summaryrefslogtreecommitdiff
path: root/source4/libcli/composite
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r9505: Work on GENSEC and the code that calls it, for tighter interfaceAndrew Bartlett2-55/+95
requirements, and for better error reporting. In particular, the composite session setup (extended security/SPNEGO) code now returns errors, rather than NT_STATUS_NO_MEMORY. This is seen particularly when GENSEC fails to start. The tighter interface rules apply to NTLMSSP, which must be called exactly the right number of times. This is to match some of our other less-tested modules, where adding flexablity is harder. (and this is security code, so let's just get it right). As such, the DCE/RPC and LDAP clients have been updated. Andrew Bartlett (This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
2007-10-10r9223: Rename smb_raw_session_setup() to smb_raw_sesssetup().Tim Potter1-5/+5
(This used to be commit 5e6d330e7388e47e1b2bfc96fff07682e90f63a5)
2007-10-10r9222: Rename smb_tree_connect() to smb_raw_tcon() to match other raw functionTim Potter1-2/+2
names. (This used to be commit 26b191b3c9529b2dae5d004819dab46657064408)
2007-10-10r8788: New monitor messages.Rafal Szczesniak1-0/+2
rafal (This used to be commit 40061d7bd66be702d92c80da2c5f955b640eda22)
2007-10-10r8776: fixed SMB connections for IP addresses, even when name resolve orderAndrew Tridgell1-4/+11
doesn't include 'host' (This used to be commit 77a1e3076a8d5c711fc96a69dd1a58c00d1f9604)
2007-10-10r8760: Rework monitor messaging code a bit, as Metze once suggested.Rafal Szczesniak1-26/+11
enum type has now been replaced with unsigned 32-bit field and message data is passed as void pointer. This allows various extension implementers to plug their monitor messages in more easily. rafal (This used to be commit 4a6ab58133a59d3da3209b3e46c2a8cf848d25e7)
2007-10-10r8699: removed invalid commentAndrew Bartlett1-2/+0
(This used to be commit f5910ceef5e1ec3fe40b4589e919fe502593b582)
2007-10-10r7814: Propagate the change in resolve_name_send function.Rafal Szczesniak1-1/+1
(This used to be commit 7abd634701e2f07ad0497cdbb41467b8911369c7)
2007-10-10r7757: Add NTLMv2 support to the NT1 Session setup (ie, not SPNEGO/NTLMSSP)Andrew Bartlett1-32/+58
Session Setup code. Add a mem_ctx argument to a few of the NTLMv2 support functions, and add smb.conf options to control client NTLMv2 behaviour. Andrew Bartlett (This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
2007-10-10r7736: Propagate change in resolve_name function. Let's use default methodsRafal Szczesniak1-1/+1
in this case. rafal (This used to be commit b0bae584a4936845732d68aa7d2ccce4411dd1d7)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell2-3/+4
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7435: Another little step, sorry for the spam... :-)Volker Lendecke1-2/+2
(This used to be commit 96d9b7fc988405a0d771b778e95a9f60b1efe514)
2007-10-10r7433: Another little AIX one...Volker Lendecke1-1/+1
(This used to be commit c1ccaa0cc9de9c8f781162674bc73ca0ff88fedd)
2007-10-10r7430: Next step in AIX buildVolker Lendecke1-2/+2
(This used to be commit 43e1bd870d9d7ca67e0ce1d2d1a1589aad41d770)
2007-10-10r6933: Add a couple of helper functions for creating nbt names.Tim Potter1-6/+2
(This used to be commit b896daf11c3efb1b3ca939575da9dab82b395777)
2007-10-10r6708: Another type of monitor message.Rafal Szczesniak1-0/+5
rafal (This used to be commit f7aaa0bfcae7fd4518256a703ad237693ff0c295)
2007-10-10r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 77b67da5b8187951ba8c25af85bbf716cf5b3561)
2007-10-10r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d7f1daaf2a521864994e06b013c36287f27a129)
2007-10-10r6614: Basic approach to monitoring messages for composite functions.Rafal Szczesniak2-0/+53
rafal (This used to be commit 47a7a6c3fcfd1ab159a6baa71cd5c7984334fddb)
2007-10-10r6352: Two new composite calls:Alexander Bokovoy3-0/+548
- qfsinfo (query file system information) - appendacl (append an ACL to existing file's security descriptor and get new full ACL) The second one also includes an improvement to security descriptor handling which allows to copy security descriptor. Written by Peter Novodvorsky <peter.novodvorsky@ru.ibm.com> Both functions have corresponding torture tests added. Tested under valgrind and work against Samba 4 and Windows XP. ToDo: document composite call creation process in prog_guide.txt (This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
2007-10-10r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in theAndrew Bartlett1-4/+0
client. The issue was actually a cut-and-paste bug, I was filling in the .old not the .nt1 part of the union. I've also removed the 'error checks' - I'll shortly document the API for the credentials code to clarify that it will always return a pointer here, except in cases of programmer error. Tridge: I hope this is OK. Andrew Bartlett (This used to be commit 6439de9ec8c8d24197ea69dc337473e54c8b36b8)
