samba.git/source4/ntp_signd, branch master

build: Build with system md5.h on OpenIndiana

2013-06-19T19:32:36+00:00

This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5.  I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.

This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).

Andrew Bartlett

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104

Use the new directory_create_or_exist_strict() function.

2013-01-09T08:11:20+00:00

Reviewed-by: Andrew Bartlett

ntp_signd: Only allow group access to the ntp signd directory.

2012-11-12T11:36:27+00:00

Existing installations running ntp as group 'ntp' will need to change
the permissions on the ntp_signd socket directory (eg
PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd)

The reason is that allowing other users on the host access to this
directory would allow them to potentially spoof time on the network,
or attack the password database with a chosen plaintext attack.

Permissions should be changed to:

ownership root:ntp (if ntp runs as gid ntp)
mode 0750 (this is what it will be created as)

If the permissions are not changed, Samba will refuse to start the
ntp_signd server, and NTP operations will not be signed.  As the error
is declared fatal, in the future, Samba may totally refused to start.

Andrew Bartlett

Signed-off-by: Andrew Bartlett 
Reviewed-by: Michael Adam 

Autobuild-User(master): Michael Adam 
Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104

s4:ntp_signd: fix SEGV if SID cannot be found

2012-08-14T15:16:54+00:00

Signed-off-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104

Introduce system MIT krb5 build with --with-system-mitkrb5 option.

2012-05-23T14:51:50+00:00

System MIT krb5 build also enabled by specifying --without-ad-dc

When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level
configure in WAF build we are trying to detect and use system-wide MIT krb5
libraries. As result, Samba 4 DC functionality will be disabled due to the fact
that it is currently impossible to implement embedded KDC server with MIT krb5.

Thus, --with-system-mitkrb5/--without-ad-dc build will only produce
  * Samba 4 client libraries and their Python bindings
  * Samba 3 server (smbd, nmbd, winbindd from source3/)
  * Samba 3 client libraries

In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture.
This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.

source4/: Fix prototypes for all functions in various subsystems.

2011-03-19T02:20:05+00:00

ldb: use #include for ldb

2011-02-10T05:51:07+00:00

thi ensures we are using the header corresponding to the version of
ldb we're linking against. Otherwise we could use the system ldb for
link and the in-tree one for include

Pair-Programmed-With: Andrew Bartlett

s4: Build ldap and samba3_smb services as shared modules.

2010-11-15T03:04:40+00:00

Autobuild-User: Jelmer Vernooij 
Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104

s4-server: make server sockets a child of the task context

2010-11-14T23:19:34+00:00

We previously allocated sockets as direct children of the event
context. That led to crashes if a service called
task_server_terminate(), as it left the socket open and handling
events for a dead protocol.

Making them a child of the task allows the task to terminate and take
all its sockets with it.

Pair-Programmed-With: Andrew Bartlett

web_server: Build as module.

2010-11-14T17:58:05+00:00

Autobuild-User: Jelmer Vernooij 
Autobuild-Date: Sun Nov 14 17:58:05 UTC 2010 on sn-devel-104