sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-29 11:21:54 +03:00
Code
697d4ea8ff
samba-mirror/source3/libads
History
Andrew Bartlett bb7806283e s3-libads Default to NOT using the server-supplied principal from SPNEGO 
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks.  (Becuase
it isn't the name being contacted that is verified with the KDC).

This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour.  As in Samba4, this
defaults to false.

Against 2008 servers, this will not change behaviour.  Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.

Andrew Bartlett
2010-12-10 16:08:30 +11:00
..
ads_ldap_protos.h s3: Remove unused ads_search_retry_extended_dn 2010-11-20 14:42:44 +01:00
ads_proto.h s3: Make ads_ranged_search_internal static 2010-11-20 14:42:44 +01:00
ads_status.c s3-kerberos: only use krb5 headers where required. 2009-11-27 16:36:00 +01:00
ads_status.h s3-libads: move ads_status to a separate header file. 2010-07-01 23:20:39 +02:00
ads_struct.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
authdata.c s3-krb: Reformat and add doxygen comment to decode_pac_data() 2010-08-30 14:26:37 +02:00
cldap.c s3: only use netlogon/nbt header when needed. 2010-05-31 11:32:37 +02:00
cldap.h s3: only use netlogon/nbt header when needed. 2010-05-31 11:32:37 +02:00
disp_sec.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
dns.c s3/libads: use monotonic clock for DNS timeouts 2010-09-07 20:29:13 +02:00
dns.h s3-libads: move ads_dns out of main includes. 2010-07-01 23:20:40 +02:00
kerberos_keytab.c s3-libads: avoid crashing in ads_keytab_list(). 2010-08-31 23:17:39 +02:00
kerberos_proto.h s3-krb5: include krb5pac.h where needed. 2010-08-06 15:43:37 +02:00
kerberos_util.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
kerberos_verify.c s3-krb5 Only build ADS support if arcfour-hmac-md5 is available 2010-08-13 09:08:27 -04:00
kerberos.c s3-secrets: only include secrets.h when needed. 2010-08-05 10:12:25 +02:00
krb5_errs.c s3-kerberos: only use krb5 headers where required. 2009-11-27 16:36:00 +01:00
krb5_setpw.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
ldap_printer.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
ldap_schema.c s3: Remove unused ads_get_attrname_by_oid 2010-11-20 14:42:44 +01:00
ldap_schema.h s3: Remove unused ads_get_attrname_by_oid 2010-11-20 14:42:44 +01:00
ldap_user.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
ldap_utils.c s3: Make ads_ranged_search_internal static 2010-11-20 14:42:44 +01:00
ldap.c libcli/security Provide a common, top level libcli/security/security.h 2010-10-12 05:54:10 +00:00
ndr.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
sasl_wrapping.c s3: avoid global include of ads.h. 2010-08-05 00:32:02 +02:00
sasl.c s3-libads Default to NOT using the server-supplied principal from SPNEGO 2010-12-10 16:08:30 +11:00
sitename_cache.c s3 move the sitename cache in its own file 2010-02-23 12:46:26 -05:00
sitename_cache.h s3 move the sitename cache in its own file 2010-02-23 12:46:26 -05:00
util.c s3-secrets: only include secrets.h when needed. 2010-08-05 10:12:25 +02:00