summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| | | * r17286: Simply fail the tls_initialise if we don't have TLS compiled in.Andrew Bartlett2006-07-282-8/+13
| | | | | | | | | | | | | | | | | | | | | | | | Adjust the web_server code to cope with this. Andrew Bartlett
| | | * r17285: some reformatingStefan Metzmacher2006-07-271-10/+23
| | | | | | | | | | | | | | | | metze
| | | * r17284: move the input checking stuff from ntlmssp_update() into itsStefan Metzmacher2006-07-271-40/+44
| | | | | | | | | | | | | | | | | | | | | | | | own function. metze
| | | * r17283: use the async calls of auth_check_password() and gensec_update()Stefan Metzmacher2006-07-272-245/+330
| | | | | | | | | | | | | | | | | | | | | | | | in the smb server. metze
| | | * r17282: test some simple operation with the LANMAN1 and LANMAN2 protocol,Stefan Metzmacher2006-07-271-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | that finally tests our RAW_SESSSETUP_OLD code metze
| | | * r17281: we now have client/server max protolStefan Metzmacher2006-07-271-1/+1
| | | | | | | | | | | | | | | | metze
| | | * r17280: NT_STATUS_INVALID_HANDLE maps to ERRbadfid, which is wrong in this Stefan Metzmacher2006-07-271-14/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | places, so only overwrite ERRbaduid and ERRinvnid when NTSTATUS support is given. metze
| | | * r17278: fix un uninitialized value found by valgrindStefan Metzmacher2006-07-271-0/+1
| | | | | | | | | | | | | | | | metze
| | | * r17277: we need to trigger an event when we return directly,Stefan Metzmacher2006-07-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | otherwise the callers callback function will not be called and the caller is hanging forever... metze
| | | * r17275: ignore generated headerStefan Metzmacher2006-07-270-0/+0
| | | | | | | | | | | | | | | | metze
| | | * r17274: fix typosStefan Metzmacher2006-07-271-2/+2
| | | | | | | | | | | | | | | | metze
| | | * r17273: add an async version of auth_check_password() on the public Stefan Metzmacher2006-07-272-31/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | auth interface and implement the sync version as wrapper to auth_check_password_send/recv() as next all callers need to be converted to the async interface and then the modules metze
| | | * r17272: move the callback stuff into a substructureStefan Metzmacher2006-07-271-8/+10
| | | | | | | | | | | | | | | | metze
| | | * r17270: split the logic of saying this auth backend wants to handle thisStefan Metzmacher2006-07-277-41/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | request from the password checking. This will help to make the password checking hook async later metze
| | | * r17268: change the smb2 session setup to use the new ↵Stefan Metzmacher2006-07-271-61/+91
| | | | | | | | | | | | | | | | | | | | | | | | gensec_update_send/recv() api metze
| | | * r17267: - add an async interface for gensec_update() to the public gensec apiStefan Metzmacher2006-07-272-0/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - note this is still uses the sync update() hook of the gensec modules but it allows me to fix the callers first Later auth_check_password() will also get an async version, so that we can later implement an async version of auth_winbind using async IRPC to the winbind task. metze
| | | * r17265: some reformattingStefan Metzmacher2006-07-271-57/+27
| | | | | | | | | | | | | | | | metze
| | | * r17264: - remove unused includes from tallocStefan Metzmacher2006-07-262-15/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - check explicit check for varargs.h as fallback from stdarg.h and fail the build if both are not present metze
| | | * r17263: export talloc_free_children()Stefan Metzmacher2006-07-261-0/+1
| | | | | | | | | | | | | | | | metze
| | | * r17257: make the size_t is to small error more verboseStefan Metzmacher2006-07-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | (hopefully nobody will ever see this:-) metze
| | | * r17256: fix 2 crash bugs, which are introduced by making parametersStefan Metzmacher2006-07-261-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ref pointers! I'm sure there're more places and more care is needed when idl files are changed. Hopefully testing against windows in the build farm find such bugs in future... Why is in the client library this no more possible: NTSTATUS foo([in,out,ref] uint8 *foo); and then just r.in.foo = &foo; status = dcerpc_foo(p, mem_ctx, &r); and r.out.foo will set to r.in.foo via pidl magic, that worked some time ago... metze
| | | * r17255: fixed BENCH-NBENCH for new smb_raw_find_first() syntaxAndrew Tridgell2006-07-261-1/+2
| | | |
| | | * r17253: add configure checks for writev/readv to see how portable they'reStefan Metzmacher2006-07-261-0/+3
| | | | | | | | | | | | | | | | metze
| | | * r17251: - split out the starttls into its own functionStefan Metzmacher2006-07-261-42/+96
