summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s3-auth fix comment after s3 ntlmssp gensec moduleAndrew Bartlett2011-10-181-1/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: move event-using code to gensec_update() hooks out of gensec_start*()Andrew Bartlett2011-10-183-39/+77
| | | | | | | This ensures that only gensec_update() will require an event context argument when the API is refactored. Andrew Bartlett
* ntlmssp: Refuse to seal if we did not negotiate to signAndrew Bartlett2011-10-181-0/+5
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: Refuse to seal if we did not negotiate to signAndrew Bartlett2011-10-181-0/+3
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-auth: match the new s3 gensec client and always negotiate SIGN with SEALAndrew Bartlett2011-10-181-0/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: Assert that we have not been subject to a downgrade attack in ↵Andrew Bartlett2011-10-183-1/+48
| | | | | | | | | | | | | | DCE/RPC clients Because of the calling convention, this is the best place to assert that we have not been subject to a downgrade attack on the negotiated features. (In DCE/RPC, this isn't a negotiation, the client simply specifies the level of protection that is required). Andrew Bartlett (some formatting fixes) Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-smbd Give the nt error string when failing to set up encrypted transportAndrew Bartlett2011-10-181-3/+5
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-ntlmssp Implement the server-side auth_ntlmssp code as a GENSEC moduleAndrew Bartlett2011-10-184-87/+229
| | | | | | | | | | | This uses the top level gensec_ntlmssp helper functions which are identical to the parts of ntlmssp_wrap.c that are now not called. (Includes formatting and correctness fixes from Metze) Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: an event context is no longer mandetoryAndrew Bartlett2011-10-181-10/+0
| | | | | | | | | If you do not specify one however, you better know that the modules you are using do not need one! Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Put members from auth_ntlmssp_state into gensec_ntlmssp_stateAndrew Bartlett2011-10-181-1/+17
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Prepare gensec_ntlmssp_start() for broader useAndrew Bartlett2011-10-183-15/+28
| | | | | | | | This moves the allocation of the ntlmssp pointer back to the callers. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* ntlmssp: Move ntlmssp code to auth/ntlmsspAndrew Bartlett2011-10-1834-193/+220
| | | | | | | | | This brings in the code from both libcli/auth and source4/auth/ntlmssp. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* build: compile gensec_start.c and credentials.c in the autoconf buildAndrew Bartlett2011-10-182-0/+53
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-s3-upgrade: Give a better clue when we cannot open secrets.tdbAndrew Bartlett2011-10-182-2/+5
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth Add my copyrightAndrew Bartlett2011-10-182-2/+2
| | | | | | I have done plenty of work here, I deserve some of the blame :-) Andrew Bartlett
* credentials: Prioritise command-line specified options above defaults from ↵Andrew Bartlett2011-10-183-3/+37
| | | | | | | | | | | | | | smb.conf If a user specified -W or --realm on the command line, then this is of level SPECIFIED, not UNINITIALISED, despite it going via the loadparm system. This helps us to ensure that -W server -Ulocaluser is parsed the same as -Userver\localuser. This matters as otherwise we might instead attempt to use kerberos to the realm from the smb.conf. Andrew Bartlett
* s4-selftest When testing for a credentials cache, do not specify a domainAndrew Bartlett2011-10-185-5/+5
| | | | | | | If we specify a domain, then we indicate that we must use that domain which overrides the credentials cache we found in the environment. Andrew Bartlett
* Revert "s4: Mark the winsreplication test as knownfail"Andrew Bartlett2011-10-181-1/+1
| | | | | | | | This reverts commit f7f6992a20dd29bd7643291e3b3d05bc8f6c9c76 because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
* Revert "s4:selftest: skip flakey samba4.nbt.winsreplication for now"Andrew Bartlett2011-10-181-1/+0
| | | | | | | | This reverts commit 16fd935fc659555c203354b6c96fc23a55be5a3b because 75953f18469fa8746d9d8ad20bbbb3bcbd0df9dd solved the root cause, which was a race in ldb startup. Andrew Bartlett
* ldb: fixed a race in ldb initialisationAndrew Tridgell2011-10-181-1/+9
| | | | | | | | | | | This fixes a race when two processes initialise the same ldb database at the same time. One of them could fail due to the other creating the @BASEINFO record first. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Oct 18 03:54:42 CEST 2011 on sn-devel-104
* libsmbclient: initial ABI signaturesAndrew Tridgell2011-10-181-0/+170
|
* libsmbclient: add ABI checking and pc fileAndrew Tridgell2011-10-182-2/+15
