summaryrefslogtreecommitdiff
path: root/source4/libcli/composite
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12116: got rid of composite_trigger_done() and composite_trigger_error(), andAndrew Tridgell2-34/+33
instead make the normal composite_done() and composite_error() functions automatically trigger a delayed callback if the caller has had no opportunity to setup a async callback this removes one of the common mistakes in writing a composite function (This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
2007-10-10r12079: Fix to the comment for sake of completness...Rafal Szczesniak1-1/+1
rafal (This used to be commit 7aa40e3a3ff7a655c5ed8ee67c55af92193815f1)
2007-10-10r11971: add nbt specific continue wrapperStefan Metzmacher1-0/+11
metze (This used to be commit b8c5978df18b98db89069e02597d483f893e39ae)
2007-10-10r11885: Add forgotten filesVolker Lendecke1-0/+9
(This used to be commit 470cc5952981c3625c7e35f44c9fd41d19593396)
2007-10-10r11095: Implement wb_getuserdomgroups.Volker Lendecke1-0/+7
Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker (This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke1-21/+21
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-1/+73
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10635: Formatting for better readability.Rafal Szczesniak1-4/+4
rafal (This used to be commit 7b3a4096b5922e4a98ea0a74c0b92bc10d18cddd)
2007-10-10r10537: - we now use a much nicer way to handle talloc_free(timed_event)Stefan Metzmacher1-6/+0
the events code replaces a destructor to one that returns allways -1 while it's calling the event handler - we don't need the composite and winsrepl specific fixes any more - this also fixes the problem with smbcli, dcerpc, cldap, ldap and nbt request timeouts metze (This used to be commit 495996cfc49a1c6eefde6ff04fc75e0739be3aab)
2007-10-10r10529: fix a crash bug in full async code the uses the ↵Stefan Metzmacher1-0/+6
composite_trigger_done() code the event subsystem wants to free timed_events! metze (This used to be commit dc5d5953b60662b895ad148525e84d82882d62a8)
2007-10-10r10504: - seperate implementation specific stuff, from the generic compositeStefan Metzmacher10-2307/+17
stuff. - don't use SMBCLI_REQUEST_* state's in the genreic composite stuff - move monitor_fn to libnet. NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR state in the _send() function. I haven't fixed this bugs in this commit! We may need some composite_trigger_*() functions or so. And maybe some other generic helper functions... metze (This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
2007-10-10r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.Andrew Bartlett1-4/+6
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
2007-10-10r10200: added a composite_trigger_done() call that allows a composite functionAndrew Tridgell2-11/+27
to cause an event to happen immediately. This allows metzes patch for recognising IPs in resolve_name() to work, and also allows us to remove some of the other code where we currently do specific checks for is_ipaddress(). (This used to be commit 9cc000d868e1257ef6429f6f6f1f9d3c28ca330f)
2007-10-10r9728: A *major* update to the credentials system, to incorporate theAndrew Bartlett1-2/+2
Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10r9505: Work on GENSEC and the code that calls it, for tighter interfaceAndrew Bartlett2-55/+95
requirements, and for better error reporting. In particular, the composite session setup (extended security/SPNEGO) code now returns errors, rather than NT_STATUS_NO_MEMORY. This is seen particularly when GENSEC fails to start. The tighter interface rules apply to NTLMSSP, which must be called exactly the right number of times. This is to match some of our other less-tested modules, where adding flexablity is harder. (and this is security code, so let's just get it right). As such, the DCE/RPC and LDAP clients have been updated. Andrew Bartlett (This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
