summaryrefslogtreecommitdiff
path: root/source4/libcli/composite
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell2-6/+4
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r22944: fix bug #4618:Stefan Metzmacher1-1/+1
rename private -> private_data metze (This used to be commit 58551f2f28fce8f1fcd04736c47ecd7458f32ea2)
2007-10-10r18243: when setting up a composite continuation, if the context has alreadyAndrew Tridgell1-0/+7
finished when we need to trigger the continuation immediately. Via a fairly complex path, this fixes the problem where all hosts in the build farm that do not have ipv6 failed a lot of the RPC tests. This happened because the dcerpc_connect() async code used a composite_continue() on a context which was already in an error state, due to the socket backend saying that ipv6 was unavailable (This used to be commit dbf935d38b6b1fea5ed00e94c9b1a518cb14768b)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-0/+2
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17317: - add a composite_create() function that allocates and initializeStefan Metzmacher2-0/+29
the composite_context structue, we should try to convert all code to use this because there're a lot of places where the we have bugs with this task... - add a composite_continue_smb2() helper We should try to hide the internals of the composite code from the users to avoid errors (and I found a lot of them... and will fix then step by step) metze (This used to be commit a16180f20246844d05996d385fcb71893e08f589)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij2-0/+4
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-0/+3
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14239: Fix indentation.Rafal Szczesniak1-15/+15
rafal (This used to be commit 7aa90f58b9beb410a188fd229c539f2315c81a38)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13840: Mark some functions as public.Jelmer Vernooij1-10/+10
(This used to be commit 9a188eb1f48a50d92a67a4fc2b3899b90074059a)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12116: got rid of composite_trigger_done() and composite_trigger_error(), andAndrew Tridgell2-34/+33
instead make the normal composite_done() and composite_error() functions automatically trigger a delayed callback if the caller has had no opportunity to setup a async callback this removes one of the common mistakes in writing a composite function (This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
2007-10-10r12079: Fix to the comment for sake of completness...Rafal Szczesniak1-1/+1
rafal (This used to be commit 7aa40e3a3ff7a655c5ed8ee67c55af92193815f1)
2007-10-10r11971: add nbt specific continue wrapperStefan Metzmacher1-0/+11
metze (This used to be commit b8c5978df18b98db89069e02597d483f893e39ae)
2007-10-10r11885: Add forgotten filesVolker Lendecke1-0/+9
(This used to be commit 470cc5952981c3625c7e35f44c9fd41d19593396)
2007-10-10r11095: Implement wb_getuserdomgroups.Volker Lendecke1-0/+7
Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker (This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke1-21/+21
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-1/+73
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10635: Formatting for better readability.Rafal Szczesniak1-4/+4
rafal (This used to be commit 7b3a4096b5922e4a98ea0a74c0b92bc10d18cddd)
2007-10-10r10537: - we now use a much nicer way to handle talloc_free(timed_event)Stefan Metzmacher1-6/+0
the events code replaces a destructor to one that returns allways -1 while it's calling the event handler - we don't need the composite and winsrepl specific fixes any more - this also fixes the problem with smbcli, dcerpc, cldap, ldap and nbt request timeouts metze (This used to be commit 495996cfc49a1c6eefde6ff04fc75e0739be3aab)
2007-10-10r10529: fix a crash bug in full async code the uses the ↵Stefan Metzmacher1-0/+6
composite_trigger_done() code the event subsystem wants to free timed_events! metze (This used to be commit dc5d5953b60662b895ad148525e84d82882d62a8)
2007-10-10r10504: - seperate implementation specific stuff, from the generic compositeStefan Metzmacher10-2307/+17
stuff. - don't use SMBCLI_REQUEST_* state's in the genreic composite stuff - move monitor_fn to libnet. NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR state in the _send() function. I haven't fixed this bugs in this commit! We may need some composite_trigger_*() functions or so. And maybe some other generic helper functions... metze (This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
2007-10-10r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.Andrew Bartlett1-4/+6
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
2007-10-10r10200: added a composite_trigger_done() call that allows a composite functionAndrew Tridgell2-11/+27
to cause an event to happen immediately. This allows metzes patch for recognising IPs in resolve_name() to work, and also allows us to remove some of the other code where we currently do specific checks for is_ipaddress(). (This used to be commit 9cc000d868e1257ef6429f6f6f1f9d3c28ca330f)
2007-10-10r9728: A *major* update to the credentials system, to incorporate theAndrew Bartlett1-2/+2
Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
2007-10-10r9505: Work on GENSEC and the code that calls it, for tighter interfaceAndrew Bartlett2-55/+95
