sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code
48,141 Commits 62 Branches 1,155 Tags
Commit Graph

48141 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Tridgell
66092ced5e Merge branch 'master' of ssh://git.samba.org/data/git/samba 2008-09-23 11:15:46 -07:00
Stefan Metzmacher
353aaf26c5 selftest: run smb signing tests as part of make quicktest 
metze
 2008-09-23 11:30:04 +02:00
Stefan Metzmacher
61a38d9180 selftest: test some smb signing combinations against the member server 
metze
 2008-09-23 11:30:04 +02:00
Stefan Metzmacher
171349bc21 s4:smb_server: remove the bogus smbsrv_signing_restart() 
Real signing always starts with seqnumber 2, and once signing
is on the session key never change anymore for the complete
smb connection.

metze
 2008-09-23 11:30:04 +02:00
Stefan Metzmacher
c01426ce73 libcli/smb_composite: for spnego session setups check the smb signature manually 
We need to start signing when we got NT_STATUS_OK from the server
and manually check the signature of the servers response.

This is needed as the response might be signed with the krb5 acceptor subkey,
which comes within the server response.

With NTLMSSP this happens for the session setup:

request1  => BSRSPYL		seqnum: 0
response1 => BSRSPYL		seqnum: 0
request2  => BSRSPYL		seqnum: 0
response2  => <SIGNATURE>	seqnum: 1

and with krb5:

request1  => BSRSPYL		seqnum: 0
response1  => <SIGNATURE>	seqnum: 1

metze
 2008-09-23 11:30:03 +02:00
Stefan Metzmacher
8c3d969934 libcli/raw: real signing starts at seqnumber 2 
metze
 2008-09-23 11:30:03 +02:00
Stefan Metzmacher
7deacc615e libcli/raw: in SMB_SIGNING_ENGINE_BSRSPYL state it's ok to accept any signature 
Even if signing is mandatory.

With NTLMSSP this happens for the session setup:

request1  => BSRSPYL
response1 => BSRSPYL
request2  => BSRSPYL
response2  => <SIGNATURE>

and with krb5:

request1  => BSRSPYL
response1  => <SIGNATURE>

metze
 2008-09-23 11:30:03 +02:00
Stefan Metzmacher
e00ab641b4 libcli/raw: give the caller the chance to do the signing checks on its own. 
metze
 2008-09-23 11:30:02 +02:00
Stefan Metzmacher
781d7c4c1c libcli/raw: give the caller the chance to prevent the talloc_free(req) in the _recv functions 
metze
 2008-09-23 11:30:02 +02:00
Stefan Metzmacher
588af6901b gensec_krb5: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:02 +02:00
Stefan Metzmacher
02cffed79d gensec_gssapi: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:01 +02:00
Stefan Metzmacher
23e31350f5 ntlmssp: only give away the session key, when the authentication is done 
metze
 2008-09-23 11:30:01 +02:00
Stefan Metzmacher
70b0c8f79a RPC-PAC: loop in gensec_update() untill the server side is ready 
metze
 2008-09-23 11:30:01 +02:00
Günther Deschner
05e0966d85 s3-nbt: remove old samba3 libcli/nbt copy. 
Guenther
 2008-09-23 10:48:58 +02:00
Michael Adam
4432967532 [s3]winbindd_group: don't list the domain twice when expanding internal aliases 
Before this, "getent group builtin\\administrators" expanded
domain group members in the form DOMAIN\domain\user.

Michael
 2008-09-23 10:00:26 +02:00
Michael Adam
4205fab500 [s3]winbindd_group: sanely handle NULL domain in add_member(). 
Michael
 2008-09-23 10:00:26 +02:00
Michael Adam
49145bfefa [s3]winbindd_ads: honour "winbind use default domain" in lookup_groupmem(). 
This fixes the output of "getent group" when "winbind use default domain = yes"
with security = ads.

Michael
 2008-09-23 10:00:26 +02:00
Michael Adam
1f8a7739ac [s3]winbindd_rpc: add domain prefix to username in lookup_groupmem(). 
This makes the output of "getent group" of a domain group show the
domain prefix with "security = domain".

Michael
 2008-09-23 10:00:26 +02:00
Michael Adam
1b9c2ccb1f [s3]winbindd_util: add fill_domain_username_talloc(). 
A talloc version of fill_domain_username().

Michael
 2008-09-23 10:00:26 +02:00
Michael Adam
e401ce6de7 [s3]winbindd_util: add prototype for fill_domain_username_talloc(). 
A talloc version of fill_domain_username().

