summaryrefslogtreecommitdiff
path: root/source4/client/client.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett1-1/+1
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett1-2/+1
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)
2007-10-10r5929: Use cli_credentials for the SMB functions as well.Jelmer Vernooij1-3/+1
Fix a couple of bugs in the new cli_credentials code (This used to be commit 4ad481cfe5cde514d2ef9646147239f3faaa6173)
2007-10-10r5928: Use cli_credentials in:Jelmer Vernooij1-4/+1
- gtk+ (returned by GtkHostBindingDialog as well now) - torture/ - librpc/ - lib/com/dcom/ (This used to be commit ccefd782335e01e8e6ecb2bcd28a4f999c53b1a6)
2007-10-10r5917: First step in using the new cli_credentials structure. This patchJelmer Vernooij1-16/+12
puts support for it into popt_common, adds a few utility functions (in lib/credentials.c) and the callback functions for the command-line (lib/cmdline/credentials.c). Comments are welcome :-) (This used to be commit 1d49b57c50fe8c2683ea23e9df41ce8ad774db98)
2007-10-10r5902: A rather large change...Andrew Bartlett1-0/+1
I wanted to add a simple 'workstation' argument to the DCERPC authenticated binding calls, but this patch kind of grew from there. With SCHANNEL, the 'workstation' name (the netbios name of the client) matters, as this is what ties the session between the NETLOGON ops and the SCHANNEL bind. This changes a lot of files, and these will again be changed when jelmer does the credentials work. I also correct some schannel IDL to distinguish between workstation names and account names. The distinction matters for domain trust accounts. Issues in handling this (issues with lifetime of talloc pointers) caused me to change the 'creds_CredentialsState' and 'struct dcerpc_binding' pointers to always be talloc()ed pointers. In the schannel DB, we now store both the domain and computername, and query on both. This should ensure we fault correctly when the domain is specified incorrectly in the SCHANNEL bind. In the RPC-SCHANNEL test, I finally fixed a bug that vl pointed out, where the comment claimed we re-used a connection, but in fact we made a new connection. This was achived by breaking apart some of the dcerpc_secondary_connection() logic. The addition of workstation handling was also propogated to NTLMSSP and GENSEC, for completeness. The RPC-SAMSYNC test has been cleaned up a little, using a loop over usernames/passwords rather than manually expanded tests. This will be expanded further (the code in #if 0 in this patch) to use a newly created user account for testing. In making this test pass test_rpc.sh, I found a bug in the RPC-ECHO server, caused by the removal of [ref] and the assoicated pointer from the IDL. This has been re-added, until the underlying pidl issues are solved. (This used to be commit 824289dcc20908ddec957a4a892a103eec2da9b9)
2007-10-10r5308: trimmed back a lot of the old macros from smb_macros.hAndrew Tridgell1-1/+1
(This used to be commit bf43c9bdcf9e654d123f6a2b29feb9189ca9e561)
2007-10-10r5302: fixed a compilation problem on solaris caused by the recent includeAndrew Tridgell1-12/+7
changes (This used to be commit e7e015f79b10c353848a17f31c91a0593790a560)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-9/+9
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4891: - added a generic resolve_name() async interface in libcli/resolve/,Andrew Tridgell1-3/+6
which will eventually try all resolution methods setup in smb.conf - only resolution backend at the moment is bcast, which does a parallel broadcast to all configured network interfaces, and takes the first reply that comes in (this nicely demonstrates how to do parallel requests using the async APIs) - converted all the existing code to use the new resolve_name() api - removed all the old nmb code (yay!) (This used to be commit 239c310f255e43dd2d1c2433f666c9faaacbdce3)
2007-10-10r4817: ccache was being made ineffective on all the build farm machinesAndrew Tridgell1-0/+1
because the version number was being auto-updated and included in all C files. With this change it is only included where needed. (This used to be commit 520cff73c6dc62ba1050cf7ca5145d50b5f2bb4e)
