sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-13 13:18:06 +03:00
Code
17,008 Commits 60 Branches 1,145 Tags
Commit Graph

17008 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stefan Metzmacher
c4c79aa1b6 gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work 
SMB signing with aes doesn't work, but still works with
arcfour-hmac-md5, des-cbc-md5 and des-cbc-crc.

metze
(This used to be commit 73964f069056f46f2f27fc690e42e5c91ae1fe19)
 2008-07-28 16:15:23 +02:00
Stefan Metzmacher
2d2911c788 libcli/smb2: the session key for SMB2 signing is truncated to 16 bytes 
To make that work (as a client) with aes128 and aes256 krb5 keys
we need to use gsskrb5_get_subkey().

metze
(This used to be commit 0c6d988f2083067e1ac7b07a492f88cefd3ba906)
 2008-07-28 16:15:23 +02:00
Stefan Metzmacher
0251096a89 smb2srv: sign SMB2 Logoff replies 
metze
(This used to be commit 2844e361730a6bc640ea89d0e10059deca1ca867)
 2008-07-28 14:09:46 +02:00
Stefan Metzmacher
8623e2cc4c smb2srv: correctly hold the signing state per session 
metze
(This used to be commit 5b3ba3f3556e8031133128853cd2324ee3852aa1)
 2008-07-28 14:09:45 +02:00
Stefan Metzmacher
35bd7a6378 libcli/smb2: fix per session signing state 
metze
(This used to be commit 8bc12dc77a59e792830d96e84a4e8d1b2c651505)
 2008-07-28 14:09:45 +02:00
Stefan Metzmacher
1a4f4d2cf0 SMB2-CONNECT: remove reference to req->session before calling smb2_logoff_recv() on the invalid session 
metze
(This used to be commit 93203e8e318dd10b9e7096e586187eb271d42134)
 2008-07-28 14:09:45 +02:00
Stefan Metzmacher
4355b31730 libcli/smb2: sign SMB2 Logoff requests 
metze
(This used to be commit 35ee165b146b9157b0cff49e1139a0cb37d98926)
 2008-07-28 14:09:45 +02:00
Andrew Bartlett
e80115deb9 We don't use EXTENSIBLEOBJECT any more. 
(This used to be commit 4b137085c8b89773d4639372bbffd516a41dfc8f)
 2008-07-28 20:51:02 +10:00
Andrew Bartlett
08795db6d6 Make it even clearer what to do next in the LDAP backend setup 
(This used to be commit bace931ad674b5071d53bf9c99c383f1d8957e1b)
 2008-07-28 20:26:14 +10:00
Andrew Bartlett
45d60f5bd9 Always print the slapd startup command 
(This used to be commit b1d05e7d14c65133e8ab0ff9d41a26fa7e3d41d3)
 2008-07-28 20:18:17 +10:00
Andrew Bartlett
ade9b6c455 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet 
(This used to be commit 486891bb5167034e54b7477ba09e8f5f914b93e4)
 2008-07-28 18:39:37 +10:00
Stefan Metzmacher
0299edbc02 auth/credentials: explain why we need to the enctypes for the gssapi layer 
metze
(This used to be commit 88970c4d4192635544cf63e79e929e9bb05ecb5f)
 2008-07-28 09:29:42 +02:00
Andrew Bartlett
da9ab5756e Remove unused variable 
(This used to be commit 31a303c099e26423160010c48b305434d4cbea25)
 2008-07-28 08:04:43 +10:00
Andrew Bartlett
cff30c6da6 Remove unused function and make sensitive directories private. 
(This used to be commit e23333d16397606d38e90684d2d916b5b967cde4)
 2008-07-28 08:04:15 +10:00
Andrew Bartlett
5971fd6b9c Fix warnings in new prefixMap code 
(This used to be commit b8770a4fd8408473593fa4c6600bce056183958d)
 2008-07-28 08:02:18 +10:00
Jelmer Vernooij
72d2bea916 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage 
(This used to be commit 7e90cc197c4fb2884f368cd72f391d0d8016fb96)
 2008-07-27 19:57:27 +02:00
Jelmer Vernooij
8d8ccc57e9 Fix location of manpages. 
(This used to be commit 6f5b4ef1d0380d265ce27c882072c759ce19c7c3)
 2008-07-27 19:56:20 +02:00
Stefan Metzmacher
55ea54ec64 gensec_gssapi: add support for signing RPC messages 
metze
(This used to be commit dc2847c0acb0adaede4db72a7517046b93221162)
 2008-07-26 21:48:32 +02:00
Stefan Metzmacher
9437adf68b lib/ldb/tools: allow -W and --realm when build from samba4 
metze
(This used to be commit 0aa6d63ec571b0ca05fbfe14d2b4e9ba3e1082e9)
 2008-07-26 21:46:53 +02:00
Stefan Metzmacher
21592142c3 auth/credentials: use the same enctypes when getting a TGT and a TGS 
metze
(This used to be commit 9fc5750156467f579ea8d7755987d091f5b579c2)
 2008-07-26 21:46:43 +02:00
Stefan Metzmacher
c0ad44f354 dsdb: add a comment about the parameter to DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 
metze
(This used to be commit 2f06fbe06be2e1b77ea013ddba853ce819e58e88)
 2008-07-26 21:45:29 +02:00
Stefan Metzmacher
2385e33095 dsdb/schema: make more clear where we create the value for the new prefix mapping 
metze
(This used to be commit c92eb8b776c17f12622837daeb1786862f380269)
 2008-07-26 21:45:22 +02:00
Stefan Metzmacher
118ecc54ba dsdb/schema: dsdb_write_prefixes_to_ldb() should do the reverse of dsdb_read_prefixes_to_ldb() 
metze
(This used to be commit 34ea9d4a0b1270a27412bf939d7e897a5d68d0a6)
 2008-07-26 21:45:15 +02:00
Stefan Metzmacher
7a633ed96b dcerpc.idl: add DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag 
metze
(This used to be commit 131a1cfdc9a1228d9263c77bcd31b05d2946fd50)
 2008-07-26 21:44:30 +02:00
Stefan Metzmacher
934cfb9880 mamachinepw: add better error handling 
metze
(This used to be commit 7ac424137f62ceacf44e477f4e3805267013005b)
 2008-07-26 20:45:47 +02:00
Volker Lendecke
998b0fef11 Add "mymachinepw" to fetch our machine password out of secrets.ldb 
(This used to be commit 4fbe16deb0e06e145f643568a699b80b431d4f42)
 2008-07-26 20:45:47 +02:00
Stefan Metzmacher
460356c976 smbtorture: add --extra-user option 
This can we used to pass additional credentials to torture tests
(it can be used multiple times.

