1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

5011 Commits

Author SHA1 Message Date
Jelmer Vernooij
a73a35cfc7 r7695: Add support for the [string] attribute that works in the traditional sense. Not
used anywhere yet.
2007-10-10 13:18:23 -05:00
Andrew Bartlett
00b8588c68 r7690: Move the NT hash generation into the credentials system, rather than
in all the callers.  This also allows us to be more flexible in the
type of password we store.

Andrew Bartlett
2007-10-10 13:18:23 -05:00
Andrew Bartlett
fbec0ed13b r7689: Add new file from previous commit (seperate file for session key test). 2007-10-10 13:18:23 -05:00
Andrew Bartlett
337cb20ac4 r7688: Fix the internal heimdal build - push one #define back to
heimdal_build/config.h

Andrew Bartlett
2007-10-10 13:18:22 -05:00
Andrew Bartlett
898f72d196 r7687: Some more tests that must be done only when krb5_config is absent.
Andrew Bartlett
2007-10-10 13:18:22 -05:00
Andrew Bartlett
7520879bb0 r7686: Check for a type of invalid account name.
Andrew Bartlett
2007-10-10 13:18:22 -05:00
Andrew Bartlett
a32066a9ec r7685: Simply the test for session key logic, so we pass against NT4.
Now, to try and figure out why this logic failed for jra...

Andrew Bartlett
2007-10-10 13:18:22 -05:00
Andrew Bartlett
47f433708b r7684: Add a test aimed at checking we have agreement between client and
server as to the CIFS session key.

JRA had pain with this being wrong against NT4 (without spnego), hence
this specific test.

Andrew Bartlett
2007-10-10 13:18:22 -05:00
Andrew Bartlett
31f7ec38e6 r7683: The other file from the last commit. And it's include/system/kerberos.h that I'm putting the #defines in...
Andrew Bartlett
2007-10-10 13:18:22 -05:00
Andrew Bartlett
3f473a9377 r7682: Move the properties of our heimdal build from heimdal_build/config.h
(which gets included by heimdal, or shoudl be) into
auth/kerberos/kerberos.h (which is used by Samba, but not by the
Heimdal code).

Andrew Barteltt
2007-10-10 13:18:22 -05:00
Andrew Bartlett
2a22f413c9 r7681: This #define is unused.
Andrew Bartlett
2007-10-10 13:18:21 -05:00
Andrew Bartlett
fb83465dbc r7680: Move to using our own private enum for the principal type inside the
hdb-ldb module.  This removes the need for the KRBTGT case to exist in
the broader heimdal code.

Andrew Bartlett
2007-10-10 13:18:21 -05:00
Stefan Metzmacher
6ad7ffab04 r7679: update the documentation of security_description_create()
metze
2007-10-10 13:18:21 -05:00
Andrew Tridgell
df29f25140 r7678: fixed typo 2007-10-10 13:18:21 -05:00
Andrew Tridgell
f6abed5660 r7677: fixed ldap server to honor 'private path' 2007-10-10 13:18:21 -05:00
Andrew Bartlett
eb1d37c5a9 r7676: Make VUID and TID choice random, as this gives us protection against
replay attacks under SMB signing, where the session key is a fixed
derivitive of the user's password.

This removes the VID offset, but I'm not worried about random client
bytes mattering here, given the space (and the fact that it applies to
very, very old clients).

Andrew Bartlett
2007-10-10 13:18:21 -05:00
Andrew Bartlett
36dc2491d7 r7675: Use correct memory context for anonymous session setup auth context
(no need for it to hang around forever).

Add test for this behaviour.

Andrew Bartlett
2007-10-10 13:18:21 -05:00
Andrew Bartlett
4c254754d2 r7674: Fix the printf() attribute suggestion by correctly prototyping, then
declaring the static function.  The attribute only works on the
prototype, not the function.

Andrew Bartlett
2007-10-10 13:18:20 -05:00
Andrew Bartlett
005e2c0cfe r7673: With current Heimdal we don't need this (correct) fix.
This will however still be useful when we have crypt() based
authentication.

