summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | selftest: run smb signing tests as part of make quicktestStefan Metzmacher2008-09-231-0/+1
| | | | | | | | | | | | | | | | metze
| | * | selftest: test some smb signing combinations against the member serverStefan Metzmacher2008-09-231-0/+40
| | | | | | | | | | | | | | | | metze
| | * | s4:smb_server: remove the bogus smbsrv_signing_restart()Stefan Metzmacher2008-09-232-41/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Real signing always starts with seqnumber 2, and once signing is on the session key never change anymore for the complete smb connection. metze
| | * | libcli/smb_composite: for spnego session setups check the smb signature manuallyStefan Metzmacher2008-09-231-23/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to start signing when we got NT_STATUS_OK from the server and manually check the signature of the servers response. This is needed as the response might be signed with the krb5 acceptor subkey, which comes within the server response. With NTLMSSP this happens for the session setup: request1 => BSRSPYL seqnum: 0 response1 => BSRSPYL seqnum: 0 request2 => BSRSPYL seqnum: 0 response2 => <SIGNATURE> seqnum: 1 and with krb5: request1 => BSRSPYL seqnum: 0 response1 => <SIGNATURE> seqnum: 1 metze
| | * | libcli/raw: real signing starts at seqnumber 2Stefan Metzmacher2008-09-231-0/+1
| | | | | | | | | | | | | | | | metze
| | * | libcli/raw: in SMB_SIGNING_ENGINE_BSRSPYL state it's ok to accept any signatureStefan Metzmacher2008-09-231-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Even if signing is mandatory. With NTLMSSP this happens for the session setup: request1 => BSRSPYL response1 => BSRSPYL request2 => BSRSPYL response2 => <SIGNATURE> and with krb5: request1 => BSRSPYL response1 => <SIGNATURE> metze
| | * | libcli/raw: give the caller the chance to do the signing checks on its own.Stefan Metzmacher2008-09-232-0/+10
| | | | | | | | | | | | | | | | metze
| | * | libcli/raw: give the caller the chance to prevent the talloc_free(req) in ↵Stefan Metzmacher2008-09-232-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | the _recv functions metze
| | * | gensec_krb5: only give away the session key, when the authentication is doneStefan Metzmacher2008-09-231-0/+4
| | | | | | | | | | | | | | | | metze
| | * | gensec_gssapi: only give away the session key, when the authentication is doneStefan Metzmacher2008-09-231-4/+5
| | | | | | | | | | | | | | | | metze
| | * | ntlmssp: only give away the session key, when the authentication is doneStefan Metzmacher2008-09-231-0/+4
| | | | | | | | | | | | | | | | metze
| | * | RPC-PAC: loop in gensec_update() untill the server side is readyStefan Metzmacher2008-09-231-5/+1
| | | | | | | | | | | | | | | | metze
| | * | s3-nbt: remove old samba3 libcli/nbt copy.Günther Deschner2008-09-232-979/+0
| | | | | | | | | | | | | | | | Guenther
| | * | [s3]winbindd_group: don't list the domain twice when expanding internal aliasesMichael Adam2008-09-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this, "getent group builtin\\administrators" expanded domain group members in the form DOMAIN\domain\user. Michael
| | * | [s3]winbindd_group: sanely handle NULL domain in add_member().Michael Adam2008-09-231-1/+5
| | | | | | | | | | | | | | | | Michael
| | * | [s3]winbindd_ads: honour "winbind use default domain" in lookup_groupmem().Michael Adam2008-09-231-9/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the output of "getent group" when "winbind use default domain = yes" with security = ads. Michael
| | * | [s3]winbindd_rpc: add domain prefix to username in lookup_groupmem().Michael Adam2008-09-231-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes the output of "getent group" of a domain group show the domain prefix with "security = domain". Michael
| | * | [s3]winbindd_util: add fill_domain_username_talloc().Michael Adam2008-09-231-0/+27
| | | | | | | | | | | | | | | | | | | | | | | | A talloc version of fill_domain_username(). Michael
| | * | [s3]winbindd_util: add prototype for fill_domain_username_talloc().Michael Adam2008-09-231-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | A talloc version of fill_domain_username(). Michael
| | * | [s3]winbindd: fix a comment typoMichael Adam2008-09-231-1/+1
| | | | | | | | | | | | | | | | Michael
| | * | [s3]winbind_util: fix an implicit cast compile warning.Michael Adam2008-09-231-1/+1
| | | | | | | | | | | | | | | | Michael
| | * | s3-nbt: fix remaining callers of ndr_push/pull_struct_blob.Günther Deschner2008-09-238-15/+15
