sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code
49,847 Commits 60 Branches 1,145 Tags 452 MiB
081f8883ba
Commit Graph

964 Commits

Author SHA1 Message Date
Stefan Metzmacher
081f8883ba s4: fix LIBEVENTS dependencies and use more forward declarations 
We should only include events.h where we really need it
and prefer forward declarations of 'struct event_context'

metze
 2008-12-17 11:04:45 +01:00
Stefan Metzmacher
180245fce0 s4:kdc: allow a trusted domain to get kerberos tickets 
metze
 2008-12-04 15:45:16 +01:00
Tim Prouty
1115b7b342 s3/s4 build: Fix execinfo and sasl build error when the libs/headers are in non-standard locations. 
These configure checks have the correct flags at configure time, so
let's pass them through so they are used at compile time.
 2008-11-18 17:43:51 -08:00
Jelmer Vernooij
b45caa44e1 Fix the build. 2008-11-02 23:58:49 +01:00
Jelmer Vernooij
1e053df95c Remove use of global_loadparm for disabled gensec backends. 2008-11-02 19:28:17 +01:00
Jelmer Vernooij
ff36c52d8c Remove another use of global_loadparm. 
Eventually, we should move some of these parameters into a separate
struct (perhaps into smb_transport_options?), to avoid the long lists of
parameters.
 2008-11-02 16:07:28 +01:00
Jelmer Vernooij
c537f7a914 Fix the build. 2008-11-02 05:49:36 +01:00
Jelmer Vernooij
b034c519f5 Add gensec_settings structure. This wraps loadparm_context for now, but 
should in the future only contain some settings required for gensec.
 2008-11-02 02:05:48 +01:00
Jelmer Vernooij
a76adc5397 Remove two debug parameters, not used anywhere. 
Andrew, I was pretty sure these could be removed but if not, please let
me know.
 2008-11-02 01:03:46 +01:00
Jelmer Vernooij
7a6190e9a7 Remove another use of global_loadparm. 2008-11-02 01:03:26 +01:00
Jelmer Vernooij
3a6b88f9f9 Remove unused argument iconv_convenience. 2008-11-01 20:58:41 +01:00
Jelmer Vernooij
8c4e2eb49d Remove use of lp_*() from ntlm_check.c. 2008-11-01 17:55:57 +01:00
Jelmer Vernooij
23302413b3 Remove unused include param/param.h. 2008-10-24 16:37:56 +02:00
Jelmer Vernooij
37d885c51a Remove iconv_convenience argument from convert_string{,talloc}() but 
make them wrappers around convert_string{,talloc}_convenience().
 2008-10-24 14:26:46 +02:00
Jelmer Vernooij
8b06312f7e Eliminate another instance of global_loadparm. 2008-10-24 13:13:27 +02:00
Jelmer Vernooij
922a29992e Remove iconv_convenience parameter from simple string push/pull 
functions.
 2008-10-24 03:40:09 +02:00
Jelmer Vernooij
87ec1d2532 Make sure prototypes are always included, make some functions static and 
remove some unused functions.
 2008-10-20 18:59:51 +02:00
Andrew Bartlett
7c88ea8aad Create a 'straight paper path' for UTF16 passwords. 
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
 2008-10-16 12:48:16 +11:00
Jelmer Vernooij
235e68f7b7 Remove unused variable. 2008-10-15 00:09:08 +02:00
Jelmer Vernooij
1b99d8fbb5 Use common util_file code. 2008-10-12 17:34:43 +02:00
Jelmer Vernooij
218f482fbf Use common strlist implementation in Samba 3 and Samba 4. 2008-10-12 00:56:56 +02:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Jelmer Vernooij
caa4e42860 Move lib/util from source4 to top-level libutil. 
Conflicts:

	source4/Makefile
 2008-10-11 21:05:38 +02:00
Jelmer Vernooij
2c4391e950 Provide the same set of helper functions for DEBUG in Samba 3 and Samba 
4, even though the macros are still different.

