1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

7054 Commits

Author SHA1 Message Date
Andrew Bartlett
55c6d93184 r11413: More comments, plus always check (and update) the credentials chain,
regardless the authentication result on a particular user.

Andrew Bartlett
(This used to be commit 2ee7ed000e)
2007-10-10 13:45:34 -05:00
Andrew Bartlett
ceff9881e4 r11412: These comments may not be much, but my eyes scan code with even
minimal comments much better (much like volker scans code of less than
80 cols better ;-)

Andrew Bartlett
(This used to be commit 8800e9b5b0)
2007-10-10 13:45:34 -05:00
Andrew Bartlett
0f44011f6f r11411: Add to Samba4 the Samba3 patch I just posted for machine account
logins (changing the winbindd interface).

Clean up the wbsrv_samba3_async_epilogue() handling, as it was mixing
auth and other replies, such that all replies were having the auth
error strings set.  We now do a better job of filling in the right
errors in the right places.

Andrew Bartlett
(This used to be commit 8ed975df52)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
56d3064db6 r11410: Fix rejoin as a BDC by modifying, rather than trying to recreate, the
server reference.

Andrew Bartlett
(This used to be commit 302219928f)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
4e65f39ca9 r11409: The use of 'password server = ' here is still bogus, but for now at
least don't allow binding to become uninitialised.

Andrew Bartlett
(This used to be commit e754234a17)
2007-10-10 13:45:33 -05:00
Andrew Tridgell
da048ad7ca r11408: fixed the mapping of ldb errors to ldap errors in the ldap server
(This used to be commit 647cb90360)
2007-10-10 13:45:33 -05:00
Andrew Bartlett
9bdc1a77f5 r11407: Push 'recreate account' logic into libnet/libnet_join.c. We don't
return the pesky USER_EXISTS 'error' code any more, and it is much
easier to handle this inline.

Andrew Bartlett
(This used to be commit a7eb796cf5)
2007-10-10 13:45:32 -05:00
Andrew Bartlett
b4b155c970 r11406: Clean up uninitialised value warnings found by -01.
The warnings were caused by the structure assignements, which we don't
need to do.  The actual values are filled in by the NDR layer later.

Andrew Bartlett
(This used to be commit f140117535)
2007-10-10 13:45:32 -05:00
Andrew Bartlett
6779373ec4 r11405: Ensure we can never have secret4 be uninitialised. Found after
volker's urging on the use of -O1.

Andrew Bartlett
(This used to be commit 6a7bb391ba)
2007-10-10 13:45:32 -05:00
Andrew Bartlett
b1d3d75c68 r11404: Another torture test and a new WERR.
Andrew Bartlett
(This used to be commit de83b8cd18)
2007-10-10 13:45:32 -05:00
Andrew Tridgell
375fe21ad6 r11403: improved the error handling in the ildap ldb backend. Now passes
through all ldap errors except on search. Search errors are only
available via ldb_errstring() until we decide how to fix ldb_search().
(This used to be commit c192bcb79d)
2007-10-10 13:45:31 -05:00
Andrew Bartlett
56b4e4b62c r11402: In response to comments by volker, expand our Netlogon DsRGetDCName
IDL and testsuites.  The server-side of this remains a stub, we should
probably be doing ldb searches for the server reference record.

Andrew Bartlett
(This used to be commit 0141ed309a)
2007-10-10 13:45:31 -05:00
Andrew Bartlett
cfa2adf040 r11401: A simple hack to have our central credentials system deny sending LM
authentication for user@realm logins and machine account logins.

This should avoid various protocol downgrade attacks.