2007-10-10r4758: - added async support to the session request codeAndrew Tridgell1-74/+9
- added async support to the negprot client code - removed two unused parameters from smbcli_full_connection() code - converted smbclient to use smbcli_full_connection() rather than reinventing everything itself (This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell1-4/+4
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4428: use minimum open permissions in the 'acl' command in smbclient, so ↵Andrew Tridgell1-1/+8
the user is not prevented from viewing the acl by other access bits (This used to be commit 61e71782f573d0fa5b88237299df516c67405e30)
2007-10-10r4365: added command 'eainfo' to smbclient for displaying binary EA contentsAndrew Tridgell1-4/+55
(This used to be commit 268edcdb4a95240662102faef4126449f286d49d)
2007-10-10r4303: a bit more consistent help on privileges commands in smbclientAndrew Tridgell1-6/+6
(This used to be commit 2d2e9e6373be153f991ee899e9d66cd3979e309f)
2007-10-10r4207: remove "lookupname" and "lookupsid", and instead have a single ↵Andrew Tridgell1-41/+24
"lookup" command that takes a name or sid. I think in general its better to make smbclient automatically work out the type from the format (I did the same with the privileges commands) (This used to be commit bbf482e13ab973a67e9b2c0e0e40c2afff073c63)
2007-10-10r4202: added smbclient commands "addprivileges" and "delprivileges" forAndrew Tridgell1-1/+104
easily adding/removing privileges from users (This used to be commit 8764909c05c4829d1e4f7eaf8c18e8ef1e53645f)
2007-10-10r4073: - added a set of lsa helper routines to make lsa lookups that areAndrew Tridgell1-0/+110
related to filesharing. For example, in order to manipulate ACLs properly its important to be able to call LookupSids, and to be able to lookup what privileges a SID has. - added 3 new commands to smbclient "lookupname", "lookupsid" and "privileges" (This used to be commit 8780c40f0539da72652d17455e98fcaee6d197d1)
2007-10-10r4063: - change char * -> uint8_t in struct request_bufferStefan Metzmacher1-6/+8
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2) all this fixes a lot of gcc-4 warnings metze (This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell1-2/+2
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()Andrew Tridgell1-1/+1
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell1-1/+1
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-1/+1
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4013: got rid of a bunch of unused or unmaintained codeAndrew Tridgell1-62/+21
- removed the clitar code. It is unmaintained, and a horribly badly done hack - removed client.h as it contained mostly unused definitions - removed the unused clidfs.c code (This used to be commit 31a7bddbb3815b4d625e993dbce4805dae1c18f8)
2007-10-10r3971: fix compiler warningsStefan Metzmacher1-1/+1
metze (This used to be commit 234166606dc86b9e98226cff94b3869ec173671e)
2007-10-10r3830: unified the query/set security descriptor code with the rest of theAndrew Tridgell1-5/+6
queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2007-10-10r3633: - moved module init functions to after smb.conf and command lineAndrew Tridgell1-2/+2
parsing, so that module init can take account of lp_ parms (thats why gensec:krb5=no wasn't working) - added a BASE-DISCONNECT torture test that tests server response to clients disconnecting with open lock and open requests pending (This used to be commit 5205f598b8c0be6985e61cc842cc5da109ba5b7e)
2007-10-10r3586: Fix some of the issues with the module init functions.Jelmer Vernooij1-0/+1
Both subsystems and modules can now have init functions, which can be specified in .mk files (INIT_FUNCTION = ...) The build system will define : - SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal - BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on This removes the hack with the "static bool Initialised = " and the "lazy_init" functions (This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
2007-10-10r3494: got rid of include/rewrite.h, and split out the dynconfig.h headerAndrew Tridgell1-0/+1
(This used to be commit 558de54ec6432a4ae90aa14a585f32c6cd03ced2)