2007-10-10r6074: fixed non-spnego connections for new credentials codeAndrew Tridgell1-1/+5
(This used to be commit ff6663aac8ed475bf65d9c06d7f2447a9827898c)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett4-49/+37
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r5646: state->loadfile might be NULL after allocation so this is reallyAlexander Bokovoy1-1/+1
should be NT_STATUS_HAVE_NO_MEMORY(state->loadfile) instead of NT_STATUS_NOT_OK_RETURN(status). (This used to be commit eb57a587889611bcf39d75d4e15b627f36899a53)
2007-10-10r5322: removed a whole bunch of #include lines that minimal_includes.plAndrew Tridgell1-1/+0
thinks are not needed. Now to see how this fares on the build farm :) (This used to be commit 80ffcc650c9c86141507edd8338b97814a85f868)
2007-10-10r5197: moved events code to lib/events/ (suggestion from metze)Andrew Tridgell1-1/+1
(This used to be commit 7f54c8a339f36aa43c9340be70ab7f0067593ef2)
2007-10-10r5185: make all the events data structures private to events.c. This willAndrew Tridgell1-0/+1
make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) (This used to be commit d7b4b6de51342a65bf46fce772d313f92f8d73d3)
2007-10-10r5126: the composite code is no longer client specific or smb specific, soAndrew Tridgell7-70/+70
rename the core structure to composite_context and the wait routine to composite_wait() (suggestion from metze) (This used to be commit cf11d05e35179c2c3e51c5ab370cd0a3fb15f24a)
2007-10-10r4957: the fetchfile _recv() function was neglecting to steal the data andAndrew Tridgell1-1/+11
free the connection context. This left a whole lot of state hanging around and didn't give the memory to the caller properly (This used to be commit 3e13e1d526563d91cb2342ae68455e54eb49a9bd)
2007-10-10r4951: some of the code dealing with libcli was getting too complex trying toAndrew Tridgell1-6/+3
handle the inverted memory hierarchy that a normal session establishment gave. The inverted hierarchy came from that fact that you first establish a socket, then a transport, then a session and finally a tree. That leads to the socket being at the top of the memory hierarchy and the tree at the bottom, which makes no sense from the users point of view, as they want to be able to free the tree and have everything disappear. The core problem was that the libcli interface didn't distinguish between establishing a primary context and a secondary context. If you establish a 2nd session on a transport then you want the transport to be referenced by the session, whereas if you establish a primary session then you want the transport to be a child of the session. To fix this I have added "parent_ctx" and "primary" arguments to the libcli intialisation functions. This makes using the library much easier, and gives us a memory hierarchy that makes much more sense. I was prompted to do this by a bug in the cifs backend, which was caused by the socket not being properly torn down on a disconnect due to the inverted memory hierarchy. (This used to be commit 5e8fd5f70178992e249805c2e1ddafaf6840739b)
2007-10-10r4950: removed some excessive debugging messagesAndrew Tridgell1-8/+0
(This used to be commit 4a351901aa49090700d89274559d6dda76f06b7d)
2007-10-10r4949: First version of a fetchfile composite function which connects to a ↵Volker Lendecke2-0/+206
server and loads a file. Needs a smb url parsing wrapper. Volker (This used to be commit fa435bf7c878d4a5beb6afb2ed6e2990abc11e82)
2007-10-10r4938: allow the caller to supply an existing event_context if they want toAndrew Tridgell1-4/+5
in smb_composite_connect_send(). This makes doing parallel calls much easier. (This used to be commit 442308970c123b9fb25615673049e1c1c234a0b9)
2007-10-10r4937: simplify the connect code in the same wayAndrew Tridgell1-15/+12
(This used to be commit 347dfa47249d55c61e1e7c82d10444a71aca8a85)
2007-10-10r4936: moved to a convention where the completion function is only called inAndrew Tridgell2-24/+18
one place. This makes the code more robust, and simpler (it would have prevented the error that volker found). (This used to be commit 420b53091ee784d7891fb62d48e2f5a225b4dbf8)
2007-10-10r4935: fixed a bug where "c->status = xxx_handler(x);" could write to c afterAndrew Tridgell3-15/+22
it is freed. The problem is that the handler might complete the request, and called the c->async.fn() async handler. That handler might free the request handle. (This used to be commit c4faceadc74e0849f6197ccbec9952f6c94f6176)
2007-10-10r4924: continue the effort to simplify and generalise the compositeAndrew Tridgell4-19/+18