| | | | | | | | | | | | | | | | Guenther
| | * | s3-nbt: use ../libcli/nbt helper.Günther Deschner2008-09-232-18/+1
| | | | | | | | | | | | | | | | Guenther
| | * | s3: re-run make idl.Günther Deschner2008-09-231-1/+1
| | | | | | | | | | | | | | | | Guenther
| | * | s3-nbt: refer to ../libcli/nbt in nbt.idl.Günther Deschner2008-09-231-1/+1
| | | | | | | | | | | | | | | | Guenther
| | * | s4-nbt: use ../libcli/nbtGünther Deschner2008-09-2310-14/+14
| | | | | | | | | | | | | | | | Guenther
| | * | s4-nbt: move libcli/nbt up one level.Günther Deschner2008-09-238-149/+149
| | | | | | | | | | | | | | | | Guenther
| | * | s4-nbt: merge some fixes from samba3 nbt helper.Günther Deschner2008-09-232-24/+24
| | | | | | | | | | | | | | | | Guenther
| | * | s4-nbt: use private_data instead of private.Günther Deschner2008-09-2319-57/+57
| | | | | | | | | | | | | | | | Guenther
| | * | s3: use samba4 prototype for ndr_push/pull_struct_blob.Günther Deschner2008-09-238-25/+29
| | | | | | | | | | | | | | | | Guenther
| | * | s3: re-run make idl.Günther Deschner2008-09-233-7/+13
| | | | | | | | | | | | | | | | Guenther
| | * | s3-nbt: fix nbt.idl in order to use shared nbt helper.Günther Deschner2008-09-231-3/+3
| | | | | | | | | | | | | | | | Guenther
| | * | s3-charset: add smb_iconv_convenience.Günther Deschner2008-09-231-0/+2
| | | | | | | | | | | | | | | | Guenther
| | * | s4-nbt: remove unrequired include.Günther Deschner2008-09-231-1/+0
| | | | | | | | | | | | | | | | Guenther
| | * | s4: add talloc_strdup_upper.Günther Deschner2008-09-231-1/+7
| | | | | | | | | | | | | | | | Guenther
| | * | Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-develAndrew Bartlett2008-09-229-1/+3756
| | |\ \
| | | * | Fix make pch in the merged buildVolker Lendecke2008-09-231-1/+3
| | | | |
| | | * | idmap_adex: Add new idmap plugin for support RFC2307 enabled AD forests.Gerald (Jerry) Carter2008-09-229-0/+3753
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The adex idmap/nss_info plugin is an adapation of the Likewise Enterprise plugin with support for OU based cells removed (since the Windows pieces to manage the cells are not available). This plugin supports * The RFC2307 schema for users and groups. * Connections to trusted domains * Global catalog searches * Cross forest trusts * User and group aliases Prerequiste: Add the following attributes to the Partial Attribute Set in global catalog: * uidNumber * uid * gidNumber A basic config using the current trunk code would look like [global] idmap backend = adex idmap uid = 10000 - 19999 idmap gid = 20000 - 29999 idmap config US:backend = adex idmap config US:range = 20000 - 29999 winbind nss info = adex winbind normalize names = yes winbind refresh tickets = yes template homedir = /home/%D/%U template shell = /bin/bash
| | * | | Remove unused parameter from decode_pw_buffer and fail on invalidAndrew Bartlett2008-09-223-13/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UTF-16 input The input checking is important, as otherwise we could set the wrong password. Andrew Bartlett
| | * | | Remove unused variableAndrew Bartlett2008-09-221-2/+0
| | | | |
| | * | | Explain why we use signing for DCs, but not file serversAndrew Bartlett2008-09-221-0/+9
| | | | |
| | * | | Test re-setting the challenge after an auth3 in RPC-NETLOGONAndrew Bartlett2008-09-221-0/+4
| | |/ /
| | * | Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-develAndrew Bartlett2008-09-228-1/+162
| | |\ \
| | | * | re-run make idl.Günther Deschner2008-09-222-0/+8
| | | | | | | | | | | | | | | | | | | | Guenther
| | | * | netapi: add more fields to USER_INFO_X.Günther Deschner2008-09-221-0/+2
| | | | | | | | | | | | | | | | | | | | Guenther
| | | * | netapi: add NetFile testsuite.Günther Deschner2008-09-224-1/+151
| | | | | | | | | | | | | | | | | | | | Guenther
| | | * | netapi: fix case statement in example NetUserSetModals code.Günther Deschner2008-09-221-0/+1
| | | | | | | | | | | | | | | | | | | | Guenther
| | * | | This torture test and skipping of the server-side check was bogus.Andrew Bartlett2008-09-222-52/+1
| | |/ / | | | | | | | | | | | | | | | | | | | | | | | | The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
| | * | s4: allways initialize the process model before it's usedStefan Metzmacher2008-09-228-9/+10
| | | | | | | | | | | | | | | | metze
| | * | create-tarball: Adapt script to changed directory structure.Karolin Seeger2008-09-221-3/+3
| | | | | | | | | | | | | | | | Karolin
generated by cgit (git 2.34.1) at 2025-09-30 07:23:23 +0000