summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r18469: Use new pidl-generated DFS client code.Jelmer Vernooij1-0/+1
(This used to be commit e277fb067b1a12d816c8a066839751c1824d27bb)
2007-10-10r18404: * swap from POLICY_HND to the struct policy_handle from ndr/misc.hGerald Carter1-22/+5
* move OUR_HANDLE macro to include/rpc_misc.h (This used to be commit 2b37079af2f569df7a58878150a61980c6fe06ee)
2007-10-10r18394: get the lsa client code to linkGerald Carter1-0/+5
(This used to be commit 96e412a04cedc4c361c08e0ed1d141f3b018728b)
2007-10-10r18369: I've got a sniff where NT4 sends just a single byte after the 516 byteVolker Lendecke1-1/+1
password blob, it seems that pw_len is just a uint8 instead of uint16. This might also be interesting for Samba4's samr.idl. Volker (This used to be commit 68ded4ba07703a20b046e4a58e7a746a78fcedf5)
2007-10-10r18275: add auto generated dfs codeGerald Carter1-0/+1
(This used to be commit edb7a3607e3fa2090310b5c405f2b0a08f51db78)
2007-10-10r18271: Big change:Gerald Carter5-25/+50
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r18235: stub header to get past compile issues with pidl ndr outputGerald Carter1-0/+40
(This used to be commit 1eaf62557f532d02fb818458c8bf78df7a7bc904)
2007-10-10r18193: Not quite to autogenerated NDR but closer thanks to Jelmer'sGerald Carter6-3/+9
initial work. I'm including the librpc/gen_ndr directory in svn temporarily just to get some compile issues straightened out. (This used to be commit cf271aa433cfa606be5dbf3ed1d94fe3caf57653)
2007-10-10r18188: merge 3.0-libndr branchJelmer Vernooij6-40/+37
(This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675)
2007-10-10r18020: Fix SunX (with LDAP but without ADS)Volker Lendecke1-1/+1
(This used to be commit aa61a16c9f87d7ef002beda0b1795964e76f0ce5)
2007-10-10r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.Volker Lendecke4-0/+98
Compiled it on systems with and without LDAP, I hope it does not break the build farm too badly. If it does, I'll fix it tomorrow. Volker (This used to be commit b2ff9680ebe0979fbeef7f2dabc2e3f27c959d11)
2007-10-10r18013: Fix for "bug" (enhancement) 3684.Derrell Lipman2-0/+20
Provide a new option to specify the share mode to be used when opening a file. (This used to be commit 9b6fee5f6f60638ed80fdedcce4b3d29b091f7aa)
2007-10-10r18009: Fixes bug 4026.Derrell Lipman1-0/+9
This completes the work Jeremy began last week, disambiguating the meaning of c_time. (In POSIX terminology, c_time means "status Change time", not "create time".) All uses of c_time, a_time and m_time have now been replaced with change_time, access_time, and write_time, and when creation time is intended, create_time is used. Additionally, the capability of setting and retrieving the create time have been added to the smbc_setxattr() and smbc_getxattr() functions. An example of setting all four times can be seen with the program examples/libsmbclient/testacl with the following command line similar to: testacl -f -S "system.*:CREATE_TIME:1000000000,ACCESS_TIME:1000000060,WRITE_TIME:1000000120,CHANGE_TIME:1000000180" 'smb://server/share/testfile.txt' The -f option turns on the new mode which uses full time names in the attribute specification (e.g. ACCESS_TIME vs A_TIME). (This used to be commit 8e119b64f1d92026dda855d904be09912a40601c)
2007-10-10r18006: Actually a smaller change than it looks. LeverageJeremy Allison1-0/+3
the get_dc_list code to get the _kerberos. names for site support. This way we don't depend on one KDC to do ticket refresh. Even though we know it's up when we add it, it may go down when we're trying to refresh. Jeremy. (This used to be commit 77fe2a3d7418012a8dbfb6aaeb2a8dd57c6e1a5d)
2007-10-10r17970: Add missing include-guards around ads.h and ads_cldap.h.Jeremy Allison2-3/+7
Remove all reference to "Default-First-Site-Name" and treat it like any other site. Jeremy. (This used to be commit 5ae3564d6844f44a6943b2028917bd457371af1e)
2007-10-10r17945: Store the server and client sitenames in the ADSJeremy Allison2-0/+4
struct so we can see when they match - only create the ugly krb5 hack when they do. Jeremy. (This used to be commit 9be4ecf24b6b5dacf4c2891bddb072fa7543753f)
2007-10-10r17943: The horror, the horror. Add KDC site support byJeremy Allison1-0/+1
writing out a custom krb5.conf file containing the KDC I need. This may suck.... Needs some testing :-). Jeremy. (This used to be commit d500e1f96d92dfcc6292c448d1b399195f762d89)
2007-10-10r17928: Implement the basic store for CLDAP sitenameJeremy Allison1-2/+2