interface. This patch removes the "stage" variable, which is really better suited to the backend state structures (This used to be commit 39da684ea8bc72d7a4a12c00eaad56b4f32890a9)
2007-10-10r4911: make sure we fill in the transport called name on port 445 as wellAndrew Tridgell1-6/+9
(thanks to abartlet for spotting this bug) (This used to be commit 8b653f12f21e7a8eee8e60cefb193505c2df7f8f)
2007-10-10r4891: - added a generic resolve_name() async interface in libcli/resolve/,Andrew Tridgell1-6/+41
which will eventually try all resolution methods setup in smb.conf - only resolution backend at the moment is bcast, which does a parallel broadcast to all configured network interfaces, and takes the first reply that comes in (this nicely demonstrates how to do parallel requests using the async APIs) - converted all the existing code to use the new resolve_name() api - removed all the old nmb code (yay!) (This used to be commit 239c310f255e43dd2d1c2433f666c9faaacbdce3)
2007-10-10r4795: stronget type checking in composite connect functionAndrew Tridgell1-2/+4
(This used to be commit e16f67c931ba93011d52fdf14312d12a9b09c49a)
2007-10-10r4791: used the new talloc type safety macros to make the "void *private"Andrew Tridgell4-23/+23
pointers in the composite code type safe. This is a bit of an experiement, I'd be interested in comments on whether we should use this more widely. (This used to be commit 0e1da827b380998355f75f4ef4f424802059c278)
2007-10-10r4783: got rid of another void* in the composite code. This brings us down toAndrew Tridgell5-114/+88
the minimal level I think (one private pointer for the composite function, and one private pointer for the caller) (This used to be commit 0240bf928163e32e7c69be88fe3ed4987dd18778)
2007-10-10r4782: volker quite rightly pointed out that there is too much of aAndrew Tridgell5-130/+131
proliferation of void* in the composite code. This removes two of the void* pointers from the main composite structure. (This used to be commit 5a89a5ed0fa022fb380bf72065904633270f34aa)
2007-10-10r4778: I forgot to set the session key for the spnego path. Fixed.Andrew Tridgell1-0/+1
(This used to be commit 870af4e2f2055013424d9dbe2df2c51faa810eec)
2007-10-10r4777: added a smb_composite_sesssetup() async composite function. ThisAndrew Tridgell3-65/+443
encapsulates all the different session setup methods, including the multi-pass spnego code. I have hooked this into all the places that previously used the RAW_SESSSETUP_GENERIC method, and have removed the old RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice side effect is that these two modules are now very simple again, back to being "raw" session setup handling, which was what was originally intended. I have also used this to replace the session setup code in the smb_composite_connect() code, and used that to build a very simple replacement for smbcli_tree_full_connection(). As a result, smbclient, smbtorture and all our other SMB connection code now goes via these composite async functions. That should give them a good workout! (This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
2007-10-10r4769: added a smb_composite_connect() function that provides a simple asyncAndrew Tridgell2-0/+437
interface to a complete SMB connection setup. Internally it does: - socket connection - session request (if needed) - negprot - session setup - tcon This is the first example of a composite function that builds on other composite components (the socket connection is a composite function, which is used as a building block for this function). I think this will be quite common in composite functions in the future, building up ever more complex composite functions from smaller building blocks, while hiding the details from the caller. There are two things missing from this now. The first is async name resolution routines (wins, bcast, DNS etc), and the second is that this code currently only does a NT1 style session setup. I'll work on adding spnego and old style session setup support next. (This used to be commit 6bc9e17f5c5236f662c7c8f308d03e6d97379b23)
2007-10-10r4754: tidied up the composite function infrastructure to make it easier toAndrew Tridgell4-44/+67
have composite functions that are not made up of functions that operate on smbcli_request structures. (This used to be commit 4f6055b4fb7e287a29544ff1ca4e22f698efc478)
2007-10-10r4710: added a smb_composite_savefile() function, and expanded the test ↵Andrew Tridgell4-11/+346
suite a little (This used to be commit ef4dbc443dbdebc4160209ed3f23cbb97109c414)
2007-10-10r4700: first attempt at a composite async function, smb_composite_loadfile(),Andrew Tridgell2-0/+361
which combineds ntcreatex, readx and close into a single call that behaves just like a normal libcli async call. (This used to be commit 516f68fb054f0717f0429e031aa820776ecc6597)