summaryrefslogtreecommitdiffstats
path: root/source4/ntp_signd
Commit message (Collapse)AuthorAgeFilesLines
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* Use the new directory_create_or_exist_strict() function.Andreas Schneider2013-01-091-1/+1
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ntp_signd: Only allow group access to the ntp signd directory.Andrew Bartlett2012-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Existing installations running ntp as group 'ntp' will need to change the permissions on the ntp_signd socket directory (eg PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd) The reason is that allowing other users on the host access to this directory would allow them to potentially spoof time on the network, or attack the password database with a chosen plaintext attack. Permissions should be changed to: ownership root:ntp (if ntp runs as gid ntp) mode 0750 (this is what it will be created as) If the permissions are not changed, Samba will refuse to start the ntp_signd server, and NTP operations will not be signed. As the error is declared fatal, in the future, Samba may totally refused to start. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
* s4:ntp_signd: fix SEGV if SID cannot be foundArvid Requate2012-08-141-1/+5
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-0/+1
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* source4/: Fix prototypes for all functions in various subsystems.Jelmer Vernooij2011-03-191-0/+2
|
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-101-2/+2
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4: Build ldap and samba3_smb services as shared modules.Jelmer Vernooij2010-11-151-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
* s4-server: make server sockets a child of the task contextAndrew Tridgell2010-11-151-1/+2
| | | | | | | | | | | | We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* web_server: Build as module.Jelmer Vernooij2010-11-141-1/+2
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 14 17:58:05 UTC 2010 on sn-devel-104
* samdb: Lowercase library name.Jelmer Vernooij2010-11-071-1/+1
|
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-311-15/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* s4-smbd: don't initialise process models more than onceAndrew Tridgell2010-10-301-1/+1
| | | | | | | | | this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-1/+1
|
* s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵Matthias Dieter Wallnöfer2010-09-131-1/+2
| | | | | | LDAP filters This makes also lookups through special backends as "samba3sam" work.
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-4/+4
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:ntp_signd/ntp_signd.c - add casts to suppress warnings on Solaris 10Matthias Dieter Wallnöfer2010-06-291-2/+2
|
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-181-7/+2
|
* Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer2010-04-131-1/+1
| | | | | We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
* s4-waf: removed the AUTOGENERATED markersAndrew Tridgell2010-04-061-4/+0
| | | | we won't be using the mk -> wscript generator again
* s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell2010-04-061-0/+2
| | | | them
* build: commit all the waf build files in the treeAndrew Tridgell2010-04-061-0/+11
|
* s4-ntp: Fixed the memory context of tstream_bsd_existing()Andreas Schneider2010-02-261-1/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-ntp_signd: Migrate to tsocket.Andreas Schneider2010-01-132-132/+286
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-dsdb: create a static system_session contextAndrew Tridgell2009-10-231-1/+1
| | | | | | This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
* s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell2009-09-181-3/+3
| | | | | | When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
* s4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpdAndrew Bartlett2009-08-221-3/+1
| | | | | | | The change to protocol version 1 was not intentional, and broke the protocol established with the ntp.org project. Andrew Bartlett
* s4:torture Add test for the NTP signd serverAndrew Bartlett2009-08-111-0/+7
| | | | | | | | This is used by at patch to the NTP project to supply authenticated time as required by MS-SNTP. (ie, to keep windows clients in time sync in the domain) Andrew Bartlett
* s4:service_stream: s/private/private_dataStefan Metzmacher2009-02-021-4/+4
| | | | metze
* s4:ntp_signd: s/private/private_dataStefan Metzmacher2009-02-021-4/+4
| | | | metze
* Fix missing symbols issues when building with shared libraries.Jelmer Vernooij2008-12-221-1/+1
|
* s4: add some useful link and the patch for the ntp_signd supportStefan Metzmacher2008-12-032-0/+586
| | | | metze
* Move source4/lib/crypto to lib/crypto.Jelmer Vernooij2008-09-241-1/+1
|
* Rename smbd -> samba.Jelmer Vernooij2008-09-241-1/+1
| | | | | | | | This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091. Conflicts: source4/smbd/server.c
* Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce2008-09-231-1/+1
| | | | | The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
* s4: allways initialize the process model before it's usedStefan Metzmacher2008-09-221-1/+1
| | | | metze
* Revert "Rename smbd -> samba."Jelmer Vernooij2008-09-211-1/+1
| | | | This reverts commit 0e9008be35a5b334bd65e6417193d4b8f27bdc36.
* Rename smbd -> samba.Jelmer Vernooij2008-09-211-1/+1
|
* Only allow trust accounts access to the NTP signing service.Andrew Bartlett2008-08-111-3/+9
| | | | (This used to be commit 30da1b534f00ba6ef6cf86cba603732bc6e1ad43)
* Don't sign NTP packets to disabled accountsAndrew Bartlett2008-06-191-1/+10
| | | | | | | (As this would allow an offline attack on their password) Andrew Bartlett (This used to be commit e28481fc0976231c6f4cb7a5f7c7708f4becdb18)
* Allow the ntp_signd socket to be set from configure.Andrew Bartlett2008-05-291-4/+18
| | | | | | | | This will allow distributions to hard-code this path, particularly for selinux, and matches how we handle the winbind socket dir. Andrew Bartlett (This used to be commit c8b441650400ed1b24c89991f5752dad3c87795f)
* Final fixes to for a functional NTP signing deamon.Andrew Bartlett2008-05-291-15/+118
| | | | | Andrew Bartlett (This used to be commit 4dcc0cd06ef2f6c496e2112f6378088a1c27d2f2)
* Bring up the ntp signing deamonAndrew Bartlett2008-05-282-20/+25
| | | | | | | This starts ntp_signd at startup, and fixes some build issues. Andrew Bartlett (This used to be commit cb0dcd5c3dfe2a46755270a4594b7289f555d814)
* Start an 'NTP signing server' in Samba4.Andrew Bartlett2008-05-272-0/+274
I am modifying the ntp.org server to talk to this service, to sign packets per MS-SNTP. Andrew Bartlett (This used to be commit 0c15385e6068d2f70ff11aa5837adbd6d78410ae)