summaryrefslogtreecommitdiff
path: root/source4/ntp_signd
Commit message (Collapse)AuthorAgeFilesLines
* source4/smbd: Do not overstamp the process model with "single"Gary Lockyer2017-10-191-12/+1
| | | | | | | | | Instead, except in RPC which is a special SNOWFLAKE, we rely on the struct service_details in the init function. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* source4/smbd: refactor the process model for preforkGary Lockyer2017-10-191-2/+8
| | | | | | | | | | | | | | | | | | Refactor the process model code to allow the addition of a prefork process model. - Add a process context to contain process model specific state - Add a service details structure to allow service to indicate which process model options they can support. In the new code the services advertise the features they support to the process model. The process model context is plumbed through to allow the process model to keep track of the supported options, and any state the process model may require. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4: Add TALLOC_CTX * to register_server_service().Jeremy Allison2017-05-111-1/+1
| | | | | | | | Use the passed in context from callers. Remove one talloc_autofree_context(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2017-04-221-2/+2
| | | | | | | | | | | | | | | | | | | | XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
* build: Build with system md5.h on OpenIndianaAndrew Bartlett2013-06-191-1/+1
| | | | | | | | | | | | | | | | | | | | This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
* Use the new directory_create_or_exist_strict() function.Andreas Schneider2013-01-091-1/+1
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ntp_signd: Only allow group access to the ntp signd directory.Andrew Bartlett2012-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Existing installations running ntp as group 'ntp' will need to change the permissions on the ntp_signd socket directory (eg PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd) The reason is that allowing other users on the host access to this directory would allow them to potentially spoof time on the network, or attack the password database with a chosen plaintext attack. Permissions should be changed to: ownership root:ntp (if ntp runs as gid ntp) mode 0750 (this is what it will be created as) If the permissions are not changed, Samba will refuse to start the ntp_signd server, and NTP operations will not be signed. As the error is declared fatal, in the future, Samba may totally refused to start. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
* s4:ntp_signd: fix SEGV if SID cannot be foundArvid Requate2012-08-141-1/+5
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-0/+1
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* source4/: Fix prototypes for all functions in various subsystems.Jelmer Vernooij2011-03-191-0/+2
|
* ldb: use #include <ldb.h> for ldbAndrew Tridgell2011-02-101-2/+2
| | | | | | | | thi ensures we are using the header corresponding to the version of ldb we're linking against. Otherwise we could use the system ldb for link and the in-tree one for include Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4: Build ldap and samba3_smb services as shared modules.Jelmer Vernooij2010-11-151-1/+1
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Nov 15 03:04:41 UTC 2010 on sn-devel-104
* s4-server: make server sockets a child of the task contextAndrew Tridgell2010-11-151-1/+2
| | | | | | | | | | | | We previously allocated sockets as direct children of the event context. That led to crashes if a service called task_server_terminate(), as it left the socket open and handling events for a dead protocol. Making them a child of the task allows the task to terminate and take all its sockets with it. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* web_server: Build as module.Jelmer Vernooij2010-11-141-1/+2
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Nov 14 17:58:05 UTC 2010 on sn-devel-104
* samdb: Lowercase library name.Jelmer Vernooij2010-11-071-1/+1
|
* s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2010-10-311-15/+0
| | | | | | | | The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
* s4-smbd: don't initialise process models more than onceAndrew Tridgell2010-10-301-1/+1
| | | | | | | | | this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-1/+1
|
* s4:SID handling - always encode the SID using "ldap_encode_ndr_dom_sid" for ↵Matthias Dieter Wallnöfer2010-09-131-1/+2
| | | | | | LDAP filters This makes also lookups through special backends as "samba3sam" work.
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-4/+4
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:ntp_signd/ntp_signd.c - add casts to suppress warnings on Solaris 10Matthias Dieter Wallnöfer2010-06-291-2/+2
|
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-181-7/+2
|
* Revert "s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functions"Matthias Dieter Wallnöfer2010-04-131-1/+1
| | | | | We should use the "ldb_get_*_basedn" calls since they are available in the LDB library.
