IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The NT_STATUS_MORE_PROCESSING_REQUIRED status code is what gensec
is expecting in any case.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The GSE layer is now used via the GENSEC module, so we do not need these
functions exposed any more.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This simplifies a lot of code, as we know we are always dealing
with a struct gensec_security, and allows the gensec module being
used to implement GSSAPI to be swapped for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This simplifies a lot of code, as we know we are always dealing with a
struct gensec_security, and allows the gensec module being used to
implement GSSAPI to be swapped when required for AD-server operation.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is now used in the GSE GSSAPI client, so that when we connect to
a target server at the CIFS level, we use the same name to connect
at the DCE/RPC level.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 22 20:57:27 CET 2011 on sn-devel-104
This structure handles more than NTLMSSP now, at least when we are an AD DC
and so changing the name may avoid some confusion in the future.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
We always dereferenced auth_ntlmssp_state->gensec_security, so now we
do not bother passing around the whole auth_ntlmssp_state.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This will allow it to be a wrapper around a gensec module, which
requires that they options be set on a context, but before the
mechanism is started.
This also simplfies the callers, by moving the lp_*() calls
into one place.
Andrew Bartlett
The IDMAP term is normally associated with Winbind's idmap stuff.
These functions deal with id caching not id mapping.
Signed-off-by: Simo Sorce <idra@samba.org>
This reverts commit 102f39ae3e.
These messages are handled by smbd not winbind, and could potentially be of
general interest.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Fri Aug 19 16:16:05 CEST 2011 on sn-devel-104
smbd is not the only daemon interested in smb.conf changes. Move this
message to the GENERAL class so that all interested partied (nmbd,
winbindd, spoolssd, etc..) can receive this notification.
Signed-off-by: Andreas Schneider <asn@samba.org>
This has been broken since ff0ac5b0 (May 2007).
Basically all messages were belonging to the General class except for CTDB
messages.
This fixed the message_send_all() function to correctly compute the class, and
fixes registrations to include all they need to cope with the fact not all
messages are of calss general (registrations rotted a bit because as long as
FLAG_MSG_GENERAL was defined the process woould receive all messages).
Signed-off-by: Andreas Schneider <asn@samba.org>
The FLAG_MSG_PRINT_NOTIFY class is actually obsolete and never used, as the
only message belonging to it is not used either.
Signed-off-by: Andreas Schneider <asn@samba.org>
There is no need to mask out these flags as they simply are not set
yet.
The correct abstraction is to ask for NTLMSSP features.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This is changed so that the callers ask for the additional flags
that they need, starting with no additional flags.
This helps to create a proper abstraction layer in
ntlmssp_wrap/auth_ntlmssp.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We detect this function at configure time, but it currently fails to
operate the way we need - that is, when the principal is not
specified, it gives this error. When the principal is specified we
get 'wrong principal in request' in the GSS acceptor, so for now the
best option is to fall back to the alternate approach.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jul 20 06:35:05 CEST 2011 on sn-devel-104
We may not be able to obtain the full error string, so print what we can get.
This is required when the error is the the GSSAPI layer, not the mechanism.
Andrew Bartlett
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.
Andrew Bartlett
This will allow this structure to be shared, and allow us to create a
common messaging system between all Samba processes. Samba4 uses the
task_id to indicate the different tasks within a single unix process.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
in the early CTDB days, the RELEASE_IP message was defined
and some code was added to react on such a message to make
smbd exit if the IP address it was using for the server socket
is removed by CTDB.
Later, it was discovered that we need to stop smbd immediately
and logic was added to ctdb_conn to call release_ip() without
going through the messaging system.
So this code is not used and can be removed
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri May 20 16:18:24 CEST 2011 on sn-devel-104
These come in via the smb_krb5.h include (and lib/replace/system/kerberos.h)
in the end.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Tue May 10 23:12:31 CEST 2011 on sn-devel-104
This is constant data according to the man pages I find for this
fucntion, and causes a segfault to free() when linked to Heimdal. I
am advised that while it is constant for gss_mech_krb5, it may not be
for other mechanisms, so an assert will ensure this is dealt with by
the programmer who extends this code in future.
Andrew Bartlett
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.
We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.
Andrew Bartlett
This Heimdal function does not set the global state, and allows the
GSSAPI server to progress further when compiled against Heimdal (such
as in the top level build).
The ability to specify a keytab has been removed from the API as it is
unused, and and the Heimdal function (avoiding setting global
variables) works with an open keytab.
Andrew Bartlett
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
this brings the s3 waf build much closer to the proposed s3build top
level build, using the same bld.SAMBA3_*() rules
There are a few renames of subsystems in here, with a 3 suffix where
it would create a conflict.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Volker, Tridge and other clustering gurus, please check.
It is ok to get rid of ifdef CLUSTER_SUPPORT here, right ?
Why was unique_id not marshalled at all ?
Guenther
(in preparation of merging struct server_id).
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 16 00:02:33 CET 2011 on sn-devel-104
Since commit 7022554, smbds share a printcap cache (printer_list.tdb),
therefore ordering of events between smbd processes is important when
updating printcap cache information. Consider the following two process
example:
1) smbd1 receives HUP or printcap cache time expiry
2) smbd1 checks whether pcap needs refresh, it does
3) smbd1 marks pcap as refreshed
4) smbd1 forks child1 to obtain cups printer info
5) smbd2 receives HUP or printcap cache time expiry
6) smbd2 checks whether pcap needs refresh, it does not (due to step 3)
7) smbd2 reloads printer shares prior to child1 completion (stale pcap)
8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1
9) smbd1 reloads printer shares based on new pcap information
In this case both smbd1 and smbd2 are reliant on the pcap update
performed on child1 completion.
The prior commit "reload shares after pcap cache fill" ensures that
smbd1 only reloads printer shares following pcap update, however smbd2
continues to present shares based on stale pcap data.
This commit addresses the above problem by driving pcap cache and
printer share updates from the parent smbd process.
1) smbd0 (parent) receives a HUP or printcap cache time expiry
2) smbd0 forks child0 to obtain cups printer info
3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0
4) smbd0 reloads printer shares
5) smbd0 notifies child smbds of pcap update via message_send_all()
6) child smbds read fresh pcap data and reload printer shares
This architecture has the additional advantage that only a single
process (the parent smbd) requests printer information from the printcap
backend.
Use time_mono in housekeeping functions As suggested by Björn Jacke.