2007-10-10r9223: Rename smb_raw_session_setup() to smb_raw_sesssetup().Tim Potter1-5/+5
(This used to be commit 5e6d330e7388e47e1b2bfc96fff07682e90f63a5)
2007-10-10r9222: Rename smb_tree_connect() to smb_raw_tcon() to match other raw functionTim Potter1-2/+2
names. (This used to be commit 26b191b3c9529b2dae5d004819dab46657064408)
2007-10-10r8788: New monitor messages.Rafal Szczesniak1-0/+2
rafal (This used to be commit 40061d7bd66be702d92c80da2c5f955b640eda22)
2007-10-10r8776: fixed SMB connections for IP addresses, even when name resolve orderAndrew Tridgell1-4/+11
doesn't include 'host' (This used to be commit 77a1e3076a8d5c711fc96a69dd1a58c00d1f9604)
2007-10-10r8760: Rework monitor messaging code a bit, as Metze once suggested.Rafal Szczesniak1-26/+11
enum type has now been replaced with unsigned 32-bit field and message data is passed as void pointer. This allows various extension implementers to plug their monitor messages in more easily. rafal (This used to be commit 4a6ab58133a59d3da3209b3e46c2a8cf848d25e7)
2007-10-10r8699: removed invalid commentAndrew Bartlett1-2/+0
(This used to be commit f5910ceef5e1ec3fe40b4589e919fe502593b582)
2007-10-10r7814: Propagate the change in resolve_name_send function.Rafal Szczesniak1-1/+1
(This used to be commit 7abd634701e2f07ad0497cdbb41467b8911369c7)
2007-10-10r7757: Add NTLMv2 support to the NT1 Session setup (ie, not SPNEGO/NTLMSSP)Andrew Bartlett1-32/+58
Session Setup code. Add a mem_ctx argument to a few of the NTLMv2 support functions, and add smb.conf options to control client NTLMv2 behaviour. Andrew Bartlett (This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
2007-10-10r7736: Propagate change in resolve_name function. Let's use default methodsRafal Szczesniak1-1/+1
in this case. rafal (This used to be commit b0bae584a4936845732d68aa7d2ccce4411dd1d7)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell2-3/+4
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7435: Another little step, sorry for the spam... :-)Volker Lendecke1-2/+2
(This used to be commit 96d9b7fc988405a0d771b778e95a9f60b1efe514)
2007-10-10r7433: Another little AIX one...Volker Lendecke1-1/+1
(This used to be commit c1ccaa0cc9de9c8f781162674bc73ca0ff88fedd)
2007-10-10r7430: Next step in AIX buildVolker Lendecke1-2/+2
(This used to be commit 43e1bd870d9d7ca67e0ce1d2d1a1589aad41d770)
2007-10-10r6933: Add a couple of helper functions for creating nbt names.Tim Potter1-6/+2
(This used to be commit b896daf11c3efb1b3ca939575da9dab82b395777)
2007-10-10r6708: Another type of monitor message.Rafal Szczesniak1-0/+5
rafal (This used to be commit f7aaa0bfcae7fd4518256a703ad237693ff0c295)
2007-10-10r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 77b67da5b8187951ba8c25af85bbf716cf5b3561)
2007-10-10r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d7f1daaf2a521864994e06b013c36287f27a129)
2007-10-10r6614: Basic approach to monitoring messages for composite functions.Rafal Szczesniak2-0/+53
rafal (This used to be commit 47a7a6c3fcfd1ab159a6baa71cd5c7984334fddb)
2007-10-10r6352: Two new composite calls:Alexander Bokovoy3-0/+548
- qfsinfo (query file system information) - appendacl (append an ACL to existing file's security descriptor and get new full ACL) The second one also includes an improvement to security descriptor handling which allows to copy security descriptor. Written by Peter Novodvorsky <peter.novodvorsky@ru.ibm.com> Both functions have corresponding torture tests added. Tested under valgrind and work against Samba 4 and Windows XP. ToDo: document composite call creation process in prog_guide.txt (This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
2007-10-10r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in theAndrew Bartlett1-4/+0
client. The issue was actually a cut-and-paste bug, I was filling in the .old not the .nt1 part of the union. I've also removed the 'error checks' - I'll shortly document the API for the credentials code to clarify that it will always return a pointer here, except in cases of programmer error. Tridge: I hope this is OK. Andrew Bartlett (This used to be commit 6439de9ec8c8d24197ea69dc337473e54c8b36b8)