Andrew Bartlett
2007-10-10 13:18:20 -05:00
Andrew Tridgell
3fe00b6114 r7672: this should fix the crypt dependency problem (I hope!) 2007-10-10 13:18:20 -05:00
Andrew Tridgell
dcdf44024a r7671: added ldap testing to the set of standard tests 2007-10-10 13:18:20 -05:00
Andrew Tridgell
0981a375cf r7670: fixed rootDSE search in ldap server 2007-10-10 13:18:20 -05:00
Andrew Tridgell
844d2a2083 r7669: removed ldap from our configure tests
This takes our link dependencies from this:

tridge@blu:~/samba/samba4/source$ ldd bin/ldbsearch
        libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fc9000)
        libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0xb7f92000)
        liblber.so.2 => /usr/local/lib/liblber.so.2 (0xb7f85000)
        libpam.so.0 => /lib/libpam.so.0 (0xb7f7d000)
        libc.so.6 => /lib/tls/libc.so.6 (0xb7e48000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000)
        libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7e36000)
        libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7e09000)
        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7df3000)
        libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0xb7d8c000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7d7d000)
        libtasn1.so.2 => /usr/lib/libtasn1.so.2 (0xb7d6d000)
        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d20000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d1c000)
        libz.so.1 => /usr/lib/libz.so.1 (0xb7d09000)
        libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7cf5000)

to this:

tridge@blu:~/samba/samba4/source$ ldd bin/ldbsearch
        libdl.so.2 => /lib/tls/libdl.so.2 (0xb7fc9000)
        libpam.so.0 => /lib/libpam.so.0 (0xb7fc0000)
        libc.so.6 => /lib/tls/libc.so.6 (0xb7e8b000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fea000)

this finally gets rid of the implicit dependency on pthreads! Yay!
2007-10-10 13:18:20 -05:00
Andrew Tridgell
3f77b879a0 r7668: - setup HAVE_ILDAP to enable the ildap backend in ldb
- fixed a bug in socket_connect_ev()
2007-10-10 13:18:20 -05:00
Andrew Tridgell
74841dbb2a r7667: added a ldb ildap backend, using our internal ldap client library. Next step is to
remove the check for the ldap libraries in configure
2007-10-10 13:18:19 -05:00
Andrew Tridgell
ac3f33c615 r7666: fixed a memory leak in the ldap ldb backend 2007-10-10 13:18:19 -05:00
Andrew Tridgell
b34a29dcf2 r7665: - added a ildap_*() interface to our internal ldap library. This
interface is very similar to the traditional ldap interface, and will
  be used as part of a ldb backend based on the current ldb_ldap backend

- fixed some allocation issues in ldb_msg.c
2007-10-10 13:18:19 -05:00
Andrew Tridgell
ffe1b5e6f4 r7661: patch from tburdi1@uic.edu to fix autogen.sh on freebsd 2007-10-10 13:18:18 -05:00
Andrew Tridgell
4013c2ddea r7660: improved error handling in socket_connect_ev() (it matters when name
resolution fails)
2007-10-10 13:18:18 -05:00
Andrew Tridgell
bec5e9f80a r7659: fixup the ordering of socket destruction for ncacn_ip_tcp so we don't try and
remove an epoll descriptor for a closed fd
2007-10-10 13:18:18 -05:00
Andrew Tridgell
9df569f023 r7658: don't timeout at the smb level for rpc requests as otherwise some rpc
level sign/seal mechanisms can break
2007-10-10 13:18:18 -05:00
Andrew Tridgell
9f7f70124f r7657: test addone again after request timeout and destruction to ensure the pipe is still OK 2007-10-10 13:18:18 -05:00
Andrew Tridgell
eddf41d5e4 r7656: added testing of rpc request timeouts and destruction 2007-10-10 13:18:18 -05:00
Andrew Tridgell
b9ed92d550 r7655: test the evnt friendly socket_connect() in the LOCAL-SOCKET test 2007-10-10 13:18:18 -05:00
Andrew Tridgell
72c6988767 r7654: - add a timeout to all smb requests (default 60 seconds)
- add a request destructor, to make it safe to destroy a pending
   request with talloc_free()
2007-10-10 13:18:17 -05:00
Andrew Tridgell
d47477c5c3 r7653: when a dcerpc request times out, we need to ensure that if the server
does finally answer the request and it is on the smb transport that we
don't die in the callback code as the rpc request state is gone.
2007-10-10 13:18:17 -05:00
Andrew Tridgell
154effd781 r7652: use event friendly connect in dcerpc socket code 2007-10-10 13:18:17 -05:00
Andrew Bartlett
a948e743bb r7651: Only convert SERVER requests to KRBTGT requests.
Andrew Bartlett
2007-10-10 13:18:17 -05:00
Andrew Tridgell
331afee4ca r7650: fixed a typo 2007-10-10 13:18:17 -05:00
Stefan Metzmacher
87b1f9a2e0 r7646: - only allow modification of SPOOLSS_FORM_USER Froms
- some minor fixes and comments

