| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Finally remove the distinction between 'krb5' and 'ms_krb5'. We now
don't do kerberos stuff twice on failure. The solution to this is
slightly more general than perhaps was really required (as this is a
special case), but it works, and I'm happy with the cleanup I achived
in the process. All modules have been updated to supply a
NULL-terminated list of OIDs.
In that process, SPNEGO code has been generalised, as I realised that
two of the functions should have been identical in behaviour.
Over in the actual modules, I have worked to remove the 'kinit' code
from gensec_krb5, and placed it in kerberos/kerberos_util.c.
The GSSAPI module has been extended to use this, so no longer requires
a manual kinit at the command line. It will soon loose the
requirement for a on-disk keytab too.
The general kerberos code has also been updated to move from
error_message() to our routine which gets the Heimdal error string
(which may be much more useful) when available.
Andrew Bartlett
(This used to be commit 0101728d8e2ed9419eb31fe95047944a718ba135)
|
|
support, and
filling in some of the returned parameters is quite rough, but it seems to work OK
(This used to be commit e564e3e596915414fad07c94f7ea8a0d9c3a1140)
|
|
(This used to be commit e51e0dffa8f8bff9bd1535751e805b548b6c6d7f)
|
|
rafal
(This used to be commit 3389cfb1354532aad4245b281a5637b58802a276)
|
|
This brings in a compatability layer for Samba3 in Samba4 - where we
will start to define file formats and similar details.
The 'net samdump' command uses 'password server = ' for now, and
performs a similar task to Samba3's 'net rpc samsync'.
Andrew Bartlett
(This used to be commit 550f17f9924fe783917318753de7d1a388423908)
|
|
We need to pass the 'secure channel type' to the NETLOGON layer, which
must match the account type.
(Yes, jelmer objects to this inclusion of the kitchen sink ;-)
Andrew Bartlett
(This used to be commit 8ee208a926d2b15fdc42753b1f9ee586564c6248)
|
|
Andrew Bartlett
(This used to be commit 106047032fe269f02c8ef71937e9d2e4ae0a4eb7)
|
|
with talloc() for the NTLMSSP system.
Andrew Bartlett
(This used to be commit 7a93ac49c28d433ccf0f077294f473fe728b9995)
|
|
want it to hang around not commited.
rafal
(This used to be commit 98d98b9bc7437e744e1e730fa8005b43fb1b672b)
|
|
rafal
(This used to be commit 3752122550dcdd1d954c602a28f4b6ad26fe3a0e)
|
|
- qfsinfo (query file system information)
- appendacl (append an ACL to existing file's security descriptor and get new
full ACL)
The second one also includes an improvement to security descriptor handling
which allows to copy security descriptor. Written by Peter Novodvorsky
<peter.novodvorsky@ru.ibm.com>
Both functions have corresponding torture tests added. Tested under valgrind and
work against Samba 4 and Windows XP.
ToDo: document composite call creation process in prog_guide.txt
(This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
|
|
parsing incoming netlogon requests. No replies are sent yet.
(This used to be commit 3b34df6a674cd2aeddc354cdadae3f0e1c000d45)
|
|
(This used to be commit 47e1452da08d06b0b9f15545b3b2b0631f15bac2)
|
|
a handle as parameter,
EnumPorts
EnumPrinterDrivers
EnumMonitors
EnumPrintProcessors
EnumPrinters
we now do cross checks between the different info levels
and sore the results in a global context,
so that we later can add cross checks between the different object types
- add idl for EnumMonitors and EnumPrintProcessors
metze
(This used to be commit 92a3721bc7a28d521090b10eb3b1eed089036432)
|
|
metze
(This used to be commit 3e6ec811288d74921bf3e393213e75d928156772)
|
|
metze
(This used to be commit 1084ad4bfce6bc20537f5bfccb5a25b60f503b32)
|
|
in his comments to new rpc composite code.