metze
(This used to be commit 4d80dbfac27659046e0986a2af3d06999e2cb2f2)
 2008-07-26 20:11:09 +02:00
Brad Hards
a05c9ab939 Define HAVE_ASM_BYTEORDER at all times 
(This used to be commit 396ea14732d667960091f4a2570341059914ecb6)
 2008-07-25 17:43:21 +10:00
Andrew Bartlett
c09fa19d13 Per feedback, remove epoch and ldconfig requires. 
See https://bugzilla.redhat.com/show_bug.cgi?id=453083
(This used to be commit 97d02730e8fde56de27aeb51612a4777c2953c9f)
 2008-07-25 14:15:22 +10:00
Andrew Bartlett
552fd06ded Make a new define to ensure the accoc_group_id we use is always in common. 
(This used to be commit b62490e3e21b606b66e0737a403b0d170b64cddd)
 2008-07-25 14:11:18 +10:00
Andrew Bartlett
1f285560bc Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local 
(This used to be commit b12dd8ee5443ebfc204d1684f541d68ffb351197)
 2008-07-25 11:58:51 +10:00
Andrew Bartlett
404846d887 Try to avoid a memory leak if we re-set the global schema 
However, try also not to pull a schema out from under a running ldb
session.

Andrew Bartlett
(This used to be commit 7cf9b9dd0bb35835a7c6e9897ea99951a33c63c7)
 2008-07-25 11:58:24 +10:00
Andrew Bartlett
11798902dc Complain if we are told to use an ldap backend, without the type 
(This used to be commit e9c3c9ad8289ee48efa998ab6b486250dcd40b52)
 2008-07-25 08:45:16 +10:00
Andrew Bartlett
d65f89f7b9 Clarify how we are doing the 'this is a rootdse query' check. 
(This used to be commit 8dfba3160cc4bc518f3ad8570d104e5baae784ca)
 2008-07-25 08:44:00 +10:00
Stefan Metzmacher
79657f78e8 hdb-ldb: fix the callers after drsblobs.idl changes 
metze
(This used to be commit 1223cd17c79d130b46b0e0ccb0f6011c92441173)
 2008-07-24 08:24:10 +02:00
Stefan Metzmacher
0c8fb9361e password_hash: fix the callers after drsblobs.idl changes 
metze
(This used to be commit fac7c79afae05a88ecc2a63c8eb9f2fd53ab7ce6)
 2008-07-24 08:24:09 +02:00
Stefan Metzmacher
8a86e3cb45 drsblobs.idl: unify the Primary:Kerberos and Primary:Kerberos-Newer-Keys structs 
metze
(This used to be commit 4b79a7678571ac2f7d5f827913fdcb419f5d2e20)
 2008-07-24 08:24:09 +02:00
Stefan Metzmacher
aaa29d2fa5 drsblobs.idl: give some unknowns a meaning 
metze
(This used to be commit 231e6f5ab2dc8a3e991a9872be252cffff6f14c6)
 2008-07-24 08:24:08 +02:00
Andrew Tridgell
66f09a7fd1 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test 
(This used to be commit 24309dbf4d9622fcfafa29ef98bc0459fdaa814b)
 2008-07-24 14:26:30 +10:00
Andrew Tridgell
2ecda9fde4 we can't query the ACL on a new file till it exists! 
(This used to be commit 4f6646f06988b1fb8be9e0c8ae833bb9792184af)
 2008-07-24 14:21:52 +10:00
Andrew Tridgell
809632c3df initialise query_maximal_access here too 
(This used to be commit 4b3af09450cf33c6785a3d8fddddc68047f2e388)
 2008-07-24 14:21:31 +10:00
Andrew Tridgell
091c141aba make sure we initialise query_maximal_access 
