu:~/samba/samba4/source$ ldd bin/ldbsearch
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fc9000)
libpam.so.0 => /lib/libpam.so.0 (0xb7fc0000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7e8b000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000)
this finally gets rid of the implicit dependency on pthreads! Yay!
(This used to be commit 844d2a20830a4666b6c38f6a58305be64b6b76fa)
|
|
- fixed a bug in socket_connect_ev()
(This used to be commit 3f77b879a035929a843e02b798d54eba6625bde7)
|
|
Next step is to
remove the check for the ldap libraries in configure
(This used to be commit 74841dbb2a86bb1c584b5c26c4cd24a818a65a34)
|
|
(This used to be commit ac3f33c61555a2afa30fe446676013564982e257)
|
|
interface is very similar to the traditional ldap interface, and will
be used as part of a ldb backend based on the current ldb_ldap backend
- fixed some allocation issues in ldb_msg.c
(This used to be commit b34a29dcf26f68a2f47380a6c74a4095fdfd2fbe)
|
|
(This used to be commit ffe1b5e6f4cd8cc9ddd0ceda882ad76917ebd1d3)
|
|
resolution fails)
(This used to be commit 4013c2ddea0cd03f875e2acf40d2a34344017d05)
|
|
try and
remove an epoll descriptor for a closed fd
(This used to be commit bec5e9f80a934e6472e8d227214a9baba4f15054)
|
|
level sign/seal mechanisms can break
(This used to be commit 9df569f023f9a1e0d8c35de8135a344933bc69bf)
|
|
pipe is still OK
(This used to be commit 9f7f70124fc67109bc9ace7a57490851341ad759)
|
|
(This used to be commit eddf41d5e4ca43073b96f96b96dbadf7b8b91df5)
|
|
(This used to be commit b9ed92d550f1b821c5402a516eb2dfc2c8d69f0a)
|
|
- add a request destructor, to make it safe to destroy a pending
request with talloc_free()
(This used to be commit 72c6988767249caa585f37fec4c0afbf41557ec2)
|
|
does finally answer the request and it is on the smb transport that we
don't die in the callback code as the rpc request state is gone.
(This used to be commit d47477c5c3acbaa7242fa3a06d4095258db86297)
|
|
(This used to be commit 154effd781c901abfcd8f89721c4a6d03c07b670)
|
|
Andrew Bartlett
(This used to be commit a948e743bbc691798e6a956b35d8e09cfc91f988)
|
|
(This used to be commit 331afee4ca5bc6a6f7e4fe3333846881424314fe)
|
|
- some minor fixes and comments
metze
(This used to be commit 87b1f9a2e027f4318a3104d13c091ca8ec5f16f4)
|
|
struct
- fix some typos in EnumPrintServerForms()/GetPrintServerForms()
- add AddPrintServerForms()/SetPrintServerForms() and DeletePrintServerForms
metze
(This used to be commit 73906388421beebb34f2a00c9e0d1fc8b400a42a)
|
|
- this is an abstraction layer for print services,
like out NTVFS subsystem for file services
- all protocol specific details are still in rpc_server/spoolss/
- like the stupid in and out Buffer handling
- checking of the r->in.server_name
- ...
- this subsystem can have multiple implementation
selected by the "ntptr providor" global-section parameter
- I currently added a "simple_ldb" backend,
that stores Printers, Forms, Ports, Monitors, ...
in the spoolss.db, and does no real printing
this backend is basicly for testing, how the spoolss protocol
works
- the interface is just a prototype and will be changed a bit
the next days or weeks, till the simple_ldb backend can
handle all calls that are used by normal w2k3/xp clients
- I'll also make the api async, as the ntvfs api
this will make things like the RemoteFindFirstPrinterChangeNotifyEx(),
that opens a connection back to the client, easier to implement,
as we should not block the whole smbd for that
- the idea is to later implement a "unix" backend
that works like the current samba3 code
- and maybe some embedded print server vendors can write there own
backend that can directly talk to a printer without having cups or something like this
- the default settings are (it currently makes no sense to change them :-):
ntptr providor = simple_ldb
spoolss database = $private_dir/spoolss.db
metze
(This used to be commit 455b5536d41bc31ebef8290812f45d4a38afa8e9)
|
|
result as "")
- test EnumForms() on the PrintServer (NT4 returns WERR_BADFID)
(jerry: how do it get the lists of forms in the printserver gui)
metze
(This used to be commit fddfe1f04b3ae594e75d702aba4d17ee4d103b8e)
|
|
loops in corrupted tdb files.
Jeremy.
(This used to be commit f9f3037d6855259edd56fd5a23d63dbb37f0a751)
|
|
comment
(This used to be commit 3aa80b8e585a0acc57d4b7738dcccfba232948ca)
|
|
Andrew Bartlett
(This used to be commit 57ddedc954f49fd370225494758326fcbd0bb500)
|
|
(This used to be commit 8735188b46d4bb6c3d63d22a8c6f3fad2c82df89)
|
|
metze
(This used to be commit 520d5c67329e957121e3b71c1ffc0be3893c2033)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
old style
auto homedir share stuff
- add TODO: for checking the password on share mode security
metze
(This used to be commit d9a0c61801f19e55a41c573ea96565946314ecb3)
|
|
(This used to be commit 0c1f54461cea633dbacb9692925b8c971a34a831)
|
|
(This used to be commit c01c176da640c012e1e6c9f0553b5075ef0e93bf)
|
|
(This used to be commit b2529307aaf1e47ce74632b4e516494ac71fe8d1)
|
|
(This used to be commit a4d05988637b4e607c3cdad83bfb1e9cf923b7f0)
|
|
- hooked into events system, so requests can be truly async and won't
interfere with other processing happening at the same time
- uses NTSTATUS codes for errors (previously errors were mostly
ignored). In a similar fashion to the DOS error handling, I have
reserved a range of the NTSTATUS code 32 bit space for LDAP error
codes, so a function can return a LDAP error code in a NTSTATUS
- much cleaner packet handling
(This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)
|