summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6113: Move GENSEC and the kerberos code out of libcli/auth, and intoAndrew Bartlett30-524/+531
auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
2007-10-10r6112: try to decompress all chunks and put them togetherStefan Metzmacher1-38/+73
it produces the correct DATA_BLOB length, but only the first chunk is successfull decompressed... metze (This used to be commit 0d44d077975d756023f1dcc8d2c3ebf06305e355)
2007-10-10r6109: nicer way to handle compression in the torture testStefan Metzmacher1-5/+4
metze (This used to be commit a3cec189e1f5d137ba2f2829def03b060b59f0e2)
2007-10-10r6101: only allow properties we know about, that helps to catch typos!Stefan Metzmacher1-1/+98
what does length_of() and id() do? metze (This used to be commit 55963934db51fadb1340c7a2ec275aa24151dd14)
2007-10-10r6100: - fix nondiscriminant -> nodiscriminant (that takes me 2 days to ↵Stefan Metzmacher1-4/+4
find...:-( ) - use a DATA_BLOB for the driver specific data in the devmode metze (This used to be commit 87d48b20769666b568ac1115246b58995d221148)
2007-10-10r6099: use the enum print functionStefan Metzmacher1-1/+1
metze (This used to be commit ff32e2182e3f11b1b51110c9d3f34bc8781dec0b)
2007-10-10r6098: fix parsing of empty union casesStefan Metzmacher2-2/+2
metze (This used to be commit f3c64120a16289472bdc56329d39c7221d00b558)
2007-10-10r6097: allow compression only on subcontextsStefan Metzmacher1-2/+6
metze (This used to be commit 2a7eead1c8058f829395723028a43b0336a1cf87)
2007-10-10r6094: Work on the Kerberos code recently merged from Samba 3.0. This fixesAndrew Bartlett4-31/+55
up issues I introduced during the merge, that caused a segfault. I've still not got the keytab code to work for me (using Samba3 to generate the keytab) so this is still not fully tested, but it's better than it was. To add debugging, I now use the krb5_get_error_message() function from Heimdal when present, to return the custom error string, which contains far, far more information than the simple error code does. (This last point may well be worth merging back into 3.0) Andrew Bartlett (This used to be commit ed5755d9d1e48df7ae77a9410d30e10cb8b0cbd7)
2007-10-10r6093: Patch to fix sys_select so it can't drop signals if another fdJeremy Allison1-9/+18
is ready to read. Patch from Mark Weaver <mark-clist@npsl.co.uk>. Jeremy. (This used to be commit 857e98e8ea842bb94c93b81d7b69e3d304f100f5)
2007-10-10r6088: Add the socket_wrapper library. This is a very simple library thatJelmer Vernooij4-1/+463
redirects traffic (currently just IP traffic) over unix domain sockets if the SOCKET_WRAPPER_DIR environment variable has been set. Aim is to use this for the Samba4 torture suite on the buildfarm. The socket_wrapper library can only be used if Samba was compiled with --enable-developer. test_rpc.sh passes against a local smbd with SOCKET_WRAPPER_DIR set. (and ethereal showed no traffic whatsoever) Stuff that still needs to be fixed in socketwrapper: - Give ENETUNREACH if target is not localhost - A given port number can only be used for UDP /or/ TCP, not both. - Perhaps allow some calls to circumvent socketwrapper (do we need DNS?) (This used to be commit f8a63a843ccca092d9756b64e09175d37c08550a)
2007-10-10r6087: - remove the dlopen code for now (before it goes back, it needs to beAndrew Tridgell1-44/+1
made into something that isn't a maze of #ifdefs) - when a module is not found, make it a non-fatal error. Otherwise the standalone ldb tools just bail out. The previous code meant that if you had a module listed and it wasn't present then you could _never_ fix it, as you coudln't open the ldb to remove that module from @MODULES ! (This used to be commit c4728625c093d91e522b80c049e0d42d2b5f143b)
2007-10-10r6086: default to stderr for error messages in ldb, so we get errors in ↵Andrew Tridgell1-1/+1
ldb_connect() (This used to be commit a6e492f95c6f31ed37ee32a13a34fa2847d8352d)
2007-10-10r6085: dc is case insensitiveSimo Sorce1-0/+1
(This used to be commit 55117f1ab9171ee77cea5a6635411b23e7c542c8)
2007-10-10r6084: - Introduce the samldb module dependency on samba4Simo Sorce3-328/+254