2007-10-10r6074: fixed non-spnego connections for new credentials codeAndrew Tridgell1-1/+5
(This used to be commit ff6663aac8ed475bf65d9c06d7f2447a9827898c)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett4-49/+37
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5646: state->loadfile might be NULL after allocation so this is reallyAlexander Bokovoy1-1/+1
should be NT_STATUS_HAVE_NO_MEMORY(state->loadfile) instead of NT_STATUS_NOT_OK_RETURN(status). (This used to be commit eb57a587889611bcf39d75d4e15b627f36899a53)
2007-10-10r5322: removed a whole bunch of #include lines that minimal_includes.plAndrew Tridgell1-1/+0
thinks are not needed. Now to see how this fares on the build farm :) (This used to be commit 80ffcc650c9c86141507edd8338b97814a85f868)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-0/+1
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5126: the composite code is no longer client specific or smb specific, soAndrew Tridgell7-70/+70
rename the core structure to composite_context and the wait routine to composite_wait() (suggestion from metze) (This used to be commit cf11d05e35179c2c3e51c5ab370cd0a3fb15f24a)
2007-10-10r4957: the fetchfile _recv() function was neglecting to steal the data andAndrew Tridgell1-1/+11
free the connection context. This left a whole lot of state hanging around and didn't give the memory to the caller properly (This used to be commit 3e13e1d526563d91cb2342ae68455e54eb49a9bd)
2007-10-10r4951: some of the code dealing with libcli was getting too complex trying toAndrew Tridgell1-6/+3
handle the inverted memory hierarchy that a normal session establishment gave. The inverted hierarchy came from that fact that you first establish a socket, then a transport, then a session and finally a tree. That leads to the socket being at the top of the memory hierarchy and the tree at the bottom, which makes no sense from the users point of view, as they want to be able to free the tree and have everything disappear. The core problem was that the libcli interface didn't distinguish between establishing a primary context and a secondary context. If you establish a 2nd session on a transport then you want the transport to be referenced by the session, whereas if you establish a primary session then you want the transport to be a child of the session. To fix this I have added "parent_ctx" and "primary" arguments to the libcli intialisation functions. This makes using the library much easier, and gives us a memory hierarchy that makes much more sense. I was prompted to do this by a bug in the cifs backend, which was caused by the socket not being properly torn down on a disconnect due to the inverted memory hierarchy. (This used to be commit 5e8fd5f70178992e249805c2e1ddafaf6840739b)
2007-10-10r4950: removed some excessive debugging messagesAndrew Tridgell1-8/+0
(This used to be commit 4a351901aa49090700d89274559d6dda76f06b7d)
2007-10-10r4949: First version of a fetchfile composite function which connects to a ↵Volker Lendecke2-0/+206
server and loads a file. Needs a smb url parsing wrapper. Volker (This used to be commit fa435bf7c878d4a5beb6afb2ed6e2990abc11e82)
2007-10-10r4938: allow the caller to supply an existing event_context if they want toAndrew Tridgell1-4/+5
in smb_composite_connect_send(). This makes doing parallel calls much easier. (This used to be commit 442308970c123b9fb25615673049e1c1c234a0b9)
2007-10-10r4937: simplify the connect code in the same wayAndrew Tridgell1-15/+12
(This used to be commit 347dfa47249d55c61e1e7c82d10444a71aca8a85)
2007-10-10r4936: moved to a convention where the completion function is only called inAndrew Tridgell2-24/+18
one place. This makes the code more robust, and simpler (it would have prevented the error that volker found). (This used to be commit 420b53091ee784d7891fb62d48e2f5a225b4dbf8)