Age | Commit message (Collapse) | Author | Files | Lines |
|
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere
(tridge: can you review this please, (make test works)
metze
(This used to be commit a599d7a4ae881c94be2c2d908a398838549942bb)
|
|
previous patch.
Andrew Bartlett
(This used to be commit 2c537d47ba99885c6462016342b1cc29df4c54c5)
|
|
(This used to be commit eaf347bdeaaddb655fe72ddb98f3a67ace795937)
|
|
(This used to be commit 295271a329586d0858b6d6b845b8ebba3d035f5f)
|
|
work yet,
but the version before did not either, so we're not worse than before.
One thing this does better is to call the domain init code if it's not there
yet.
Volker
(This used to be commit 35bcfb185b9763a3677d7ac9e748f3a3ba7d2593)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
metze
(This used to be commit b436206c498ea166b8b9fa47638d5f8f6f4752bf)
|
|
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
|
|
of the
async helpers.
Volker
(This used to be commit 10585ba4e81e979a03aec747db6fc059978fa566)
|
|
functions
start to look sane.
Question: What about providing all winbind commands as irpc interfaces that
are called from the samba3 compatibility layer? This way it would be easy for
other samba components to access its functionality. Does that make sense?
Volker
(This used to be commit 2a6b8053859ea5690f90a8d2074d2bb4f06551f8)
|
|
(This used to be commit 1afa893506f3d7157e251eec9baeba28dc011587)
|
|
(This used to be commit aa30c16de0405f43ed35a28764ef25e234f3b2a7)
|
|
used for WREPL_REPL_INFORM* messsages
- make it possible to close the connection after a request was send
used for WREPL_ASSOCIATION_STOP
- fix the torture test that tests the assoc context handling
between connections, you can issue a request and get the reply
on another connection, I think we should not implement that in our server
code, as I think it's a security hole, you can cause a windows server
to send the replies to someone another client, that doesn't wait for data,
and as there're no massage_id in the protocol the client would be confused
by a replies that doesn't belong to a query
metze
(This used to be commit dfc95de8fa7ded8ea92cafe58cf86efcc7920156)
|
|
queryinfopolicy. Idea is to get a consistency check between that and our
notion of the domain name and sid, and take the lsa pipe as the holder of the
central smbcli_tree that netlogon and samr use as well.
Volker
(This used to be commit 126c80aefc4f53c4ba79afc12d70602ef9055ddb)
|
|
Tridge, if you have time, you might want to look at the segfault I was still
seeing. Now I store the handle to the netlogon pipe in the global winbind
state and free it on the next entry into check_machacc. The problem seems to
be that talloc_free()ing a pipe struct from within a callback function on that
pipe is not possible. I think I can live with that, but it has been not really
obvious. To reproduce the segfault you might want to look at putting a
talloc_free(state->getcreds->out.netlogon) into
wbsrv_samba3_check_machacc_receive_creds. This is called from a dcerpc
callback function.
In particular if the check failed it would be nice if I could delete the pipe
directly and not post a different event to some winbind queue.
I tried to delete the pipe from a timed event triggered immediately, but this
also fails because the inner loop seems to hit the same event again, calling
it twice.
Volker
(This used to be commit 5436d7764812bb632ba865e633005ed07923b57f)
|
|
rafal
(This used to be commit b3b4059efeb7f5d2795b4bb93cf8ab95aad54c8e)
|
|
once, use the
first one that replies correctly.
Add a talloc context to smb_composite_connect()
Volker
(This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
|
|
(This used to be commit dc3dc796746de672dbf3ad0e4715e8b30ae4afb7)
|
|
of an existing socket, that is needed to handle WREPL_REPL_UPDATE
in the server, because we need to flig the connection and act as client on it
metze
(This used to be commit 131e5dfe695d427e992b840439743f880b14d82d)
|
|
for LDB); not finished yet.
(This used to be commit b405b27ba4bf4ddbaff9ca58926d94d1b2fd09f6)
|
|
(This used to be commit d2f80c0457f7404b2cac9df59a400130e9ad025f)
|
|
(This used to be commit b65c9dc607bf229f4f6f7e2112f88f5a08e9feb5)
|
|
seem to be able to handle incomplete enum types.
(This used to be commit 540155fad3c8e3d79fb631bb3f14273f82130a73)
|
|
type is always available, which means we need less #ifdefs
(This used to be commit d4af4b11ae69a63fa3b2048e6d576055d86d2bb4)
|
|
use pstring is next_token() now.
