| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 1d29ad2a27d89454e5e3c4a3cf05cc5edde0208c)
|
|
(This used to be commit d2b568a1114015839ca59c6f32bde4b06ea81ef9)
|
|
(This used to be commit 0bcea45b15b08cb42d7f6fbbb3a25f73b95f362c)
|
|
packet parsing code. This simplifies the logic in the raw client
library a fair bit
(This used to be commit f8d43f1f67876360e1295d85a3c3702d1d60ed7b)
|
|
socket_wrapper
metze
(This used to be commit 6375a9a95da1eb2d5fd60b265047d98b264ff93f)
|
|
(This used to be commit f341c8b4c8e8b8096c604b5842b9b7f7c4c9653c)
|
|
(This used to be commit f0e4075db5e913d2262058bb7234c446160823d9)
|
|
possibly
support cldap and other stuff in the future.
This temporarily disables wbinfo -t, but that will come back soon.
Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3
and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION
tgs-rep error.
Volker
(This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
|
|
credentials to be NULL, where the client is requesting a CIFS style
server-first negTokenInit.
Andrew Bartlett
(This used to be commit eba652ecc89766304fdad14463072dc311693701)
|
|
determining a mechanism to use.
Currently it doesn't to fallbacks like SPNEGO does, but this could be
added (to GENSEC, not to here).
This also adds a new function to GENSEC, which returns a list of SASL
names in our preference order (currently determined by the build
system of all things...).
Also make the similar function used for OIDs in SPNEGO do the same.
This is all a very long-winded way of moving from a hard-coded NTLM to
GSS-SPNEGO in our SASL client...
Andrew Bartlett
(This used to be commit 130eb9bb9a37957614c87e0e6846a812abb51e00)
|
|
this only happens with socket_wrapper as socket_connect() returns NT_STATUS_OK
instead of NT_STATUS_MORE_PROCESSING_REQUIRED, and we missed to replace the
fde event handler...
metze
(This used to be commit f04001f28007ad6bbecdcdf0d1d5887e378d2467)
|
|
the handler calls talloc_free(wrepl_socket)
metze
(This used to be commit bf0b96f057c7f4ac39409c8710ec0cfb55d9fb04)
|
|
Andrew Bartlett
(This used to be commit 6535959fd7dfddd6bafb77a266ec3a641025f880)
|
|
(This used to be commit fed26bc4fdb47b5bd1aaa6374b09252c239bbac4)
|
|
Andrew Bartlett
(This used to be commit de83b8cd187b28ecb30550c44f9f84e373df692e)
|
|
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries.
- Writes out pkg-config files when building shared libs
- Supports automatic fallback to MERGEDOBJ (which is the default) or
OBJ_LIST (if ld -r is not supported)
Building with shared libs reduces the size of the Samba binaries from
197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging).
To build with shared libraries support enabled, run:
LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status
init functions don't get called correctly yet when using shared libs, so
you won't be able to actually run anything with success :-)
Once init functions are done, I'll look at support for loading shared
modules once again.
Based on a patch by Peter Novodvorsky (nidd on IRC).
(This used to be commit 0b54405685674a2b19a28d77aae5b1136b5a4728)
|
|
sequence, with a 2-millisecond timeout between firing the syn packets. Build
smbcli_sock_connect_send upon that.
Volker
(This used to be commit 5718df44d90d113304c5deed1e2e7f82ff9e928f)
|
|
Andrew Bartlett
(This used to be commit 3b5ef4208d8e9492fbed1b68251bc62063909854)
|
|
Support installing libraries.
Get rid of pkg-config file (will be autogenerated later on).
(This used to be commit b4745032a2c55752c527026feb221ccc3dce10c8)
|
|
properly, make
socket_connect and ldap_connect properly async.
Volker
(This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
|
|
(This used to be commit 7bc855359a82010fefa9fd1d4c719292bfc83528)
|
|
composite_connect, so in io.in.dest_host I'm setting the IP address. Gensec
does not like that as a target hostname, so if a called name is present, use
that. So we can session setup using kerberos now.