* s4-waf: removed the AUTOGENERATED markersAndrew Tridgell2010-04-061-4/+0
| | | | we won't be using the mk -> wscript generator again
* s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell2010-04-061-0/+2
| | | | them
* build: commit all the waf build files in the treeAndrew Tridgell2010-04-061-0/+11
|
* s4-ntp: Fixed the memory context of tstream_bsd_existing()Andreas Schneider2010-02-261-1/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-ntp_signd: Migrate to tsocket.Andreas Schneider2010-01-132-132/+286
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-dsdb: create a static system_session contextAndrew Tridgell2009-10-231-1/+1
| | | | | | This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
* s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell2009-09-181-3/+3
| | | | | | When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
* s4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpdAndrew Bartlett2009-08-221-3/+1
| | | | | | | The change to protocol version 1 was not intentional, and broke the protocol established with the ntp.org project. Andrew Bartlett
* s4:torture Add test for the NTP signd serverAndrew Bartlett2009-08-111-0/+7
| | | | | | | | This is used by at patch to the NTP project to supply authenticated time as required by MS-SNTP. (ie, to keep windows clients in time sync in the domain) Andrew Bartlett
* s4:service_stream: s/private/private_dataStefan Metzmacher2009-02-021-4/+4
| | | | metze
* s4:ntp_signd: s/private/private_dataStefan Metzmacher2009-02-021-4/+4
| | | | metze
* Fix missing symbols issues when building with shared libraries.Jelmer Vernooij2008-12-221-1/+1
|
* s4: add some useful link and the patch for the ntp_signd supportStefan Metzmacher2008-12-032-0/+586
| | | | metze
* Move source4/lib/crypto to lib/crypto.Jelmer Vernooij2008-09-241-1/+1
|
* Rename smbd -> samba.Jelmer Vernooij2008-09-241-1/+1
| | | | | | | | This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091. Conflicts: source4/smbd/server.c
* Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce2008-09-231-1/+1
| | | | | The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
* s4: allways initialize the process model before it's usedStefan Metzmacher2008-09-221-1/+1
| | | | metze
* Revert "Rename smbd -> samba."Jelmer Vernooij2008-09-211-1/+1
| | | | This reverts commit 0e9008be35a5b334bd65e6417193d4b8f27bdc36.
* Rename smbd -> samba.Jelmer Vernooij2008-09-211-1/+1
|
* Only allow trust accounts access to the NTP signing service.Andrew Bartlett2008-08-111-3/+9
| | | | (This used to be commit 30da1b534f00ba6ef6cf86cba603732bc6e1ad43)
* Don't sign NTP packets to disabled accountsAndrew Bartlett2008-06-191-1/+10
| | | | | | | (As this would allow an offline attack on their password) Andrew Bartlett (This used to be commit e28481fc0976231c6f4cb7a5f7c7708f4becdb18)
* Allow the ntp_signd socket to be set from configure.Andrew Bartlett2008-05-291-4/+18
| | | | | | | | This will allow distributions to hard-code this path, particularly for selinux, and matches how we handle the winbind socket dir. Andrew Bartlett (This used to be commit c8b441650400ed1b24c89991f5752dad3c87795f)
* Final fixes to for a functional NTP signing deamon.Andrew Bartlett2008-05-291-15/+118
| | | | | Andrew Bartlett (This used to be commit 4dcc0cd06ef2f6c496e2112f6378088a1c27d2f2)
* Bring up the ntp signing deamonAndrew Bartlett2008-05-282-20/+25
| | | | | | | This starts ntp_signd at startup, and fixes some build issues. Andrew Bartlett (This used to be commit cb0dcd5c3dfe2a46755270a4594b7289f555d814)
* Start an 'NTP signing server' in Samba4.Andrew Bartlett2008-05-272-0/+274
I am modifying the ntp.org server to talk to this service, to sign packets per MS-SNTP. Andrew Bartlett (This used to be commit 0c15385e6068d2f70ff11aa5837adbd6d78410ae)
View Lorry Controller Status