Michael
 2008-09-23 10:00:25 +02:00
Michael Adam
f0dccdca6a [s3]winbindd: fix a comment typo 
Michael
 2008-09-23 10:00:25 +02:00
Michael Adam
6c8c5d7113 [s3]winbind_util: fix an implicit cast compile warning. 
Michael
 2008-09-23 10:00:25 +02:00
Günther Deschner
fd3ba988dc s3-nbt: fix remaining callers of ndr_push/pull_struct_blob. 
Guenther
 2008-09-23 09:49:56 +02:00
Günther Deschner
7f5aef542a s3-nbt: use ../libcli/nbt helper. 
Guenther
 2008-09-23 09:37:24 +02:00
Günther Deschner
9f8813e4d4 s3: re-run make idl. 
Guenther
 2008-09-23 09:37:24 +02:00
Günther Deschner
83c042583b s3-nbt: refer to ../libcli/nbt in nbt.idl. 
Guenther
 2008-09-23 09:37:24 +02:00
Günther Deschner
a1a92688ba s4-nbt: use ../libcli/nbt 
Guenther
 2008-09-23 09:37:24 +02:00
Günther Deschner
6f33f3e4c2 s4-nbt: move libcli/nbt up one level. 
Guenther
 2008-09-23 09:37:24 +02:00
Günther Deschner
be8b72dd55 s4-nbt: merge some fixes from samba3 nbt helper. 
Guenther
 2008-09-23 09:37:24 +02:00
Günther Deschner
13a3971438 s4-nbt: use private_data instead of private. 
Guenther
 2008-09-23 09:37:24 +02:00
Günther Deschner
c48186f507 s3: use samba4 prototype for ndr_push/pull_struct_blob. 
Guenther
 2008-09-23 09:37:23 +02:00
Günther Deschner
c8858058e9 s3: re-run make idl. 
Guenther
 2008-09-23 09:37:23 +02:00
Günther Deschner
9421ecac33 s3-nbt: fix nbt.idl in order to use shared nbt helper. 
Guenther
 2008-09-23 09:37:23 +02:00
Günther Deschner
f093ddbc11 s3-charset: add smb_iconv_convenience. 
Guenther
 2008-09-23 09:37:23 +02:00
Günther Deschner
9216153827 s4-nbt: remove unrequired include. 
Guenther
 2008-09-23 09:37:23 +02:00
Günther Deschner
b60d612cde s4: add talloc_strdup_upper. 
Guenther
 2008-09-23 09:37:23 +02:00
Andrew Tridgell
9cf29abee2 test setinfo FULL_EA_INFORMATION in gentest 2008-09-23 16:45:55 +10:00
Andrew Tridgell
219aa1b4fd added FULL_EA_INFORMATION setea call 2008-09-23 16:45:10 +10:00
Andrew Tridgell
e3a562b1cd fixed a memory error in change notify handling in gentest 2008-09-23 15:20:24 +10:00
Andrew Tridgell
2b6e139206 fixed readonly handling in deltree 2008-09-23 15:16:46 +10:00
Andrew Bartlett
c5265ea3bf Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel 2008-09-22 21:48:49 -07:00
Andrew Tridgell
f4e212323f added some debug code 2008-09-23 12:09:56 +10:00
Andrew Bartlett
c39d1b829b Remove unused parameter from decode_pw_buffer and fail on invalid 
UTF-16 input

The input checking is important, as otherwise we could set the wrong
password.

Andrew Bartlett
 2008-09-22 17:50:43 -07:00
Andrew Bartlett
aaa45c8325 Remove unused variable 2008-09-22 17:24:57 -07:00
Volker Lendecke
6660ac5d0a Fix make pch in the merged build 2008-09-23 01:44:41 +02:00
Andrew Bartlett
3b5060fdba Explain why we use signing for DCs, but not file servers 2008-09-22 16:32:04 -07:00
Gerald (Jerry) Carter
7d5fb989ac idmap_adex: Add new idmap plugin for support RFC2307 enabled AD forests. 
The adex idmap/nss_info plugin is an adapation of the Likewise
Enterprise plugin with support for OU based cells removed
(since the Windows pieces to manage the cells are not available).

This plugin supports

  * The RFC2307 schema for users and groups.
  * Connections to trusted domains
  * Global catalog searches
  * Cross forest trusts
  * User and group aliases

Prerequiste: Add the following attributes to the Partial Attribute
Set in global catalog:

  * uidNumber
  * uid
  * gidNumber

A basic config using the current trunk code would look like

 [global]
      idmap backend = adex
      idmap uid = 10000 - 19999
      idmap gid = 20000 - 29999
      idmap config US:backend = adex
      idmap config US:range = 20000 - 29999
      winbind nss info = adex

       winbind normalize names = yes
       winbind refresh tickets = yes
       template homedir = /home/%D/%U
       template shell = /bin/bash
 2008-09-22 15:46:19 -07:00
Andrew Bartlett
7831169af5 Test re-setting the challenge after an auth3 in RPC-NETLOGON 2008-09-22 15:37:16 -07:00
Andrew Bartlett
b18449dbd5 Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel 2008-09-22 14:23:40 -07:00
Andrew Bartlett
cebd9a9013 This torture test and skipping of the server-side check was bogus. 
The IDL is declared to force the MessageType to 3 on output, so we
instead checked the same thing 255 times...

Andrew Bartlett
 2008-09-22 14:23:22 -07:00