summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett20-174/+181
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5987: Add credentials callback for gtk+. The gtk+ apps now no longerJelmer Vernooij6-39/+115
ask for a password when kerberos is being used. (This used to be commit 642ec7cbef6d392b49ed0fe86d1816d4953e30ad)
2007-10-10r5986: Fix the build. Metze, could you please verify that this fix is correct?Jelmer Vernooij1-3/+3
(This used to be commit f3006e623bcf65a05238fbd3362ee958b948e70b)
2007-10-10r5985: Actually adding auth_domain.c in -r 5983 would probably have been aAndrew Bartlett1-0/+199
good idea.... Andrew Bartlett (This used to be commit 84b566a36bbe7101c5fbd90c131b13e6c259c990)
2007-10-10r5984: Add index and attributes to default ldif for secrets.ldbAndrew Bartlett1-1/+6
Andrew Bartlett (This used to be commit 41dea45892362c4b25a93d8719fb7843485a7b98)
2007-10-10r5983: Start support for being a domain member in Samba4.Andrew Bartlett3-2/+15
This adds the auth_domain module to the auth subsystem, and cleans up some small details around the join process (ensuring all the right info is in the DB). Andrew Bartlett (This used to be commit 858cbfb8210239aa85a01da95e5beb9546a998a5)
2007-10-10r5980: Fix double free after unexpected disconnect.Jelmer Vernooij1-1/+5
(This used to be commit 6149bd3702a0293fc1f798de7c399e3e6858416d)
2007-10-10r5977: Fix uninitialised memory bug in ndr_pull_ref_ptr(). This fixes theJelmer Vernooij2-21/+7
Test_DoublePointer test failure. (This used to be commit 4089d5f67d6e4121056a63ececb13187fd773636)
2007-10-10r5976: SIDs can't have more then 5 subauths (caught by [validate] andJelmer Vernooij3-2/+5
range()) (This used to be commit ec1eaa274b997197ca6996457229c802f1b76d56)
2007-10-10r5963: Fix parameter passing for gentest and locktestJelmer Vernooij2-17/+21
(This used to be commit 28914c89dc1400d8364c13258ec0e8558acc7dfd)
2007-10-10r5949: give things more meaning, and reuse structs where it is possibleStefan Metzmacher3-126/+132
to make things more clear metze (This used to be commit adefeeb4f362dba06cddacf6f58194ef1f967ec9)
2007-10-10r5947: print out the password hashes when -d 100 is in use,Stefan Metzmacher1-0/+9
very usefull for creating a keytab file with metze (This used to be commit 15b80a28dbf2004f63648fede61e514e55030018)
2007-10-10r5942: A couple of small changes to fix things up with the new credentialsAndrew Bartlett2-3/+4
infrustructure. Andrew Bartlett (This used to be commit d51718ab8a3771ada4e342a384b744edb803db40)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett53-452/+493
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5940: fix schannel against w2k, it skips the confounder in the signature ↵Stefan Metzmacher1-1/+2
(24 bytes) for singed packets but it accepts 32 bytes from the client. (w2k3 accept it the otherway arround too) metze (This used to be commit 08d4c3b9f8558ee40c73a22b3ec110b052f28110)
2007-10-10r5939: improve talloc_realloc() docs after feedback from lifelessAndrew Tridgell1-1/+5
(This used to be commit 301cbb0d12919f83d6b735c2e23b49fb49d5394d)
2007-10-10r5938: - allow NULL string argument to talloc_vasprintf_append()Andrew Tridgell1-1/+9
- default to using va_copy(), thus assuming a modern libc (This used to be commit 3060b26c9e745330682f6209d97e723113b65b56)
2007-10-10r5937: - performance improvement to talloc_asprintf_append()Andrew Tridgell2-5/+10
- allow standalone talloc to use gcc printf attributes (This used to be commit e25aa54e962796e6e7385afed57aa287ef6f869d)
2007-10-10r5932: Use cli_credentials somewhat more in the Gtk+ codeJelmer Vernooij9-53/+59
Support ncacn_spx in DCE/RPC bindings. (This used to be commit a0233a3a9a83176ae46873d3a25ed601758a1511)
2007-10-10r5930: Fix initialisation of dcerpc_binding->authserviceJelmer Vernooij1-0/+2
(This used to be commit f8cf161e0e59bd6b2a62135be8511403f4e9ca70)
2007-10-10r5929: Use cli_credentials for the SMB functions as well.Jelmer Vernooij11-95/+52
Fix a couple of bugs in the new cli_credentials code (This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij31-278/+186
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5924: Use cli_credentials in libnet/.Jelmer Vernooij6-24/+10
(This used to be commit e5bc6f4f1716568ae7022d61b5b35ee047b58414)
2007-10-10r5917: First step in using the new cli_credentials structure. This patchJelmer Vernooij25-351/+479
puts support for it into popt_common, adds a few utility functions (in lib/credentials.c) and the callback functions for the command-line (lib/cmdline/credentials.c). Comments are welcome :-) (This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
2007-10-10r5906: Fix the usage of the internal popt (make proto should ignore it)Jelmer Vernooij15-662/+2207
Updated included popt to 1.7. (This used to be commit d60cb643e8a46771f3d836307ea45b869f34dc9b)
2007-10-10r5903: While I can't test IPv6, metze asked me to commit a matching changeAndrew Bartlett1-0/+3
for unknown hosts that I just did for IPv4. Andrew Bartlett (This used to be commit 7e1d82a200b3c679b727e0ef28a245389708ae2f)
2007-10-10r5902: A rather large change...Andrew Bartlett44-542/+714
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5901: Add another option to the test script - the realm, which must matchAndrew Bartlett1-3/+4