This makes it possible to use object code compiled with one DEBUG()
macro from the other sourceX directory.
 2008-10-11 20:44:19 +02:00
Stefan Metzmacher
999b69d176 s4:gensec: pass down want_features to the spnego backend mech 
metze
 2008-10-06 19:21:44 +02:00
Andrew Tridgell
f84093df86 Merge branch 'master' of ssh://git.samba.org/data/git/samba 2008-09-30 13:02:09 -07:00
Jelmer Vernooij
181ee01da6 Pass session options around; saves another use of global_loadparm. 2008-09-30 02:47:19 +02:00
Andrew Tridgell
a270ddb6e3 make the schannel creentials persistent 
this makes testing with the WSPP test suite much easier over samba
restarts
 2008-09-29 14:04:48 -07:00
Matthias Dieter Wallnöfer
b39b6099a4 Cosmetic corrections for the KERBEROS library 
This commit applies some cosmetic corrections for the KERBEROS library.
 2008-09-24 19:40:03 +02:00
Matthias Dieter Wallnöfer
79854dc48a Kerberos cosmetic changes: Revert a part of the patch 
Reverts a part of the patch because it changes the function of the code (suggested by Jelmer).
 2008-09-24 19:40:03 +02:00
Matthias Dieter Wallnöfer
57edd24ca0 Cosmetic corrections for the KERBEROS library 
This commit applies some cosmetic corrections for the KERBEROS library.
 2008-09-24 19:40:03 +02:00
Jelmer Vernooij
b9890af546 Merge branch 'master' of ssh://git.samba.org/data/git/samba into crypto 2008-09-24 16:11:13 +02:00
Jelmer Vernooij
6925202bde Move source4/lib/crypto to lib/crypto. 2008-09-24 15:30:23 +02:00
Simo Sorce
83b0c5d43f Fix nasty bug that would come up only if a client connection to a remote 
ldap server suddenly dies.
We were creating a wrong talloc hierarchy, so the event.fde was not
freed automatically as expected. This in turn made the event system call
the ldap io handlers with a null packet structure, causing a segfault.
Fix also the ordering in ldap_connection_dead()
Thanks to Metze for the huge help in tracking down this one.
 2008-09-24 01:43:57 -04:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. 
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
 2008-09-23 18:17:46 -04:00
Stefan Metzmacher
588af6901b gensec_krb5: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:02 +02:00
Stefan Metzmacher
02cffed79d gensec_gssapi: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:01 +02:00
Stefan Metzmacher
23e31350f5 ntlmssp: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:01 +02:00
Matthias Dieter Wallnöfer
d173644f10 NTLMSSP Server: Correctly fills in the DNS server name and server domain 
Don't rely on "get*" system calls but rather on SAMBA "lp_*" calls.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2008-09-19 16:33:30 +02:00
Jelmer Vernooij
6f6e42ce60 Generate with 1.3.36. 2008-09-18 23:55:50 +02:00
Andrew Bartlett
a35263e1ab Implement NETLOGON PAC verfication on the server-side 
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.

Andrew Bartlett
(This used to be commit 82fcd7941f)
 2008-09-03 15:30:17 +10:00
Andrew Bartlett
c79dff2e9b Heimdal provides Kerberos PAC parsing routines. Use them. 
This uses Heimdal's PAC parsing code in the:
 - LOCAL-PAC test
 - gensec_gssapi server
 - KDC (where is was already used, the support code refactored from here)

In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.

Andrew Bartlett
(This used to be commit 418b440a7b)
 2008-08-28 16:28:47 +10:00
Andrew Bartlett
031d145e38 Put the internal gensec_gssapi state into a header. 
This will allow a torture suite to inspect some otherwise internal
details.

Andrew Bartlett
(This used to be commit 9701149ef7)
 2008-08-27 16:24:05 +10:00
Stefan Metzmacher
26853e4607 gensec_gssapi: only cache the session key in STAGE_DONE 
The key may change because we switch from initiator to acceptor
subkey.

metze
(This used to be commit 66244092a4)
 2008-08-14 13:13:52 +02:00
Stefan Metzmacher
8c0fbbf6e9 gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO 
metze
(This used to be commit 9246924eff)
 2008-08-12 16:21:40 +02:00
Stefan Metzmacher
588cc81760 gensec_gssapi: fix compiler warnings 
metze
(This used to be commit f4f4bb7fe9)
 2008-08-12 16:21:40 +02:00
Stefan Metzmacher
b686328039 gensec_gssapi: add a function to load the lucid structure once 
metze
(This used to be commit daa986d1d0)
 2008-08-12 16:21:39 +02:00
Stefan Metzmacher
8ba2041bf3 gensec: add support for new style spnego and correctly handle mechListMIC 
metze
(This used to be commit 05a3403967)
 2008-08-12 16:21:39 +02:00
Stefan Metzmacher
50fb2059c0 gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures 
metze
(This used to be commit fcabe24f96)
 2008-08-08 15:30:06 +02:00
Stefan Metzmacher
dd35840d9b gensec_gssapi: use gsskrb5_get_subkey() to get the session key 
This is needed to get the correct key, when aes keys are used.

metze
(This used to be commit 7587a7d8b6)
 2008-08-08 15:29:16 +02:00