Andrew Bartlett
(This used to be commit 76c2d204d0)
2007-10-10 13:45:31 -05:00
Stefan Metzmacher
fb2bceea6e r11400: fix compiler warnings
metze
(This used to be commit a29a107d95)
2007-10-10 13:45:31 -05:00
Andrew Bartlett
d0831d27a5 r11399: Add another case where we need to fallback, if the KDC isn't there.
Andrew Bartlett
(This used to be commit e82fbb58dd)
2007-10-10 13:45:31 -05:00
Andrew Bartlett
12d4dd28a5 r11394: Allow KDC unreachable as another 'forget about gssapi' error on SPNEGO.
Andrew Bartlett
(This used to be commit da24074860)
2007-10-10 13:45:30 -05:00
Andrew Bartlett
5e456b38ed r11393: Avoid error messages and get more correctness with long plaintext passwords.
Andrew Bartlett
(This used to be commit cb0b3c0057)
2007-10-10 13:45:30 -05:00
Volker Lendecke
0ea06b97c2 r11392: After confirmation from Love, fix a compiler warning
(This used to be commit a0b4036ba6)
2007-10-10 13:45:30 -05:00
Jelmer Vernooij
66014ca14d r11391: Add includedir to the list of directories to create
(This used to be commit dab450a501)
2007-10-10 13:45:30 -05:00
Jelmer Vernooij
fc6bdfa8be r11388: Move dot-generating to a seperate perl executable
(This used to be commit 31406f7aa5)
2007-10-10 13:45:30 -05:00
Jelmer Vernooij
3f2136b919 r11387: Remove pidl from the default 'install' target as it doesn't obey the
user specified install paths.
(This used to be commit d537a35ec3)
2007-10-10 13:45:29 -05:00
Jelmer Vernooij
42c5211bf4 r11386: Add install rule for pidl
(This used to be commit b740d0d280)
2007-10-10 13:45:29 -05:00
Jelmer Vernooij
773f0ecf5a r11385: Fix issues in module.c. Calling function should pass in path
to directory rather then subsystem name now.
(This used to be commit 2a868ab3b5)
2007-10-10 13:45:29 -05:00
Jelmer Vernooij
a4e7bf3a89 r11382: Require number of required M4 macros
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM
Add some more PUBLIC_HEADERS
(This used to be commit 875eb8f4cc)
2007-10-10 13:45:29 -05:00
Volker Lendecke
5a67b508d8 r11378: Fix an uninitialized variable warning. Tridge, I'm 99.999% sure this was a
simple cut&paste error, but you might recheck this.

Volker
(This used to be commit 55b5b100e9)
2007-10-10 13:45:29 -05:00
Jelmer Vernooij
93fd08168f r11377: Add support for building LIBRARY elements as shared libraries:
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries.
 - Writes out pkg-config files when building shared libs
 - Supports automatic fallback to MERGEDOBJ (which is the default) or
   OBJ_LIST (if ld -r is not supported)

Building with shared libs reduces the size of the Samba binaries from
197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging).

To build with shared libraries support enabled, run:

LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status

init functions don't get called correctly yet when using shared libs, so
you won't be able to actually run anything with success :-)

Once init functions are done, I'll look at support for loading shared
modules once again.

Based on a patch by Peter Novodvorsky (nidd on IRC).
(This used to be commit 0b54405685)
2007-10-10 13:45:28 -05:00
Andrew Bartlett
17f8b87cb0 r11374: On request from VL, put the plaintext auth patch in.
I still have some gremlins that get in the my way in testing this.

Andrew Bartlett
(This used to be commit 3353e906ad)
2007-10-10 13:45:28 -05:00
Andrew Bartlett
4378c3c9cc r11373: Handle an apparent alias in NBT ntlogin replies.
Andrew Bartlett
(This used to be commit 51d55d2211)
2007-10-10 13:45:28 -05:00
Andrew Bartlett
a2b93c3f5f r11372: Now RPC-SAMLOGON works, place it into the default 'make test'.
Andrew Bartlett
(This used to be commit 381c4f9fef)
2007-10-10 13:45:28 -05:00
Andrew Bartlett
ea2d6d482f r11371: Fix the ntlm_auth build.
Andrew Bartlett
(This used to be commit 708476d0b2)
2007-10-10 13:45:27 -05:00
Andrew Bartlett
546f63df5b r11370: Samba4 now passes it's own RPC-SAMLOGON test again.
This avoids the nasty user@DOMAIN test for now, as it has very odd
semantics with NTLMv2.

Allow only user accounts to do an interactive login.

Andrew Bartlett
(This used to be commit 690cad8083)
2007-10-10 13:45:27 -05:00
Volker Lendecke
134b2488c8 r11369: Implement socket_connect_multi: Connect to multiple ipv4 tcp ports in
sequence, with a 2-millisecond timeout between firing the syn packets. Build
smbcli_sock_connect_send upon that.