Volker
(This used to be commit c26b432c27954c8dc6ac8e702bd5e34a351d15bd)
|
|
(This used to be commit 13ebdea11532f4810d01095a54d430c36c91d826)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
Andrew Bartlett
(This used to be commit 24dbf3435277a51dd49c5e2189fc6655260eddf4)
|
|
- added nicer error display, giving a string version of the error code
(This used to be commit 5ec486bb81536b38a5f40cae7555cbcbbfa52263)
|
|
Tridge, if you have the time, you might want to look at a problem I'm having
with unix domain stream sockets. From a comment in this commit:
/* Using composite_trigger_error here causes problems with the client
* socket. Linux 2.6.8 gives me a ECONNRESET on the next read after
* writing the reply when I don't wait the 100 milliseconds. */
This is in winbind/wb_cmd_userdomgroups.c:93.
The problem I have is that I can not *immediately* send an error reply to the
client because the next receive fails. Waiting 100 milliseconds helps. It
might also be a problem with epoll(), I don't really know.
I'd appreciate if you took a brief look at this, maybe I'm doing something
wrong.
Thanks,
Volker
(This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
|
|
metze
(This used to be commit 3f7b09a3086a8b6d255bc3fc5cd8882e12f05d10)
|
|
before the bad merge
metze
(This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
|
|
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
|
|
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere
(tridge: can you review this please, (make test works)
metze
(This used to be commit a599d7a4ae881c94be2c2d908a398838549942bb)
|
|
authentication out of the various callers and into the kitchen
sink.. err, credentials subsystem.
This should ensure consistant logic, as well as get us one step closer
to security=server operation in future.
Andrew Bartlett
(This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
* rename the composite helper functions from comp_* to composite_*
* Move the lsa initialization to wb_connect_lsa.c
* Equip smb_composite_connect with a fallback_to_anonymous
The latter two simplify wb_init_domain.c quite a bit.
Volker
(This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
|
|
metze
(This used to be commit b436206c498ea166b8b9fa47638d5f8f6f4752bf)
|
|
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
|
|
(This used to be commit 48d22a991024f19eccaa63848566b311524260c8)
|
|
it in the RPC-SAMLOGON test.
Andrew Bartlett
(This used to be commit 675b7df2eedbcb7ea89c0411f76429d8e2357222)
|
|
Andrew Bartlett
(This used to be commit 6d24d8d12cdc64b180fd6277f0775e943f26e82b)
|
|
idea...
metze
(This used to be commit e7ee73a747a025a66ac6563172e51f160bc28e0a)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
used for WREPL_REPL_INFORM* messsages
- make it possible to close the connection after a request was send
used for WREPL_ASSOCIATION_STOP
- fix the torture test that tests the assoc context handling
between connections, you can issue a request and get the reply
on another connection, I think we should not implement that in our server
code, as I think it's a security hole, you can cause a windows server
to send the replies to someone another client, that doesn't wait for data,
and as there're no massage_id in the protocol the client would be confused
by a replies that doesn't belong to a query
metze
(This used to be commit dfc95de8fa7ded8ea92cafe58cf86efcc7920156)
|
|
because we can
only use a pointers to unknown types in proto.h
metze
(This used to be commit 2f46e54e1bcf43f1bee062ff9a21e646cc3676e9)
|
|
(This used to be commit b714ab64fd79d5cabc39779774fae7c3861a84da)
|
|
Andrew Bartlett
(This used to be commit 1f6fec8e6b0845ae6000eeda65641435fb18c9e3)
|
|
once, use the
first one that replies correctly.
Add a talloc context to smb_composite_connect()
Volker
(This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
|
|
(This used to be commit fd6d895ebdb201ac6afaf5c8ec84d003765cdff6)
|
|
directory now looks like the config.mk file but with different
punctuation.
The only weird bit is that it creates a proto.h file for each subsystem.
(This used to be commit 09d4abecb01fa9159243cfcb33051092f92cef3b)
|
|
of an existing socket, that is needed to handle WREPL_REPL_UPDATE
in the server, because we need to flig the connection and act as client on it
metze
(This used to be commit 131e5dfe695d427e992b840439743f880b14d82d)
|