metze
2007-10-10 13:18:17 -05:00
Stefan Metzmacher
7390638842 r7644: - remove some dublicate structures SetForm and AddForm uses the same struct
- fix some typos in EnumPrintServerForms()/GetPrintServerForms()
- add AddPrintServerForms()/SetPrintServerForms() and DeletePrintServerForms

metze
2007-10-10 13:18:17 -05:00
Stefan Metzmacher
455b5536d4 r7643: This patch adds a new NTPTR subsystem:
- this is an abstraction layer for print services,
  like out NTVFS subsystem for file services

- all protocol specific details are still in rpc_server/spoolss/
  - like the stupid in and out Buffer handling
  - checking of the r->in.server_name
  - ...

- this subsystem can have multiple implementation
  selected by the "ntptr providor" global-section parameter

- I currently added a "simple_ldb" backend,
  that stores Printers, Forms, Ports, Monitors, ...
  in the spoolss.db, and does no real printing
  this backend is basicly for testing, how the spoolss protocol
  works

- the interface is just a prototype and will be changed a bit
  the next days or weeks, till the simple_ldb backend can
  handle all calls that are used by normal w2k3/xp clients

- I'll also make the api async, as the ntvfs api
  this will make things like the RemoteFindFirstPrinterChangeNotifyEx(),
  that opens a connection back to the client, easier to implement,
  as we should not block the whole smbd for that

- the idea is to later implement a "unix" backend
  that works like the current samba3 code

- and maybe some embedded print server vendors can write there own
  backend that can directly talk to a printer without having cups or something like this

- the default settings are (it currently makes no sense to change them :-):

ntptr providor = simple_ldb
spoolss database = $private_dir/spoolss.db

metze
2007-10-10 13:18:16 -05:00
Stefan Metzmacher
fddfe1f04b r7642: - test NULL server_name in GetPrinterDriverDirectory() too, (same result as "")
- test EnumForms() on the PrintServer (NT4 returns WERR_BADFID)
  (jerry: how do it get the lists of forms in the printserver gui)

metze
2007-10-10 13:18:16 -05:00
Jeremy Allison
f9f3037d68 r7641: Fix based on work from "Shlomi Yaakobovich" <Shlomi@exanet.com> to catch
loops in corrupted tdb files.
Jeremy.
2007-10-10 13:18:16 -05:00
Love Hörnquist Åstrand
3aa80b8e58 r7638: krb5_closelog in heimdal-0.7 not longer leaks memory, so remove that comment 2007-10-10 13:18:16 -05:00
Andrew Bartlett
57ddedc954 r7637: Another useful Heimdal feature we need.
Andrew Bartlett
2007-10-10 13:18:16 -05:00
Simo Sorce
8735188b46 r7635: change the license of this file to lgpl like the rest of ldb 2007-10-10 13:18:16 -05:00
Stefan Metzmacher
520d5c6732 r7634: move TestSleep functions so that all of them are together
metze
2007-10-10 13:18:15 -05:00
Andrew Tridgell
3a3025485b r7633: this patch started as an attempt to make the dcerpc code use a given
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.

Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.

There were 3 places where I punted:

  - abartlet wanted me to add a gensec_set_event_context() call
    instead of adding it to the gensec init calls. Andrew, my
    apologies for not doing this. I didn't do it as adding a new
    parameter allowed me to catch all the callers with the
    compiler. Now that its done, we could go back and use
    gensec_set_event_context()

  - the ejs code calls auth initialisation, which means it should pass
    in the event context from the web server. I punted on that. Needs fixing.

  - I used a NULL event context in dcom_get_pipe(). This is equivalent
    to what we did already, but should be fixed to use a callers event
    context. Jelmer, can you think of a clean way to do that?

I also cleaned up a couple of things:

 - libnet_context_destroy() makes no sense. I removed it.

 - removed some unused vars in various places
2007-10-10 13:18:15 -05:00
Stefan Metzmacher
d9a0c61801 r7631: - remove unused function, as the disgn of samba4 doesn't allow the old style
auto homedir share stuff
- add TODO: for checking the password on share mode security

metze
2007-10-10 13:18:15 -05:00