(This used to be commit 036f73d39a7ef882fd76afcd3c11eef483f6c308)
 2008-07-24 14:20:02 +10:00
Andrew Tridgell
1d12c64066 fixed spelling error 
(This used to be commit 341f64834e13cdbc7d4742a4652ae39b70a4231f)
 2008-07-24 14:19:49 +10:00
Anatoliy Atanasov
05583308fe dsdb_create_prefix_mapping() implementation checks for existing prefix maping in ldb. 
if one not found it creates a mapping for it and updates the prefixMap schema attribute in ldb.
(This used to be commit bbe895db7144b192981fad9ab6bbd3ebacb8d299)
 2008-07-24 11:54:38 +10:00
Anatoliy Atanasov
f619e08f8b Handle schema reloading request. 
The ldif for that operation looks like this:

dn:
changetype: Modify
add: schemaUpdateNow
schemaUpdateNow: 1

It uses the rootdse's object functional attribute schemaUpdateNow.
In rootdse_modify() this command is being recognized and it is send as extended operation with DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID.
In the partition module its dispatched to the schema_fsmo module.
The request is processed in the schema_fsmo module by schema_fsmo_extended().
(This used to be commit 39f9184ddf215f2b512319211c0a05702218ef87)
 2008-07-24 11:54:30 +10:00
Andrew Tridgell
b38045f9da fixd a bug in the signal handling code - we could get phantom signals 
(signum 64)
(This used to be commit af7fb2e38ba27cf8058eb1cef1f96bbc7b19849f)
 2008-07-24 11:48:27 +10:00
Michael Adam
db36f37b8f libnet_become_dc: send msDS_Behavior_Version == 3 (win2k8) in DsAddEntry 
instead of version 2 (win2k3).
This makes the NET-API-BECOME-DC test work against windows 2003 and 2008.

Michael
(This used to be commit a7bfa1fb1bc6fb8e412990b7ff4c3ce9bc55099d)
 2008-07-23 18:02:44 +02:00
Michael Adam
c71030bd04 libnet_become_cd: add boolean option "become_dc:force krb5" to control krb5 auth. 
This allows controlling whether krb5 auth is forced for the rpc bind in
libnet_become_dc. It defaults to "yes". For Windows 2000, DsGetNCChanges
only krb5 auth works due to a bug in Windows (it returns garbage - a
positive object count is returned along with first object == NULL).
For Windows 2008, on the other hand, krb5 auth does not work currently
due to the lack of support for AES keys. (Metze is working on that.)

Michael
(This used to be commit af85aad8147b85a0b9ea2ccc66b8f04efdfe5cf3)
 2008-07-23 18:01:02 +02:00
Michael Adam
1f20ca14cc drsuapi: always set the pid field of the outgoing DsBindInfo to 0. 
This is for debugging and informational purposes only.
The assignment is implementation specific.
(WSPP docs, sec. 5.35).

Michael
(This used to be commit 1f5704e2dee5900e8d1d87699b76f67c0e12854e)
 2008-07-23 15:36:13 +02:00
Michael Adam
e269804b04 libnet_unbecome_dc: teach unbecomeDC_drsuapi_bind_recv() DsBindInfo48. 
..to work agains w2k8.

Michael
(This used to be commit 97e8d5813df19cae294b6de2a880606f0f8c2c59)
 2008-07-23 15:36:13 +02:00