Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 870af4e2f2055013424d9dbe2df2c51faa810eec)
|
|
encapsulates all the different session setup methods, including the
multi-pass spnego code.
I have hooked this into all the places that previously used the
RAW_SESSSETUP_GENERIC method, and have removed the old
RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice
side effect is that these two modules are now very simple again, back
to being "raw" session setup handling, which was what was originally
intended.
I have also used this to replace the session setup code in the
smb_composite_connect() code, and used that to build a very simple
replacement for smbcli_tree_full_connection().
As a result, smbclient, smbtorture and all our other SMB connection
code now goes via these composite async functions. That should give
them a good workout!
(This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
|
|
interface to a complete SMB connection setup. Internally it does:
- socket connection
- session request (if needed)
- negprot
- session setup
- tcon
This is the first example of a composite function that builds on other
composite components (the socket connection is a composite function,
which is used as a building block for this function). I think this
will be quite common in composite functions in the future, building up
ever more complex composite functions from smaller building blocks,
while hiding the details from the caller.
There are two things missing from this now. The first is async name
resolution routines (wins, bcast, DNS etc), and the second is that
this code currently only does a NT1 style session setup. I'll work on
adding spnego and old style session setup support next.
(This used to be commit 6bc9e17f5c5236f662c7c8f308d03e6d97379b23)
|
|
reasonable NT_STATUS values
(This used to be commit b193a9cb0c851a4ec55ad9956a815be93eea35e4)
|
|
rather than short-circuiting in the unlikely event the OS returns an
immediate success on a non-blocking connect
(This used to be commit db4380717041485e216f965103f9e803518b45c3)
|
|
- added async support to the negprot client code
- removed two unused parameters from smbcli_full_connection() code
- converted smbclient to use smbcli_full_connection() rather than
reinventing everything itself
(This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
|
|
socket connections. This was complicated by a few factors:
- it meant moving the event context from clitransport to clisocket,
so lots of structures changed
- we need to asynchronously handle connection to lists of port
numbers, not just one port number. The code internally tries each
port in the list in turn, without ever blocking
- the man page on how connect() is supposed to work asynchronously
doesn't work in practice (now why doesn't this surprise me?). The
getsockopt() for SOL_ERROR is supposed to retrieve the error, but
in fact the next (unrelated) connect() call on the same socket also
gets an error, though not the right error. To work around this I
need to tear down the whole socket between each attempted port. I
hate posix.
Note that clisocket.c still does a blocking name resolution call in
smbcli_sock_connect_byname(). That will be fixed when we add the async
NBT resolution code.
Also note that I arranged things so that every SMB connection is now
async internally, so using plain smbclient or smbtorture tests all the
async features of this new code.
(This used to be commit 468f8ebbfdbdf37c757fdc4863626aa9946a8870)
|
|
old code, so I'm just removing it, as it needs replacing anyway
(This used to be commit cae7748d675e35bfb89b81349624258bc76fac1a)
|
|
have composite functions that are not made up of functions that
operate on smbcli_request structures.
(This used to be commit 4f6055b4fb7e287a29544ff1ca4e22f698efc478)
|
|
- make use of talloc destructors
metze
(This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
|
|
suite a little
(This used to be commit ef4dbc443dbdebc4160209ed3f23cbb97109c414)
|
|
metze
(This used to be commit 9db0d19413beb4a0a0b48f4223600ff8dff33728)
|
|
which combineds ntcreatex, readx and close into a single call that
behaves just like a normal libcli async call.
(This used to be commit 516f68fb054f0717f0429e031aa820776ecc6597)
|
|
Andrew Bartlett
(This used to be commit a062ac122c402fb2cf31eb8e76f4077b1f33b8eb)
|
|
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
|
|
We really should have a seperate structure for this (the ARCFOUR
sbox), but for now, get the declaration right.
Andrew Bartlett
(This used to be commit 2e16f3a8d31954fdfe4a8832637fcd9191ecab96)
|
|
- move some structs out of misc.idl
metze
(This used to be commit b6543a6e3057b5588ec50a2ebf6c7c932209efe6)
|
|
credentials struct it maintains.
Clearly much of this will be replaced with some system to pass and
store the session_info, as that is the 'right way' to handle this.
Andrew Bartlett
(This used to be commit c6fcb33a887fbf0c0b42c3bc331df942a985128c)
|
|
token in the client (the final token in the negotiation).
Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.
Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.
Fix the RPC-MULTIBIND test consequent to this merge.