the real ream, not just the short domain name. Andrew Bartlett (This used to be commit d585e1a759888df01cfabfec2d6d5506cf3bd426)
2007-10-10r5900: Use flatname to specify the netbios domain name (matches what win2k3Andrew Bartlett2-5/+5
uses for trusted domain records) in the secrets join records. Andrew Bartlett (This used to be commit a6c502832c4ef471bd423b795f210abf3bb96ca5)
2007-10-10r5899: Fix spelling.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 50af206477d8834d58629131e8cc994fb194adfe)
2007-10-10r5898: Handle errors in the 'sync' name and IP address handling code.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 6b8b40f73bd8b7ce23effc8eb1d808db77bcbf8b)
2007-10-10r5895: Remove old auth_domain code - to be replaced with entirely new ↵Andrew Bartlett1-552/+0
implementation. Andrew Bartlett (This used to be commit a16339729d25fc5b12846207afe3800df7fca8d5)
2007-10-10r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.Andrew Bartlett3-5/+6
Andrew Bartlett (This used to be commit 7822101cb5213f192f3195648970784a9de4fac4)
2007-10-10r5878: Be clear which machine name (We have one worksation, and one BDC) weAndrew Bartlett1-7/+7
are doing logins with. Andrew Bartlett (This used to be commit b7297c44faea0ae8b38fb9a90c22c5be3c8f689f)
2007-10-10r5877: It is not an error to have a zero-length secret, after decryption.Andrew Bartlett1-3/+5
Andrew Bartlett (This used to be commit b484776cc4d48690d45c668f9253015eb0d6207d)
2007-10-10r5876: Add a test account for the duration of the samsync - to ensure we haveAndrew Bartlett2-19/+62
a good variety of things to test against. Add code to testjoin to handle this just like test machine accounts Soon I'll remove the 'must change password' flag, so we can do logins with it. Andrew Bartlett (This used to be commit 08b47e2dc067f7e4a52b982d358ff1b0209cc1df)
2007-10-10r5871: Remove file with unused function (that uses fstring)Jelmer Vernooij3-54/+3
Remove fstring usage from version.c (This used to be commit d25163159c19d6f948551438f459d161ba6ea4ac)
2007-10-10r5867: winreg depends on initshutdown now (uses initshutdown_String)Jelmer Vernooij1-1/+1
(This used to be commit ff478d44bed302f4a27edea56e9b7e897e62c769)
2007-10-10r5866: Add InitShutdown IDL and torture test.Jelmer Vernooij10-12/+244
Implement push side of NDR_LEN4|NDR_NOTERM strings (pull side was already present) (This used to be commit ea61ec1122841716ed5d90085ba79e7bf691bd6a)
2007-10-10r5853: Move some of the functions not specific to the Samba NDR parser generatorJelmer Vernooij3-179/+254
to a new ndr.pm. Add function that can generate a "OrderTable" describing the order in which the NDR data will be pushed/pulled. (This used to be commit 2603a7326d7e54a012a95e37fd54433b85d8acc4)
2007-10-10r5852: Rename ndr.pm to ndr_parser.pmJelmer Vernooij3-2/+2
I'm going to add a ndr.pm later on that'll generate a tree with necessary information for the two NDR backends (eparser, ndr_parser) containing alignment info, etc. (This used to be commit 5162daa9464cd64930f5a8fd0d7b381b122c931d)
2007-10-10r5850: enable parsing of revision 4 security acl'sStefan Metzmacher2-16/+40
metze (This used to be commit 2a6a075c7da2da7bb62fb42936252717bb9d0593)
2007-10-10r5839: add LDAP DirSync control idlStefan Metzmacher1-0/+26
metze (This used to be commit 29d898a338e20c76a2270557b0c401a9672af094)
2007-10-10r5830: start to analyse the attribute values, depending on the attribute typeStefan Metzmacher2-23/+189
metze (This used to be commit 63229b9503950847fbecd6ec22171d8c18d7ac91)
2007-10-10r5828: add some idl for DsAddEntry()Stefan Metzmacher3-11/+68
metze (This used to be commit 3e6ec811288d74921bf3e393213e75d928156772)
2007-10-10r5827: Make ndrdump accept a uuid as well as a pipe name to specifyTim Potter1-3/+9
which rpc interface to use. (This used to be commit d59bc9dc9bb3a11dd07b7862ea10d1b32e670598)
2007-10-10r5800: fix recursiv printing in ndr_print_DsGetNCChangesInfo1()Stefan Metzmacher4-6/+61
metze (This used to be commit 1084ad4bfce6bc20537f5bfccb5a25b60f503b32)
2007-10-10r5799: more DsGetNCChanges updates, I'm starting to understand it...Stefan Metzmacher3-35/+205
also add a really simple torture test for DsGetNCChanges metze (This used to be commit bcde67a7eff9ad82919e90fd64c02a17610c6f0e)
2007-10-10r5798: limit the size of an sid, 28 bytes complete is the biggest SIDStefan Metzmacher1-1/+1
that can be handled. tridge: do you think it would make sense to change the sub_auth[num_auths] to sub_auth[5], so we can copy the struct by sid1 = sid2; comments please metze (This used to be commit 2fc8a604b003a6c3425eb7bbf77fbe467c956085)
2007-10-10r5797: - add idl property [subcontext_size()]Stefan Metzmacher3-33/+74
this can be used like this [subcontext_size(28),subcontext(0)] dom_sid sid; this descripes a fixed 28 byte buffer which contains a dom_sid, and the rest of the buffer is padded with zero bytes if the dom_sid doesn't need all 28 byte in it's ndr encoding. - only push and pull the subcontext when we are in the NDR_SCALARS section (tridge, jelmer: I hope this is correct for all cases...!?:-) metze (This used to be commit 483bb1418fd5c70c418142ade80c1e286adfa05a)