support when looking up DC's. On every CLDAP call store the returned client sitename (if present, delete store if not) in gencache with infinate timeout. On AD DNS DC lookup, try looking for sitename DC's first, only try generic if sitename DNS lookup failed. I still haven't figured out yet how to ensure we fetch the sitename with a CLDAP query before doing the generic DC list lookup. This code is difficult to understand. I'll do some experiments and backtraces tomorrow to try and work out where to force a CLDAP site query first. Jeremy. (This used to be commit ab3f0c5b1e9c5fd192c5514cbe9451b938f9cd5d)
2007-10-10r17922: sync samba3's talloc with samba4's and move the samba3 specific ↵Stefan Metzmacher1-36/+55
stuff to tallocmsg.c metze (This used to be commit 7704e3e51dec1768772663024a0579cb4a271cc1)
2007-10-10r17861: Fix inconsistency found in checking for NULL in DLIST_REMOVEJeremy Allison1-1/+1
macro. Don't check for NULL if we would have already derefed. Jeremy. (This used to be commit 1cb379315a45a0c47feab0df1f07ec5d808a4259)
2007-10-10r17854: Steal the LDAP in NTSTATUS trick from Samba4Volker Lendecke1-2/+24
Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 91878f9b6fbe5187fb7d0464008ea0abe7f11a73)
2007-10-10r17806: Make NTTIME a UINT64_S rather than a separate structure consisting ofJelmer Vernooij2-8/+6
two uint32s. (This used to be commit 3556a9c26cf7728e2435bb28e69958751e883ab9)
2007-10-10r17804: Fix a enum/int mixup found by the IRIX compiler.Volker Lendecke1-0/+1
Volker (This used to be commit 3a1cf623765cd8b6615ad317d25cebc379c762a2)
2007-10-10r17800: Start using struct timespec internally for file timesJeremy Allison1-3/+3
on the wire. This allows us to go to nsec resolution for systems that support it. It should also now be easy to add a correct "create time" (birth time) for systems that support it (*BSD). I'll be watching the build farm closely after this one for breakage :-). Jeremy. (This used to be commit 425280a1d23f97ef0b0be77462386d619f47b21d)
2007-10-10r17795: Finally track down the "ads_connect: Interrupted system call"Gerald Carter1-2/+3
error. Fix our DNS SRV lookup code to deal with multi-homed hosts. We were noly remembering one IP address per host from the Additional records section in the SRV response which could have been an unreachable address. (This used to be commit 899179d2b9fba13cc6f4dab6efc3c22e44e062bc)
2007-10-10r17723: * BUG 3969: Fix unsigned time comparison with expiration policy from ↵Gerald Carter1-0/+8
AD DC * Merge patches from SLES10 to make sure we talk to the correct winbindd process when performing pam_auth (and pull the password policy info). (This used to be commit 43bd8c00abb38eb23a1497a255d194fb1bbffffb)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-1/+1
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17625: Fix the buildVolker Lendecke1-1/+1
(This used to be commit 76ef8af881843685a5b14c9017cba32f6867bd28)
2007-10-10r17622: Add a framework for a printing backend designed to support the build ↵Volker Lendecke1-0/+4
farm. If we want to walk more printing code in the build farm I think doing that with a customized printing backend is much easier than with a set of shell scripts. Jerry, comments? Volker (This used to be commit 949cd6b992364d2bc60fd59051b6ac1c4cc4288c)
2007-10-10r17612: Modify NTLMSSP session code so that it doesn't storeJeremy Allison1-1/+2
a copy of the plaintext password, only the NT and LM hashes (all it needs). Fix smbencrypt to expose hash verions of plaintext function. Andrew Bartlett, you might want to look at this for gensec. This should make it easier for winbindd to store cached credentials without having to store plaintext passwords in an NTLM-only environment (non krb5). Jeremy. (This used to be commit 629faa530f0422755823644f1c23bea74830912f)
2007-10-10r17607: Adapt the Samba4 directory structure for tdb. Makes it easier to diff.Volker Lendecke1-3/+3
Let's see what it breaks. For me it works :-) Volker (This used to be commit 337be14b432e5dfd80c7418b2db4fe0087259b77)
2007-10-10r17554: CleanupVolker Lendecke2-8/+5
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17541: When returning a trans2 request, if the "max dataJeremy Allison1-0/+2
bytes returned" is less than the amount we want to send, return what we can and set STATUS_BUFFER_OVERFLOW (doserror ERRDOS,ERRbufferoverflow). Required by OS/2 to handle EA's that are too large. It's hard to test this in Samba4 smbtorture as the max data bytes returned is hard coded at 0xffff (as it is in the Samba3 client libraries also). I used a custom version of Samba4 smbtorture to test this out. Might add a "max data bytes" param to make this testable in the build farm. Confirmed by "Guenter Kukkukk (sambaos2)" <sambaos2@kukkukk.com> and Andreas Taegener <atsamba11@eideltown.de> that this fixes the issue. Jeremy. (This used to be commit ff2f1202b76991a404dae8df17c36f8135c8dc51)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke1-3/+0