Andrew Bartlett
(This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
|
|
doesn't need to
use function pointers anymore
- make the module init much easier
- a lot of cleanups
don't try to read the diff in auth/ better read the new files
it passes test_echo.sh and test_rpc.sh
abartlet: please fix spelling fixes
metze
(This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
|
|
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
|
|
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
|
|
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
|
|
(This used to be commit f4337c988c15dc84e3cfd77b628e92a0996717ea)
|
|
Andrew Bartlett
(This used to be commit 5598cda08b46e61695b753e049288a0b498502c4)
|
|
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
|
|
talloc(ctx, 0) call.
- cleaned up some talloc usage in various files
I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
|
|
right.
Andrew Bartlett
(This used to be commit a742ea1e1221058ae6a99e317fbf18c80bc49aed)
|
|
GENSEC.
Andrew Bartlett
(This used to be commit c7acea9d5a097b51693f41de93274b857f7be0e3)
|
|
.enabled = True
on modules we know are good (and we want on be default) seems neater.
Andrew Bartlett
(This used to be commit 18850c66b7c8ac5e8caf08151dbb9b72cf93230f)
|
|
definition, not by hardcoded reference in loadparm.c
Andrew Bartlett
(This used to be commit 43558eaf7604d2bb0187e0d1ba0686935a965ad7)
|
|
I just need to fix a couple of NTLMv2 issues before we can fully pass,
and put this in test_rpc.sh, as a 'should pass' test.
Andrew Bartlett
(This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)
|
|
default at this point), and include the GSSAPI OIDs in our source, per
advice by lha that this is easier than getting the includes right.
Andrew Bartlett
(This used to be commit 9ff8b2b4d12d364084df5c95a752ce2a0546053d)
|
|
these tests out a bit, but for now it's an indicator we can use.
Andrew Bartlett
(This used to be commit 2b0605dbaee18da4ebb676fc292b324d21805ef7)
|
|
(disabled by default, set parametric option: gensec:gssapi=yes to enable).
This module backs directly onto GSSAPI, and allows us to sign and seal
GSSAPI/Krb5 connections in particular. This avoids me reinventing the
entire GSSAPI wheel.
Currently a lot of things are left as default - we will soon start
specifiying OIDs as well as passwords (it uses the keytab only at the
moment). Tested with our LDAP-* torture tests against Win2k3.
My hope is to use this module to access the new SPNEGO implementation
in Heimdal, to avoid having to standards-verify our own.
Andrew Bartlett
(This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
|
|
In developing a GSSAPI plugin for GENSEC, it became clear that the API
needed to change:
- GSSAPI exposes only a wrap() and unwrap() interface, and determines
the location of the signature itself.
- The 'have feature' API did not correctly function in the recursive
SPNEGO environment.
As such, NTLMSSP has been updated to support these methods.
The LDAP client and server have been updated to use the new wrap() and
unwrap() methods, and now pass the LDAP-* tests in our smbtorture.
(Unfortunely I still get valgrind warnings, in the code that was
previously unreachable).
Andrew Bartlett
(This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
|
|
(This used to be commit 9f0bf657aeee86d859742fb4da3a0f806e7060b6)
|
|
- Use more of the clikrb5.c wrapper calls
- Don't use the session keytab if we kinit for the user.
Andrew Bartlett
(This used to be commit e15dbee00628475d5e1c1f329a7f9b199bc36360)
|
|
metze
(This used to be commit 02861f63052c48fc85c6694ad8164cc6cc5443d4)
|
|
metze
(This used to be commit 74e65680fa9a6b8f04c6ae62ec1da49659879fb5)
|
|
(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)
|
|
and debug privileges
metze
(This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
|
|
during torture tests)
(This used to be commit b9284c16dc37bf14fceeaa694e82f36a38b0dd93)
|
|
(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
|
|
- added a test for all combinations of the inheritance ACE flags and how
they are propogated to child directories and files
(This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
|
|
Andrew Bartlett
(This used to be commit 13aa88ed65a8914000cccbecf80929db3df65037)
|
|
Andrew Bartlett
(This used to be commit 722f59c7c8d09f548d9325c6051d6687d7aa16c2)
|
|
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell
- fixed a bug in handling chained fnum in openx and ntcreatex in the server
(yes, I'm on holiday, but this bug was annoying me ....)
(This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
|
|
metze
(This used to be commit 78b2af77e9e4b97c698d6d9e680207b1df289cb4)
|
|
favor of talloc_free().
Andrew Bartlett
(This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
|