- This module will take care of properly filling an user or group object with required fields. You just need to provide the dn and the objectclass and a user/group get created Simo. (This used to be commit fb9afcaf533a4c32547d1857306e0aece8063953)
2007-10-10r6079: Add inline documentation on the credentials context API.Andrew Bartlett1-6/+118
Andrew Bartlett (This used to be commit 258c04e3678b936bb564ecef10f14128c0a54510)
2007-10-10r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in theAndrew Bartlett1-4/+0
client. The issue was actually a cut-and-paste bug, I was filling in the .old not the .nt1 part of the union. I've also removed the 'error checks' - I'll shortly document the API for the credentials code to clarify that it will always return a pointer here, except in cases of programmer error. Tridge: I hope this is OK. Andrew Bartlett (This used to be commit 6439de9ec8c8d24197ea69dc337473e54c8b36b8)
2007-10-10r6075: added talloc_enable_null_tracking() (asked for by lifeless)Andrew Tridgell3-2/+21
(This used to be commit 40b8ee186af3e7f771c680dbbb03fdcf559bf103)
2007-10-10r6074: fixed non-spnego connections for new credentials codeAndrew Tridgell1-1/+5
(This used to be commit ff6663aac8ed475bf65d9c06d7f2447a9827898c)
2007-10-10r6070: Fix typo's and fallback to "" as default user name if noJelmer Vernooij2-3/+3
other username could be guessed. (This used to be commit 7fe77cd65901776b5a78e8398547f364379259d3)
2007-10-10r6065: revert test valueStefan Metzmacher1-1/+1
metze (This used to be commit fca4dc4827c98c02051165c1aedf5bdc5354bdda)
2007-10-10r6061: add start of compression support in our rpc codeStefan Metzmacher7-8/+359
this is not complete cuurently... but I want other people to test it and help me on finishing it. (try to change the #if 0 in torture/rpc/drsuapi.c into #if 1) metze (This used to be commit 335adef37082a78e0426decb715629bd778e6582)
2007-10-10r6045: Couple of small GTK+ fixesJelmer Vernooij3-63/+69
Use uint32_t and uint16_t rather then DWORD and WORD in the NT4 backend. Add some more unknown fields.. (This used to be commit 6c3b1ec3296c7ab1ddfdcee86162f2eb0d73f5a8)
2007-10-10r6033: Patch from 'lifeless' to clarify behaviour with NULL pointers.Andrew Bartlett2-1/+3
Andrew Bartlett (This used to be commit 48c518796797f021c9c7f319ca8cd0a0c185f64c)
2007-10-10r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian]. Clearly nobodyAndrew Bartlett3-45/+30
has the patience to run test_w2k3.sh to completion :-) It looks to me that the Windows server runs the RC4 over the C struct, not the NDR data. Andrew Bartlett (This used to be commit c324d974134c35b4c50c91d5a932a63c78b67046)
2007-10-10r6031: don't try to send errors when the socket has been destroyedAndrew Tridgell1-0/+5
(This used to be commit 54c02846791cd8bda942fec847257c00013d3409)
2007-10-10r6030: Missing from previous commit, a small header file to linkAndrew Bartlett1-0/+35
libcli/auth/schannel.c and libcli/auth/schannel_sign.c Andrew Bartlett (This used to be commit 1e0e66d7202d3f0e7fb3c90f2ca608fa08a713a6)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett45-963/+597
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r6027: Add copyright, and add a useful debug message.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit b5260cf0d4c4f2e81a310d1c94160c9fbaaa331f)
2007-10-10r6026: Update the kerberos keytab code to match Samba3 again.Andrew Bartlett1-80/+122
(untested at this point). Andrew Bartlett (This used to be commit ef7f9a01b4f3fa41fd7981b260fa2fadc7ce10ad)
2007-10-10r6025: Remove unused variables. This code will be modified again for the newAndrew Bartlett1-6/+2
cli_credentials code shortly. Andrew Bartlett (This used to be commit 13d09c8e9a50ae265059e4a0d92a07c651018a6c)
2007-10-10r6024: Some of the ordering constraints on the popt callbacks were gettingAndrew Bartlett3-25/+100
painful, so don't call lp_*() functions until the post stage (rather than in the cli_credentails_init(), which is called in the pre stage), and don't open the secrets.ldb looking for the machine account details until we actually need them (well after popt is done, and we know we have the other things right). Set the domain and realm, as well as the account and password for -P (fetch machine password) operation. Allow NETLOGON credentials to be stored in this structure - will allow SCHANNEL to be made more generic. Clarify why we don't do special checks for NULL pointers, particularly in the anonymous check (it indicates a programmer error, not a run-time condition). Also make lib/credentials.c a little more consistant. Andrew Bartlett (This used to be commit 730e6056b730c15008772c30cd6f7c03fb6b7e5f)
