sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
116,734 Commits 60 Branches 1,145 Tags 453 MiB
1fa3c9a3cc
Commit Graph

19 Commits

Author SHA1 Message Date
Stefan Metzmacher
64a9cd2a38 CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:25 +02:00
Andrew Bartlett
cdaa1224c4 lib/tls: Remove unused tls_init_client code 
This is unused as the callers have now been migrated to tls_tstream

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
 2015-08-31 01:10:22 +02:00
Andrew Bartlett
374d73617d lib/tls: Add new 'tls priority' option 
This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2015-07-20 03:08:26 +02:00
Stefan Metzmacher
3d298b994d s4:lib/tls: fix tstream_tls_connect_send() define 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-06-23 22:12:07 +02:00
Stefan Metzmacher
f074e271a1 s4:lib/tls: add tls_cert_generate() prototype to tls.h 
This avoids compiler warnings...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-03-20 20:43:12 +01:00
Andrew Bartlett
ac57defdb4 s4-lib/tls: remove unused tls_support() 
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html

Andrew Bartlett
 2012-02-10 16:45:12 +11:00
Stefan Metzmacher
cce2f9dde4 s4:lib/tls: fix enabled logic in tstream_tls_params_server() 
metze
 2010-10-08 11:53:06 +02:00
Stefan Metzmacher
ca360fba10 s4:lib/tls: add gnutls backend for tstream 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
 2010-09-28 02:29:42 +00:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs 
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
 2008-12-29 20:46:40 +01:00
Jelmer Vernooij
bbdfbf8d9d r26238: Add a loadparm context parameter to torture_context, remove more uses of global_loadparm. 
(This used to be commit a33a553054)
 2007-12-21 05:47:20 +01:00
Jelmer Vernooij
61ffa08f4c r24712: No longer expose the 'BOOL' data type in any interfaces. 
(This used to be commit 1ce32673d9)
 2007-10-10 15:02:54 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3 
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
 2007-10-10 14:59:12 -05:00
Stefan Metzmacher
97d489b21c r15829: we need to include socket.h before we can use enum socket_type 
this fixes a compiler warning

metze
(This used to be commit dbf82fff10)
 2007-10-10 14:08:29 -05:00
Andrew Bartlett
742c110cd6 r15400: Move the TLS code behind the socket interface. 
This reduces caller complexity, because the TLS code is now called
just like any other socket.  (A new socket context is returned by the
tls_init_server and tls_init_client routines).

When TLS is not available, the original socket is returned.

Andrew Bartlett
(This used to be commit 09b2f30dfa)
 2007-10-10 14:05:32 -05:00
Andrew Tridgell
1c07c25322 r11596: switched the libcli/raw/ code over to using the lib/stream/ generic 
packet parsing code. This simplifies the logic in the raw client
library a fair bit
(This used to be commit f8d43f1f67)
 2007-10-10 13:45:56 -05:00
Andrew Tridgell
64bf731865 r7769: added client support in the tls library api 
(This used to be commit 71ee6a1df5)
 2007-10-10 13:18:33 -05:00
Andrew Tridgell
7a17da2186 r7751: only enable tls on the ldaps port in ldap server, and reject non-tls 
connections on that port
(This used to be commit 30da6a1cc4)
 2007-10-10 13:18:31 -05:00
Andrew Tridgell
c7496c6cdb r7747: - simplified the ldap server buffer handling 
- got rid of the special cases for sasl buffers

- added a tls_socket_pending() call to determine how much data is waiting on a tls connection

- removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves
  are sync.
(This used to be commit 73cb4aad22)
 2007-10-10 13:18:30 -05:00
Andrew Tridgell
225d5a334f r7742: abstracted out the tls code from the web server, so that our other servers 
can easily become tls enabled. This will be used to add support for ldaps
(This used to be commit 950500f603)
 2007-10-10 13:18:29 -05:00