Volker
(This used to be commit 5718df44d9)
2007-10-10 13:45:27 -05:00
Andrew Bartlett
3dc75cc84f r11367: Ensure to intialise the new logon_parameters (0 for session setups).
Andrew Bartlett
(This used to be commit abff53b633)
2007-10-10 13:45:26 -05:00
Andrew Bartlett
152988a828 r11366: Pass around the flags which indicate if we should support plaintext
logins and NTLM machine account logins.

Andrew Bartlett
(This used to be commit 421e64c2b4)
2007-10-10 13:45:26 -05:00
Andrew Tridgell
ea4ad9152a r11365: fixed a comment typo
(This used to be commit 3333d71ab6)
2007-10-10 13:45:26 -05:00
Andrew Tridgell
804cf59a48 r11364: added a ldb_attr_dn() function for testing if an attribute name is
"dn" or "distinguishedName". This makes us a bit more consistent
(This used to be commit b41b374b55)
2007-10-10 13:45:26 -05:00
Andrew Tridgell
c5b99e3c69 r11363: fixed a problem with provisioning when hklm already exists (the
problem is really caused by hklm not having objectclass attributes on
its records, but this is a workaround)
(This used to be commit 62d5253a03)
2007-10-10 13:45:26 -05:00
Tim Potter
b0dd4140c5 r11362: Remove attempt to decode uint8 array as a security descriptor. Pidl thinks
that because it is an array, the import should also be an array, i.e of
security descriptors.
(This used to be commit fb313c19c6)
2007-10-10 13:45:25 -05:00
Andrew Bartlett
f2d1614906 r11361: Test user@DOMAIN userPrincipalNames
Andrew Bartlett
(This used to be commit 75b002746a)
2007-10-10 13:45:24 -05:00
Andrew Bartlett
18e9c49922 r11360: Pass down a flag indicating that this is an 'old password', and to
expect funny buisness.

Andrew Bartlett
(This used to be commit b2810bd702)
2007-10-10 13:45:24 -05:00
Andrew Bartlett
f003a02ef2 r11359: More lovely cracknames tests...
Andrew Bartlett
(This used to be commit 35cbdd5c9d)
2007-10-10 13:45:24 -05:00
Andrew Bartlett
2bb739396c r11358: Ensure domains are always upper-case as well. Helps NTLMv2.
Andrew Bartlett
(This used to be commit 82527491b2)
2007-10-10 13:45:24 -05:00
Andrew Bartlett
efa0106627 r11357: Add more standard 'servicePrincaipalName' entries to our host account
in provision.

Andrew Bartlett
(This used to be commit 8ed6156280)
2007-10-10 13:45:24 -05:00
Andrew Bartlett
256a872763 r11356: More cracknames work. This copes with a lookup for a
servicePrincipalName with a realm, which always returns 'domain only',
with the realm as the domain.

Andrew Bartlett
(This used to be commit 476cd0c649)
2007-10-10 13:45:23 -05:00
Andrew Bartlett
09bfb8ffb0 r11355: Test for error returns when we don't specify the newly discovered
'workstation for account on NTLM' flag.

Andrew Bartlett
(This used to be commit aa5b6cf7c4)
2007-10-10 13:45:23 -05:00
Andrew Tridgell
e0ab3485ee r11354: - generate a ejs error on bad ldif to add/modify
- fixed a double free error in ldb.close()
(This used to be commit 7f797e7097)
2007-10-10 13:45:23 -05:00
Andrew Tridgell
d812957a31 r11353: a bit of an improvement to the ldb_tdb error handling
(This used to be commit 896704f5c1)
2007-10-10 13:45:23 -05:00
Andrew Bartlett
56576de528 r11352: Add newly discovered (via the radiator lists) flags for controlling
plaintext and machine account logins.

Update tests to confirm this behaviour.

Andrew Bartlett
(This used to be commit a0ed41d379)
2007-10-10 13:45:22 -05:00
Andrew Bartlett
a0dcf1aa1c r11351: Another add-hoc test.
Andrew Bartlett
(This used to be commit 326ffb2cc0)
2007-10-10 13:45:22 -05:00
Andrew Bartlett
524eeac064 r11350: Add some debugs to assist tracking down kerberos issues in future.
(Make it easy to see what was put into the keytab, so we can tell when
gssapi screams that it can't pull it out).

Andrew Bartlett
(This used to be commit c56142c4ac)
2007-10-10 13:45:22 -05:00