2007-10-10r6019: Add IDL and server side code for Test_DoublePointerJelmer Vernooij2-0/+14
(This used to be commit 0559f22bbe854b7d5e15db471e51264cce413e6f)
2007-10-10r6018: Add idl and server side for Test_SurroundingJelmer Vernooij3-4/+17
(This used to be commit ed11601aef11df35f30b10e422e7113976dc6f26)
2007-10-10r6015: Add testprogs/ directory and original rpcecho sourcesJelmer Vernooij7-0/+811
( from tridges junkcode at http://samba.org/ftp/unpacked/junkcode/rpcecho-win32 ) (This used to be commit e33397f383342d91326a5c2939c5213a5fc5d9cd)
2007-10-10r6010: Change the testing order, so we test all transports for each bindingAndrew Bartlett2-4/+4
option, rather than all binding options for each transport. This means that we get to most of the tests earlier, with at least some binding options. (And allows us to have some confidence before waiting for an RPC-SAMR test to finish with bigendian). Andrew Bartlett (This used to be commit 5c3e4df804e38037d0337e8ef288127d6cdda28a)
2007-10-10r6000: add some notes about the cases where compression (or what ever this is)Stefan Metzmacher2-1/+19
is used, in the reply. metze (This used to be commit 618dadb7ef092af0f2c13c2e67874041f54f4e98)
2007-10-10r5999: ups, remove the testvalue that I used against my w2k3 serverStefan Metzmacher1-1/+1
metze (This used to be commit 3d3e09af16c4f9a6bc8f6ae615f744a04f352ed0)
2007-10-10r5998: I was wrong with the highwater mark...Stefan Metzmacher3-31/+58
I think I now understand how it works:-) metze (This used to be commit f8add2e66a56896d9bb18991091e1b17c29910b1)
2007-10-10r5992: Rename schannel.c -> schannel_sign.c. The rest of the schannel codeAndrew Bartlett2-1/+1
(from librpc) will be moved into schannel.c soon. Andrew Bartlett (This used to be commit d6c80ff74b0550641c253316b37f1050c207791c)
2007-10-10r5989: Display authentication information (list of available auth protocolsJelmer Vernooij2-6/+43
+ principal names per endpoint) to gepdump. Still need to fix memory management in the GTK+ utilities... (This used to be commit b48a0af0b0fbf1234627ec785699896a44b23e75)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett20-174/+181
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5987: Add credentials callback for gtk+. The gtk+ apps now no longerJelmer Vernooij6-39/+115
ask for a password when kerberos is being used. (This used to be commit 642ec7cbef6d392b49ed0fe86d1816d4953e30ad)
2007-10-10r5986: Fix the build. Metze, could you please verify that this fix is correct?Jelmer Vernooij1-3/+3
(This used to be commit f3006e623bcf65a05238fbd3362ee958b948e70b)
2007-10-10r5985: Actually adding auth_domain.c in -r 5983 would probably have been aAndrew Bartlett1-0/+199
good idea.... Andrew Bartlett (This used to be commit 84b566a36bbe7101c5fbd90c131b13e6c259c990)
2007-10-10r5984: Add index and attributes to default ldif for secrets.ldbAndrew Bartlett1-1/+6
Andrew Bartlett (This used to be commit 41dea45892362c4b25a93d8719fb7843485a7b98)
2007-10-10r5983: Start support for being a domain member in Samba4.Andrew Bartlett3-2/+15
This adds the auth_domain module to the auth subsystem, and cleans up some small details around the join process (ensuring all the right info is in the DB). Andrew Bartlett (This used to be commit 858cbfb8210239aa85a01da95e5beb9546a998a5)
2007-10-10r5980: Fix double free after unexpected disconnect.Jelmer Vernooij1-1/+5
(This used to be commit 6149bd3702a0293fc1f798de7c399e3e6858416d)
2007-10-10r5977: Fix uninitialised memory bug in ndr_pull_ref_ptr(). This fixes theJelmer Vernooij2-21/+7
Test_DoublePointer test failure. (This used to be commit 4089d5f67d6e4121056a63ececb13187fd773636)
2007-10-10r5976: SIDs can't have more then 5 subauths (caught by [validate] andJelmer Vernooij3-2/+5
range()) (This used to be commit ec1eaa274b997197ca6996457229c802f1b76d56)