rafal
(This used to be commit 1294db747e8c894d1c773b1fd028e7ae6deabc2c)
|
|
for the spoolss_Enum* functions
metze
(This used to be commit bfcc86e706cf32672323eda939e5def6694509a8)
|
|
wrepl_pull_names() functions, with reasonable
parameters, so callers don't need to deal directly with wins replication packet structures
- converted the NBT-WINSREPLICATION torture test to use the new APIs
(This used to be commit cec1672662b7e5b1bdf843e9dee317aa4b03f719)
|
|
- added a new IDL type "udlongr", which is like udlong, but with the
two uint32 halves reversed
- modified the winsrepl.idl to cope with a wider range of packets
(This used to be commit bc8d60c918f2e268d591aac464fc6a78c38a4cf9)
|
|
(This used to be commit 2899d289455d373409c2aadc3dbefd96ea1c91b8)
|
|
test, but doesn't yet
do secure server WACK responses
- added a ldap_string_to_time() function, for converting a LDAP
formatted time to a time_t
(This used to be commit 9aa3313b3f93e47e3f93028e072f6a23b3c22385)
|
|
(This used to be commit 196c45b834c39f293b9533cec5cfe5a77382d4e2)
|
|
(This used to be commit 826baec7b348814a7bbdcdbec8c8526514f25da1)
|
|
decide to reinstate the mutex code for the threads process model, I'd
like to do it a little differently. At least this gets it out of
includes.h for now.
(This used to be commit cfee0fb02e10add22b6c436bdfa95d1a8f5f3def)
|
|
(This used to be commit 0df3fdd8178085c40f9cd776cc3e1486ca559c8e)
|
|
refresh, release and query)
- change the iface_n_*() functions to return a "const char *" instead of a "struct ipv4_addr"
I think that in general we should move towards "const char *" for
all IP addresses, as this makes IPv6 much easier, and is also easier
to debug. Andrew, when you get a chance, could you fix some of the
auth code to use strings for IPs ?
- return a NTSTATUS error on bad name queries and node status instead
of using rcode. This makes the calling code simpler.
- added low level name release code in libcli/nbt/
- use a real IP in the register and wins nbt torture tests, as w2k3
WINS server silently rejects some operations that don't come from the
IP being used (eg. it says "yes" to a release, but does not in fact
release the name)
(This used to be commit bb1ab11d8e0ea0bd9ae34aebeb565d36fe4b495f)
|
|
name registrations
- fixed a bug in the send queue handling on timeouts
- added support for handling unexpected replies (replies to the wrong
port) at the nbtsocket layer
- added separate layer 2 code for wins refresh and wins registration
(This used to be commit 2502b02898407e3262c09a5a4aa573c5f87b8f5f)
|
|
(This used to be commit a4d44d4a9d7cf51a9a4e47dce8e603ba22324d99)
|
|
metze
(This used to be commit c5a24792db61b688f23cf7d2509993049cad4a75)
|
|
rename the core structure to composite_context and the wait routine to
composite_wait() (suggestion from metze)
(This used to be commit cf11d05e35179c2c3e51c5ab370cd0a3fb15f24a)
|
|
reporting any
name conflicts
(This used to be commit 69e6a1cd4bac665debb10601d1a3ddc0ae86e779)
|
|
broadcast name registration demands per name per interface at 1 second
intervals, then send a name overwrite request and demand. Any name
conflict replies are reported.
(This used to be commit d656fba6f1a2e9d8c03893741327e5fb59c5271e)
|
|
names on the network and answers name queries. Lots of details are
still missing, but at least this now means you don't need a Samba3
nmbd to use Samba4.
missing pieces include:
- name registrations should be "shout 3 times, then demand"
- no WINS server yet
- no master browser code
(This used to be commit d7d31fdc6670f026f96b50e51a4de19f0b920e5b)
|
|
the packets it receives, but it at least shows how the server
structure will work.
To implement it I extended the libcli/nbt/ library to allow for an
incoming packet handler to be registered. That allows the nbt client
library to be used for low level processing of the nbtd server packets.
Other changes:
- made the socket library always set SO_REUSEADDR when binding to an
interface, to ensure that restarts of a server don't have to wait
for a couple of minutes.
- made the nbt port configurable. Defaults to 137, but other ports
will be useful for testing.
(This used to be commit 2fedca6adfd4df9e85cc86896dfa79630777a917)
|
|
themselves are run as a single process, but run as a child of the
main process when smbd is run in the standard model, and run as part
of the main process when in the single mode.
- rewrote the winbind template code to use the new task services. Also
fixed the packet queueing
- got rid of event_context_merge() as it is no longer needed
(This used to be commit 339964a596689278d2138cff05d7d444798a3504)
|
|
servers in smbd. The old code still contained a fairly bit of legacy
from the time when smbd was only handling SMB connection. The new code
gets rid of all of the smb_server specific code in smbd/, and creates
a much simpler infrastructures for new server code.
Major changes include:
- simplified the process model code a lot.