| | | | | | | | | | | | | | | | | | | | | | | | - give an operations error when tls is already on the socket metze
| | | * r17250: Fix comment, the Samba3 winbind protocol uses the host byte order here.Andrew Bartlett2006-07-261-1/+1
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17243: some svcctl idl fixes from <andrzej.hajda@wp.pl>Stefan Metzmacher2006-07-251-7/+7
| | | | | | | | | | | | | | | | metze
| | | * r17241: substitude @datarootdir@ with old autoconf versions:-)Stefan Metzmacher2006-07-251-0/+1
| | | | | | | | | | | | | | | | metze
| | | * r17240: move extended operations to a new fileStefan Metzmacher2006-07-253-78/+98
| | | | | | | | | | | | | | | | metze
| | | * r17238: Add datarootdir (required for newer autoconf versions)Jelmer Vernooij2006-07-251-0/+1
| | | |
| | | * r17237: - keep pointer to the different socketsStefan Metzmacher2006-07-254-3/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - we need this to later: - to disallow a StartTLS when TLS is already in use - to place the TLS socket between the raw and sasl socket when we had a sasl bind before the StartTLS - and rfc4513 says that the server may allow to remove the TLS from the tcp connection again and reuse raw tcp - and also a 2nd sasl bind should replace the old sasl socket metze
| | | * r17230: don't overwrite the error with NT_STATUS_NO_MEMORYStefan Metzmacher2006-07-251-10/+7
| | | | | | | | | | | | | | | | metze
| | | * r17227: don't call a function which takes some nonoptional argsStefan Metzmacher2006-07-251-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | with NULL. metze
| | | * r17226: add some comments about ldap binds and pending requestsStefan Metzmacher2006-07-251-0/+14
| | | | | | | | | | | | | | | | metze
| | | * r17225: Fix the build by fixing the spelling of START-TLS.Andrew Bartlett2006-07-251-1/+1
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17224: Accept the start-tls extended request. Getting OpenLDAP to recogniseAndrew Bartlett2006-07-251-1/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | our certificate, and proceed with the connection is left as an exercise for the reader... Andrew Bartlett
| | | * r17223: In some protocols it is not possible to negoitate off some features,Andrew Bartlett2006-07-251-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | without the agreement of the peer. This can cause problems, because one side things sealing is disabled, while the other thinks it is enabled. Andrew Bartlett
| | | * r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett2006-07-258-78/+148
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett
| | | * r17221: Add some integer wrap parinoia to data_blob_append().Andrew Bartlett2006-07-251-5/+18
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17215: Prepare the SASL socket before actually settting it. This allowsAndrew Bartlett2006-07-241-29/+51
| | | | | | | | | | | | | | | | | | | | | | | | errors to be reported corectly, rather than just dropping the socket. Andrew Bartlett
| | | * r17210: I wonder how I missed this, build farm caught it.Simo Sorce2006-07-231-1/+1
| | | |
| | | * r17209: Add dependency over the new share configuration module into smbdSimo Sorce2006-07-231-1/+2
| | | | | | | | | | | | | | | | Should fix some build farm machine
| | | * r17208: Add a away to test the ldb module.Simo Sorce2006-07-232-0/+257
| | | | | | | | | | | | | | | | | | | | Actually you can't test both classic and ldb together, but you can replace the standard script/tests/mktestsetup.sh file with this one and run make test to see share_ldb in action
| | | * r17207: Add the ldb based shares configuration moduleSimo Sorce2006-07-232-0/+291
| | | |
| | | * r17206: Add a modular API for share configuration.Simo Sorce2006-07-2330-230/+1005
| | | | | | | | | | | | | | | | Commit the classic backwards compatible module which is the default one
| | | * r17205: Even if this makes me look foolish, at least start to scratch on the ↵Volker Lendecke2006-07-232-24/+308
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | surface of spoolss. If snum is to be removed, then we should make at least the attempt to walk parts of the code before and after the changes. This walks GetPrinterInfo level 0-7. Volker
| | | * r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett2006-07-2318-248/+639
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett
| | | * r17196: Clarify that SSL is used for LDAP as well as SWAT.Andrew Bartlett2006-07-231-1/+1
| | | | | | | | | | | | | | | | Andrew Bartlett
| | | * r17195: Start thinking how to implement extended operations.Simo Sorce2006-07-222-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ad supports three extended operations: - start tls - dynamic objects - fast binds none of these are a priority.
| | | * r17193: Remove ancient stuff never really usedSimo Sorce2006-07-222-364/+0
| | | |
| | | * r17189: Add the new LDAP rfc seriesSimo Sorce2006-07-2224-0/+27176
| | | |
generated by cgit (git 2.34.1) at 2025-10-03 14:41:05 +0000