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r17457: Add a test to do some operations on group mapping.Volker Lendecke1-0/+5
Volker (This used to be commit 68db058fdf508d5b4d38731ece21f5d92feca00c)
2007-10-10r17454: Adding dfs_EnumEx for rpcclient (Samba4 IDL to follow).Günther Deschner1-1/+12
Guenther (This used to be commit 8c1198c1592e7c07904b448ed7a54b9b23c941df)
2007-10-10r17453: Fix msdfs RPC management (this broke with the autogenerated dfs rpcs).Günther Deschner2-2/+1
* Remove "unknown" from dfs_Enum (samba4 dfs IDL updates to follow). * When encountering an unsupported infolevel the rpc server must reply with a dfs_info_0 structure and WERR_OK (observed from w2k3 when talking to nt4). Guenther (This used to be commit f9bef1f08f7d2a4c95c28329ac73e8646f033998)
2007-10-10r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as anVolker Lendecke1-2/+3
argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
2007-10-10r17346: Add optimisation vl needs for the cluster code whereJeremy Allison1-0/+1
we don't get the chainlock when getting the byte range lock record read-only. Jeremy. (This used to be commit fcd798ca0c1b76adb2bcda4a99c40c7aacb0addb)
2007-10-10r17316: More C++ warnings -- 456 leftVolker Lendecke1-1/+1
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2007-10-10r17314: Optimisation for POSIX locking. If we're downgradingJeremy Allison1-2/+6
a POSIX lock (applying a read-lock) and we overlap pending read locks then send them an unlock message, we may have allowed them to proceed. Jeremy. (This used to be commit a7a0b6ba50f4cf7c5a0a29809fdff9e1266a29e7)
2007-10-10r17216: From Kai Blin <kai.blin@gmail.com>:Andrew Bartlett1-0/+4
A patch to make ntlm_auth recognize three new commands in ntlmssp-client-1 and squid-2.5-ntlmssp: The commands are the following: Command: SF <hex number> Reply: OK Description: Takes feature request flags similar to samba4's gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY, NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same values as the corresponding GENSEC_FEATURE_* flags in samba4. Command: GF Reply: GF <hex number> Description: Returns the negotiated flags. Command: GK Reply: GK <base64 encoded session key> Description: Returns the negotiated session key. (These commands assist a wine project to use ntlm_auth for signing and sealing of bulk data). Andrew Bartlett (This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
2007-10-10r17191: Forgotten file, sorry!Volker Lendecke1-0/+1
(This used to be commit 32fbf66a4be3d1cc0251f00e54020bf2dbd0dfb0)
2007-10-10r17179: Merge the vl-posixacls tmp branch into mainline. ItJim McDonough1-230/+20
modularizes our interface into the special posix API used on the system. Without this patch the specific API flavor is determined at compile time, something which severely limits usability on systems with more than one file system. Our first targets are AIX with its JFS and JFS2 APIs, at a later stage also GPFS. But it's certainly not limited to IBM stuff, this abstraction is also necessary for anything that copes with NFSv4 ACLs. For this we will check in handling very soon. Major contributions can be found in the copyright notices as well as the checkin log of the vl-posixacls branch. The final merge to 3_0 post-3.0.23 was done by Peter Somogyi <psomogyi@gamax.hu> (This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53)
2007-10-10r17177: Get rid of a global variable by adding a private data pointer toVolker Lendecke1-6/+0
share_mode_forall(). Volker (This used to be commit f97f6cedffdc4d10afcac90a163b93a801acf514)
2007-10-10r17146: Starting to cleanout my local tree someGerald Carter1-0/+7
* add code to lookup NS records (in prep for later coe that does DNS updates as part of the net ads join) (This used to be commit 36d4970646638a2719ebb05a091c951183535987)
2007-10-10r17107: Make the 200 ms timeout value tunable in local.h...Jeremy Allison1-0/+3
Might need to be a parameter ? Jeremy. (This used to be commit 98d8d9399bb287319578daaf2a2fb42f3c48f858)
2007-10-10r17098: Samba3 now cleanly passes Samba4 RAW-LOCK tortureJeremy Allison4-3/+6
test. Phew - that was painful :-). But what it means is that we now implement lock cancels and I can add lock cancels into POSIX lock handling which will fix the fast/slow system call issue with cifsfs ! Jeremy. (This used to be commit f1a9cf075b87c76c032d19da0168424c90f6cb3c)
2007-10-10r17039: Eliminate snum from enumshares and getshareinfo. Get rid of some ↵Volker Lendecke1-0/+4
pstrings. Volker (This used to be commit c5e393d5eda4e13a844171d9ff319d1f1bac3d84)
2007-10-10r16952: New derive DES salt code and Krb5 keytab generationGerald Carter1-0/+7
Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)