2007-10-10r3483: IRIX 6.4 now buildsAndrew Tridgell1-0/+1
(This used to be commit 5d1a687ce42b2ca829dc1d82d3465e79ef0ef37c)
2007-10-10r3481: split out client.h and events.hAndrew Tridgell1-8/+9
(This used to be commit c6f486574470a311e0d336c026103f131451e21e)
2007-10-10r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ↵Andrew Tridgell1-0/+1
ioctl.h) (This used to be commit b97e395c814762024336c1cf4d7c25be8da5813a)
2007-10-10r3453: - split out the auth and popt includesAndrew Tridgell1-0/+1
- tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
2007-10-10r3447: more include/system/XXX.h include filesAndrew Tridgell1-0/+2
(This used to be commit 264ce9181089922547e8f6f67116f2d7277a5105)
2007-10-10r3441: some include file cleanups and general housekeepingAndrew Tridgell1-7/+84
(This used to be commit 73ea8ee6c268371d05cf74160f2ad451dd2ae699)
2007-10-10r3428: switched to using minimal includes for the auto-generated RPC code.Andrew Tridgell1-0/+1
The thing that finally convinced me that minimal includes was worth pursuing for rpc was a compiler (tcc) that failed to build Samba due to reaching internal limits of the size of include files. Also the fact that includes.h.gch was 16MB, which really seems excessive. This patch brings it back to 12M, which is still too large, but better. Note that this patch speeds up compile times for both the pch and non-pch case. This change also includes the addition iof a "depends()" option in our IDL files, allowing you to specify that one IDL file depends on another. This capability was needed for the auto-includes generation. (This used to be commit b8f5fa8ac8e8725f3d321004f0aedf4246fc6b49)
2007-10-10r3419: moved the libcli/raw structures into libcli/raw/libcliraw.hAndrew Tridgell1-0/+2
and made them private (This used to be commit 386ac565c452ede1d74e06acb401ca9db99d3ff3)
2007-10-10r3323: more warning reductionsAndrew Tridgell1-6/+7
(This used to be commit 5921587ec26e4892efc678421277e4969417d7f5)
2007-10-10r2906: fixed a memory leak in the smbclient -L codeAndrew Tridgell1-1/+3
(This used to be commit 0181fe06b4736661871515a7e2ab0d67bc8568fe)
2007-10-10r2710: continue with the new style of providing a parent context wheneverAndrew Tridgell1-2/+2
possible to a structure creation routine. This makes for much easier global cleanup. (This used to be commit e14ee428ec357fab76a960387a9820a673786e27)
2007-10-10r2499: - use more efficient wildcard delete in smbclientAndrew Tridgell1-20/+9
- use "*.*" instead of "*" when connected to ancient servers (This used to be commit e28f2027580f31b392ecc9e115ee2eb5fc80f933)
2007-10-10r2456: got rid of some outdated global macrosAndrew Tridgell1-1/+8
(This used to be commit ea7eac5e3fb8f0db8d412a95ef4dc7889a07bc73)
2007-10-10r2433: attrib_string() is now a generally available library function (it ↵Andrew Tridgell1-40/+4
will be used by the new RAW-SEARCH test) (This used to be commit bb6bb2735eef58a135ba5cc3d64d75588a505d66)
2007-10-10r2063: Ensure the first argument to a printf() like function (talloc_init()Andrew Bartlett1-2/+2
in this case) is constant. Andrew Bartlett (This used to be commit 806ed15e605a5df1b4c243e21cd595ec2f98e3ee)
2007-10-10r2003: got rid of next_token_nr(), which involved some horrible globalsAndrew Tridgell1-89/+88
and nasy pointer tricks. this involved fixing some of the internals of smbclient (This used to be commit 126fec6169f9412932c82e7675840476132bce87)
2007-10-10r1986: Janitor for myself. Merge -r1907:1908 from SAMBA_3_0 branch.Tim Potter1-1/+1
(This used to be commit 99f7feec0ab545271f49ea3ab811eb3022aa03db)
2007-10-10r1957: add cmdline_set_* functionsStefan Metzmacher1-21/+5
and let smbclient use the cmdline _* functions metze (This used to be commit ffb87ebc33e728bf8506383f95b80605adec3c68)
2007-10-10r1941: - fixed an allocation error with querying security descriptors remotelyAndrew Tridgell1-0/+2
- print the received security_descriptor in the smbclient "acl" command - make sure we zero the alignment data in nttrans packet sends (This used to be commit 8925b8b2193905d084e1bfaaa3235ed7f9d1eb55)
2007-10-10r1913: add --version backStefan Metzmacher1-0/+1
metze (This used to be commit a1bb734009571c7a052a15507a70137ac31911ba)