requirements, and for better error reporting. In particular, the composite session setup (extended security/SPNEGO) code now returns errors, rather than NT_STATUS_NO_MEMORY. This is seen particularly when GENSEC fails to start. The tighter interface rules apply to NTLMSSP, which must be called exactly the right number of times. This is to match some of our other less-tested modules, where adding flexablity is harder. (and this is security code, so let's just get it right). As such, the DCE/RPC and LDAP clients have been updated. Andrew Bartlett (This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
2007-10-10r9223: Rename smb_raw_session_setup() to smb_raw_sesssetup().Tim Potter1-5/+5
(This used to be commit 5e6d330e7388e47e1b2bfc96fff07682e90f63a5)
2007-10-10r9222: Rename smb_tree_connect() to smb_raw_tcon() to match other raw functionTim Potter1-2/+2
names. (This used to be commit 26b191b3c9529b2dae5d004819dab46657064408)
2007-10-10r8788: New monitor messages.Rafal Szczesniak1-0/+2
rafal (This used to be commit 40061d7bd66be702d92c80da2c5f955b640eda22)
2007-10-10r8776: fixed SMB connections for IP addresses, even when name resolve orderAndrew Tridgell1-4/+11
doesn't include 'host' (This used to be commit 77a1e3076a8d5c711fc96a69dd1a58c00d1f9604)
2007-10-10r8760: Rework monitor messaging code a bit, as Metze once suggested.Rafal Szczesniak1-26/+11
enum type has now been replaced with unsigned 32-bit field and message data is passed as void pointer. This allows various extension implementers to plug their monitor messages in more easily. rafal (This used to be commit 4a6ab58133a59d3da3209b3e46c2a8cf848d25e7)
2007-10-10r8699: removed invalid commentAndrew Bartlett1-2/+0
(This used to be commit f5910ceef5e1ec3fe40b4589e919fe502593b582)
2007-10-10r7814: Propagate the change in resolve_name_send function.Rafal Szczesniak1-1/+1
(This used to be commit 7abd634701e2f07ad0497cdbb41467b8911369c7)
2007-10-10r7757: Add NTLMv2 support to the NT1 Session setup (ie, not SPNEGO/NTLMSSP)Andrew Bartlett1-32/+58
Session Setup code. Add a mem_ctx argument to a few of the NTLMv2 support functions, and add smb.conf options to control client NTLMv2 behaviour. Andrew Bartlett (This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
2007-10-10r7736: Propagate change in resolve_name function. Let's use default methodsRafal Szczesniak1-1/+1
in this case. rafal (This used to be commit b0bae584a4936845732d68aa7d2ccce4411dd1d7)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell2-3/+4
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7435: Another little step, sorry for the spam... :-)Volker Lendecke1-2/+2
(This used to be commit 96d9b7fc988405a0d771b778e95a9f60b1efe514)
2007-10-10r7433: Another little AIX one...Volker Lendecke1-1/+1
(This used to be commit c1ccaa0cc9de9c8f781162674bc73ca0ff88fedd)
2007-10-10r7430: Next step in AIX buildVolker Lendecke1-2/+2
(This used to be commit 43e1bd870d9d7ca67e0ce1d2d1a1589aad41d770)
2007-10-10r6933: Add a couple of helper functions for creating nbt names.Tim Potter1-6/+2
(This used to be commit b896daf11c3efb1b3ca939575da9dab82b395777)
2007-10-10r6708: Another type of monitor message.Rafal Szczesniak1-0/+5
rafal (This used to be commit f7aaa0bfcae7fd4518256a703ad237693ff0c295)
2007-10-10r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 77b67da5b8187951ba8c25af85bbf716cf5b3561)
2007-10-10r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d7f1daaf2a521864994e06b013c36287f27a129)
2007-10-10r6614: Basic approach to monitoring messages for composite functions.Rafal Szczesniak2-0/+53
rafal (This used to be commit 47a7a6c3fcfd1ab159a6baa71cd5c7984334fddb)
2007-10-10r6352: Two new composite calls:Alexander Bokovoy3-0/+548
- qfsinfo (query file system information) - appendacl (append an ACL to existing file's security descriptor and get new full ACL) The second one also includes an improvement to security descriptor handling which allows to copy security descriptor. Written by Peter Novodvorsky <peter.novodvorsky@ru.ibm.com> Both functions have corresponding torture tests added. Tested under valgrind and work against Samba 4 and Windows XP. ToDo: document composite call creation process in prog_guide.txt (This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
2007-10-10r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in theAndrew Bartlett1-4/+0
client. The issue was actually a cut-and-paste bug, I was filling in the .old not the .nt1 part of the union. I've also removed the 'error checks' - I'll shortly document the API for the credentials code to clarify that it will always return a pointer here, except in cases of programmer error. Tridge: I hope this is OK. Andrew Bartlett (This used to be commit 6439de9ec8c8d24197ea69dc337473e54c8b36b8)
2007-10-10r6074: fixed non-spnego connections for new credentials codeAndrew Tridgell1-1/+5
(This used to be commit ff6663aac8ed475bf65d9c06d7f2447a9827898c)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett4-49/+37
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5646: state->loadfile might be NULL after allocation so this is reallyAlexander Bokovoy1-1/+1
should be NT_STATUS_HAVE_NO_MEMORY(state->loadfile) instead of NT_STATUS_NOT_OK_RETURN(status). (This used to be commit eb57a587889611bcf39d75d4e15b627f36899a53)
2007-10-10r5322: removed a whole bunch of #include lines that minimal_includes.plAndrew Tridgell1-1/+0
thinks are not needed. Now to see how this fares on the build farm :) (This used to be commit 80ffcc650c9c86141507edd8338b97814a85f868)