1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

25 Commits

Author SHA1 Message Date
Andrew Bartlett
0f1444b772 r4358: At metze's request, the Christmas elves have removed gensec_end in
favor of talloc_free().

Andrew Bartlett
(This used to be commit 1933cd12fb)
2007-10-10 13:07:37 -05:00
Andrew Tridgell
6ca874f71a r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.

note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b)
2007-10-10 13:06:31 -05:00
Stefan Metzmacher
f99c93ec57 r4070: move some defines from asn_1.h to the places they belong to
metze
(This used to be commit ab2c2f27e1)
2007-10-10 13:06:22 -05:00
Andrew Tridgell
4815480bb6 r3633: - moved module init functions to after smb.conf and command line
parsing, so that module init can take account of lp_ parms (thats
  why gensec:krb5=no wasn't working)

- added a BASE-DISCONNECT torture test that tests server response to
  clients disconnecting with open lock and open requests pending
(This used to be commit 5205f598b8)
2007-10-10 13:05:41 -05:00
Jelmer Vernooij
71db46ea66 r3586: Fix some of the issues with the module init functions.
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)

The build system will define :
 - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
 - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on

This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761b)
2007-10-10 13:05:36 -05:00
Andrew Bartlett
ac29f51936 r3570: Export the user's group list from ntlm_auth, via a new command 'UG'
(user groups).  The form of this is not final, but is this should be a
discussion point with the squid team.

Andrew Bartlett
(This used to be commit cbb0c67d06)
2007-10-10 13:05:32 -05:00
Andrew Bartlett
c772c75400 r3541: Add support (to be verified with the squid team) for the Squid 3.0
multiplexed helper system.

This system prefixes every request with a number, and we maintian a
state machine for each of these integers.  This means that we can have
multiple outstanding challenges, without the overhead of a whole
ntlm_auth process.

In future, the actual password check will also be async.

Andrew Bartlett
(This used to be commit 9ea34abce3)
2007-10-10 13:05:30 -05:00
Andrew Tridgell
6f214cc510 r3494: got rid of include/rewrite.h, and split out the dynconfig.h header
(This used to be commit 558de54ec6)
2007-10-10 13:05:22 -05:00
Andrew Tridgell
3643fb1109 r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h)
(This used to be commit b97e395c81)
2007-10-10 13:05:17 -05:00
Andrew Tridgell
6148deca66 r3454: moved a few more things out if includes.h into the include/system/ include files.
this brings us down to about 11k lines of headers included with
includes.h, while still retaining the speed of building with pch
(This used to be commit 10188869ef)
2007-10-10 13:05:13 -05:00
Andrew Tridgell
edbfc0f6e7 r3453: - split out the auth and popt includes
- tidied up some of the system includes

- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
  knows about inter-IDL dependencies
(This used to be commit 7b7477ac42)
2007-10-10 13:05:13 -05:00
Andrew Tridgell
6bea5bea4c r2643: convert more of the auth subsyystem to the new talloc methods. This
also fixes a memory leak found with --leak-check.
(This used to be commit f19201ea27)
2007-10-10 12:59:15 -05:00
Andrew Tridgell
a2f3527d96 r2630: I missed a couple of places in the gensec talloc conversion
(This used to be commit 7124949140)
2007-10-10 12:59:14 -05:00
Andrew Tridgell
c5f4378361 r2629: convert gensec to the new talloc model
by making our gensec structures a talloc child of the open connection
we can be sure that it will be destroyed when the connection is
dropped.
(This used to be commit f12ee2f241)
2007-10-10 12:59:14 -05:00
Andrew Bartlett
cf938f14a2 r2612: Ensure ntlm_auth always logs to stderr.
Add missing break;

Andrew Bartlett
(This used to be commit cdb8261775)
2007-10-10 12:59:11 -05:00
Andrew Bartlett
bfd924725e r2611: Try to make Samba4's ntlm_auth more consistant with Samba 3.0.
Andrew Bartlett
(This used to be commit 8f4dab5d44)
2007-10-10 12:59:11 -05:00
Andrew Bartlett
3318a6e2c6 r2546: Remove another strupper_m() that we don't need.
Andrew Bartlett
(This used to be commit 5c5b45c1a8)
2007-10-10 12:59:04 -05:00
Andrew Tridgell
94fb514376 r1630: - fixed the replacement timegm() function to work correctly for DST changes
- got rid of global_myname(), using lp_netbios_name() instead
(This used to be commit e8d4b39088)
2007-10-10 12:57:45 -05:00
Andrew Bartlett
66ac77dd12 r1356: Fix logic bugs in ntlm_auth.
Andrew Bartlett
(This used to be commit 871e98ce57)
2007-10-10 12:56:52 -05:00
Andrew Bartlett
fb667783ac r1305: Grrr, fix my build breakage...
Declare variables at the start of a block.

Andrew Bartlett
(This used to be commit 9f5394703e)
2007-10-10 12:56:49 -05:00
Andrew Bartlett
dc9f55dbec r1294: A nice, large, commit...
This implements gensec for Samba's server side, and brings gensec up
to the standards of a full subsystem.

This means that use of the subsystem is by gensec_* functions, not
function pointers in structures (this is internal).  This causes
changes in all the existing gensec users.

Our RPC server no longer contains it's own generalised security
scheme, and now calls gensec directly.

Gensec has also taken over the role of auth/auth_ntlmssp.c

An important part of gensec, is the output of the 'session_info'
struct.  This is now reference counted, so that we can correctly free
it when a pipe is closed, no matter if it was inherited, or created by
per-pipe authentication.

The schannel code is reworked, to be in the same file for client and
server.

ntlm_auth is reworked to use gensec.

The major problem with this code is the way it relies on subsystem
auto-initialisation.  The primary reason for this commit now.is to
allow these problems to be looked at, and fixed.

There are problems with the new code:
- I've tested it with smbtorture, but currently don't have VMware and
  valgrind working (this I'll fix soon).
- The SPNEGO code is client-only at this point.
- We still do not do kerberos.

Andrew Bartlett
(This used to be commit 07fd885fd4)
2007-10-10 12:56:49 -05:00
Andrew Bartlett
be081037e0 r1200: Add 'gensec', our generic security layer.
This layer is used for DCERPC security, as well as ntlm_auth at this
time.  It expect things like SASL and the CIFS layer to use it as
well.

The particular purpose of this layer is to introduce SPENGO, which
needs generic access to the actual implementation mechanisms.

Schannel, due to it's 'interesting' setup properties is in GENSEC, but
is only in the RPC code.

Andrew Bartlett
(This used to be commit 902af49006)
2007-10-10 12:56:44 -05:00
Andrew Bartlett
bf598954f7 r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.

Andrew Bartlett
(This used to be commit 58da78a746)
2007-10-10 12:56:44 -05:00
Stefan Metzmacher
45e93c19ef r943: change samba4 to use 'uint8_t' instead of 'unsigned char'
metze
(This used to be commit b5378803fd)
2007-10-10 12:56:21 -05:00
Andrew Tridgell
ef2e26c91b first public release of samba4 code
(This used to be commit b0510b5428)
2003-08-13 01:53:07 +00:00