(This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
|
|
(This used to be commit 03647e1321cf6c9bd6ced3945265f635e9468973)
|
|
domain and gets the DC's name via a mailslot call.
Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with
irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And
as everything is async anyway, the semantics should not be too much of a
problem.
Volker
(This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)
|
|
that a given set of (working) POSIX functions are available (without
prefixes to their names, etc). See lib/replace/README for a list.
Functions that behave different from their POSIX specification
(such as sys_select, sys_read, etc) have kept the sys_ prefix.
(This used to be commit 29919a71059b29fa27a49b1f5b84bb8881de65fc)
|
|
- remove the echo test stuff
- abstract out the used protocol
- we have a seperate handler for the samba3 protocol now
- the backend can easy do async replies
by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call
and then call wbsrv_queue_reply() later
metze
(This used to be commit 32f3e68a569e9273b8d34fbd797c0a28494e5b6d)
|
|
Remove unused includes of dynconfig.h
(This used to be commit 59083b7ba60d518ddb59646c4fd69938afd079b3)
|
|
- use this for the send_queue's of the different stream_servers
to not redefine the same struct so often, and it maybe will be used
in other places too
metze
(This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9)
|
|
support.microsoft.com/?kbid=832572
(It inhbits the generation of a PAC).
Andrew Bartlett
(This used to be commit 330f351085089cc8f72eb350ec8b017b35e7e59c)
|
|
Add support for showing security descriptor in regshell
Add support for saving files in NT4 registry backend
(This used to be commit 47cecd4726e6568f1aafb404646d2664f630a9bb)
|
|
(This used to be commit 0ad46ef804c0654e927f9c14ea93c45f9e3c718c)
|
|
Fix handling of REG_DWORD in the LDB backend.
Fix a couple of warnings
(This used to be commit 709fdc7ebf5a77cfb50359fad978884777decc3b)
|
|
don't to be pre-declared). Also doesn't use any globals, so multiple files can be loaded at once.
Currently uses the prefix "param" for all functions and structures; suggestions for better ones are welcome...
Remove old smb.conf-parsing code from libsamba3.
(This used to be commit 414e5f7f6dc38a8fde3b61d524a664f56f9ea592)
|
|
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
|
|
More minor bugfixes
Support mapping objectclasses and do mapping on 'dn' field as well (not just msg->dn)
(This used to be commit b7b079167d5c6616f7c5c4afb7dd80c15707cfd9)
|
|
the end of structs...
(This used to be commit c2211df586337ff68bb805801959147065040c01)
|
|
tmp_highest_usn which is
higher than the real highest of the source dsa
metze
(This used to be commit e4424d2a6dc7a783e8b3af4a164f8dc801130e44)
|
|
Add userdata argument to function pointers for pm_process()
(This used to be commit 84b2fb34675fa557173621433838c5a7ec0f1283)
|
|
(This used to be commit e0a0d3f092d601a22b7549a0278735e66239b301)
|
|
(This used to be commit dd15131b5219ecf0d09329c0de37c426b9147f45)
|
|
(This used to be commit b264e9f56a434400277bb73898484aff93522fe8)
|
|
samba3 databases
(This used to be commit b91a695bd854c6d37ec536edb2db7b6f97fe69dc)
|
|
(This used to be commit 46c5cdb673b0a8c6f5e23f96ad4284b6d4f8ae63)
|
|
as it isn't needed
- parse some more DsAddEntry() errors
- add some more attid constands so that all attribute that are needed
for a DsAddEntry in the DC Domain Join are mapped
- add value() for __ndr_size, to more attribute container, so that the caller
doesn't need to fill them in, that was the reason for getting an NDR_FAULT
metze
(This used to be commit a9a1a6f861c8db626b3232f057ef0b9c3d0ad1b0)
|
|
DsAddEntry()
metze
(This used to be commit 2cbbb8ace215f56e4e9affd54027bbd74309ae3a)
|
|
this uses a trick with talloc_get_type() to workaround using [value()] vars
in [subcontext_size()]
metze
(This used to be commit 93065f2d3439bceeaa7c2a09679cc6d81472150d)
|
|
generated in winreg.h
(This used to be commit fc15e1b003a2b24dc73a6a7f2bbc45e20373dda1)
|