| | | | | | | | | this gives us ABI checking for libsmbclient so that the waf build will prevent ABI breakage, and a public version number. The addition of the pc file makes this library available via pkgconfig, including querying of the version number Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455).Wilco Baan Hofman2011-10-171-2/+2
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104
* First part of fix for bug #8419 - Make VFS op "streaminfo" stackable.Frank Lahm2011-10-178-14/+34
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
* s3-waf: make sure we always build example pdb modules with --enable-developer.Günther Deschner2011-10-173-1/+12
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 17 17:39:36 CEST 2011 on sn-devel-104
* s3-passdb: fix the build of example pdb test module.Günther Deschner2011-10-171-32/+1
| | | | Guenther
* s3-auth: remove dead prototype.Günther Deschner2011-10-171-1/+0
| | | | Guenther
* s3-waf: make sure we always build example auth modules with --enable-developer.Günther Deschner2011-10-173-0/+11
| | | | Guenther
* s3-auth: fix the build of skel auth example module.Günther Deschner2011-10-171-5/+20
| | | | Guenther
* s4:dlz_bind9: add no memory checksStefan Metzmacher2011-10-171-0/+4
| | | | | | | metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 14:07:25 CEST 2011 on sn-devel-104
* s4:dlz_bind9: Copy dn before changing in b9_has_soaStefan Gohmann2011-10-171-1/+5
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:dlz_bind9: add missing earch bases for windows 2000 domainsStefan Gohmann2011-10-171-0/+1
| | | | | | | | | | By default the samba4 dlz_bind9 backend searches under CN=MicrosoftDNS,DC=DomainDnsZones and CN=MicrosoftDNS,DC=ForestDnsZones. In my samba4 test setup all DNS zones are under CN=MicrosoftDNS,CN=System. After adding the attached patch it works fine for me. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3: Before adding KDC's to the krb5.conf, cldap ping themVolker Lendecke2011-10-173-49/+104
| | | | | | | | | | Some Kerberos libraries don't do proper failover. This fixes the situation where a KDC exists in DNS but is not reachable for some reason. Ported to master by Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Oct 17 11:25:37 CEST 2011 on sn-devel-104
* Add cldap_multi_netlogon_send/recvVolker Lendecke2011-10-172-42/+314
| | | | | | | | Make ads_cldap_netlogon use it. It does not need the fancy multi stuff, but excercising that code more often is better. And because we have to ask over the network, the additional load should be neglectable. Ported to master by Stefan Metzmacher <metze@samba.org>
* s4 provision: DNS backend should be set by callerKai Blin2011-10-174-8/+13
| | | | | Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Mon Oct 17 09:51:12 CEST 2011 on sn-devel-104
* s4 provision/dns: Clean up os level handlingKai Blin2011-10-171-10/+12
|
* s4 provision/dns: Clean up backend handlingKai Blin2011-10-171-6/+13
|
* s4 provision: Default to win2k3 domain function levelKai Blin2011-10-171-1/+1
|
* s4 provision: Reword opinionated dns backend help text, add NONE backendKai Blin2011-10-172-5/+13
|
* s4 provision: Rename bind9 flatfile backend to BIND9_FLATFILEKai Blin2011-10-173-8/+8
|
* provision: fix the docMatthieu Patou2011-10-161-1/+1
| | | | | Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Oct 16 01:31:21 CEST 2011 on sn-devel-104
* s4-interfaces: allow pure ipv6 to workMatthieu Patou2011-10-161-1/+2
| | | | | This is the complementary part of patch abe5afc580dcaaab70f136904d98fa83bfae7b6e for samba4.
* s4: check that the xattr are supported in the folder where we want to provisionMatthieu Patou2011-10-162-2/+9
| | | | | | | By default we were checking this on the default folder for tempfile.NamedTemporaryFile (usualy /tmp) but this folder can be mounted on tmpfs (which didn't support xattr currently). Now we should check on the filesystem where the provision will be done.
* Removed unused variable.Jeremy Allison2011-10-151-1/+0
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 15 00:38:28 CEST 2011 on sn-devel-104
* Remove unused function.Jeremy Allison2011-10-141-18/+0
|
* Fix printf warning.Jeremy Allison2011-10-141-1/+1
|
* Fix const warnings.Jeremy Allison2011-10-141-4/+4
|
* Fix const warnings.Jeremy Allison2011-10-141-3/+3
|
* Fix bug with Samba not recognising an 6to4 IPv6 interface.Matthieu Patou2011-10-141-0/+13
| | | | | | | | | "The 6to4 interface has the flags IFF_POINTTOPOINT interface but no ifa_dstaddr as it's not at the IPv6 level a point to point interface (at least from my understanding), as we don't have a IFF_BROADCAST flag set (I have the impression that this flag is only set on a interface that has also an IPv4 address) the first test is not valid also, which result in a skipped interface."
* Fix const warning.Jeremy Allison2011-10-141-1/+1
|
generated by cgit (git 2.34.1) at 2024-11-15 19:18:36 +0000