- got rid of the top level server and service structures
completely. The top level context is now the event_context. This
got rid of service.h and server.h completely (they were the most
confusing parts of the old code)
- added service_stream.[ch] for the helper functions that are
specific to stream type services (services that handle streams, and
use a logically separate process per connection)
- got rid of the builtin idle_handler code in the service logic, as
none of the servers were using it, and it can easily be handled by
a server in future by adding its own timed_event to the event
context.
- fixed some major memory leaks in the rpc server code.
- added registration of servers, rather than hard coding our list of
possible servers. This allows for servers as modules in the future.
- temporarily disabled the winbind code until I add the helper
functions for that type of server
- added error checking on service startup. If a configured server
fails to startup then smbd doesn't startup.
- cleaned up the command line handling in smbd, removing unused options
(This used to be commit cf6a46c3cbde7b1eb1b86bd3882b953a2de3a42e)
|
|
server and
loads a file. Needs a smb url parsing wrapper.
Volker
(This used to be commit fa435bf7c878d4a5beb6afb2ed6e2990abc11e82)
|
|
- structures defined using IDL in nbt.idl
- build around our events structure, and talloc
- fully async
- supports all NBT packet fields as per rfc1002
- easy interfaces for name query and status
For the moment there are just a couple of test functions in
namequery.c, test_name_query() and test_name_status(). These will be
removed when we hook the new library into libcli/ fully
The new library will also be a fairly good basis for a nbt
server. Although it can't be a server as-is, I wrote it with the needs
of a server in mind (for example, extremely scalable idtree based
packet handling)
(This used to be commit ae7e625bfa4b4a3ee32c64566064b6a4c84ee4b9)
|
|
encapsulates all the different session setup methods, including the
multi-pass spnego code.
I have hooked this into all the places that previously used the
RAW_SESSSETUP_GENERIC method, and have removed the old
RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice
side effect is that these two modules are now very simple again, back
to being "raw" session setup handling, which was what was originally
intended.
I have also used this to replace the session setup code in the
smb_composite_connect() code, and used that to build a very simple
replacement for smbcli_tree_full_connection().
As a result, smbclient, smbtorture and all our other SMB connection
code now goes via these composite async functions. That should give
them a good workout!
(This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
|
|
interface to a complete SMB connection setup. Internally it does:
- socket connection
- session request (if needed)
- negprot
- session setup
- tcon
This is the first example of a composite function that builds on other
composite components (the socket connection is a composite function,
which is used as a building block for this function). I think this
will be quite common in composite functions in the future, building up
ever more complex composite functions from smaller building blocks,
while hiding the details from the caller.
There are two things missing from this now. The first is async name
resolution routines (wins, bcast, DNS etc), and the second is that
this code currently only does a NT1 style session setup. I'll work on
adding spnego and old style session setup support next.
(This used to be commit 6bc9e17f5c5236f662c7c8f308d03e6d97379b23)
|
|
Andrew Bartlett
(This used to be commit e5e4dd0d3499e0c63cddd5669cf2875cee7d4e3f)
|
|
(This used to be commit 041bf4ee7de6026b032e5b4455e092a1ef3b8ee4)
|
|
suite a little
(This used to be commit ef4dbc443dbdebc4160209ed3f23cbb97109c414)
|
|
which combineds ntcreatex, readx and close into a single call that
behaves just like a normal libcli async call.
(This used to be commit 516f68fb054f0717f0429e031aa820776ecc6597)
|
|
Andrew Bartlett
(This used to be commit a3f3553cbe3cc8c8b39704b7735277e36ca709a0)
|
|
- move some structs out of misc.idl
metze
(This used to be commit b6543a6e3057b5588ec50a2ebf6c7c932209efe6)
|
|
one pipe
this stage does the following:
- simplifies the dcerpc_handle handling, and all the callers of it
- split out the context_id depenent state into a linked list of established contexts
- fixed some talloc handling in several rpc servers that i noticed while doing the above
(This used to be commit fde042b3fc609c94e2c7eedcdd72ecdf489cf63b)
|
|
doesn't need to
use function pointers anymore
- make the module init much easier
- a lot of cleanups
don't try to read the diff in auth/ better read the new files
it passes test_echo.sh and test_rpc.sh
abartlet: please fix spelling fixes
metze
(This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
|
|
metze
(This used to be commit 5861657fd12aae026c06ab8c6ae1f1656d06d0a1)
|
