summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r3400: - allow callers to control the flags2 field in raw packetsAndrew Tridgell2-20/+24
- added testing of the FLAGS2_READ_PERMIT_EXECUTE bit in the ntdeny tests (This used to be commit adf4a682705871186f3b77ea6d417942445fc5d3)
2007-10-10r3391: fixed some memory leaks in the schannel codeAndrew Tridgell1-14/+4
(This used to be commit eb3366d3667ddddf7ab5eae5d1fbc5de86c41072)
2007-10-10r3390: fixed schannel server side support. RPC-SCHANNEL now works against ↵Andrew Tridgell3-51/+14
Samba4. (This used to be commit 01f5c1c72d9fc8f21029adc586154b0c54f76c9e)
2007-10-10r3385: when discarding a unmatched reply print the command type to help ↵Andrew Tridgell1-1/+2
debugging (This used to be commit 91139ed8d41a1d4b99379142b3e09c6d0a8ff159)
2007-10-10r3383: avoid multi-part SMBtrans and SMBtrans2 replies until our client ↵Andrew Tridgell5-8/+20
library can handle them properly (they are difficult to do in an async fashion). By choosing trans.in.max_data to fix in the negotiated buffer size a server won't send us multi-part replies. I notice that windows seems to avoid them too :) (This used to be commit e23edf762cace35f937959c9ffbef718431a79b9)
2007-10-10r3380: - changed the default behaviour of server signing. We now have a defaultAndrew Tridgell1-0/+1
setting of "server signing = auto", which means to offer signing only if we have domain logons enabled (ie. we are a DC). This is a better match for what windows clients want, as unfortunately windows clients always use signing if it is offered, and when they use signing they not only go slower because of the signing itself, they also disable large readx/writex support, so they end up sending very small IOs for. - changed the default max xmit again, this time matching longhorn, which uses 12288. That seems to be a fairly good compromise value. (This used to be commit e63edc81716fefd58a3be25deb3b25e45471f196)
2007-10-10r3365: Fill in the user and primary group SIDs into the 'server info' beforeAndrew Bartlett1-8/+11
the session info. Andrew Bartlett (This used to be commit 5db5c30ebedca1fee8924a9416bcb94ed13af372)
2007-10-10r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to useAndrew Bartlett1-2/+5
Samba3's winbind. This is also the start of domain membership code in Samba4, as we now (partially) parse the info3, and use it like Samba3 does. Andrew Bartlett (This used to be commit c1b7303c1c7d9fb815006c3bd2af20a0010d15a8)
2007-10-10r3360: improved the deletion of tmp files. smbd now puts all tmp files in ↵Andrew Tridgell1-11/+8
var/locks/smbd.tmp/ and deletes that dir on startup. (This used to be commit 7e942e7f1bd2c293a0e6648df43a96f8b8a2a295)
2007-10-10r3358: Try to put all the basic struct dom_sid manipulation functions in oneAndrew Bartlett1-0/+57
place. (I always have trouble finding one half or the other). Andrew Bartlett (This used to be commit 224b59edba7c00ad515b4c5e3e9a886700247ad4)
2007-10-10r3357: removed the need to use TDB_CLEAR_IF_FIRST in Samba4.Andrew Tridgell1-1/+1
We found a few months ago that TDB_CLEAR_IF_FIRST is extremely inefficient for large numbers of connections, due to a fundamental limitation in the way posix byte range locking is implemented. Rather than the nasty workaround we had for Samba3, we now have a single "cleanup tmp files" function that runs when smbd starts. That deletes the tmp tdbs, so TDB_CLEAR_IF_FIRST is not needed at all. (This used to be commit ffa285bc783c775a2d53a58fb691ca339e6c76ae)
2007-10-10r3354: honor "max xmit" and "max mux" from smb.conf in our client code. ThisAndrew Tridgell3-8/+11
is important as it allows the test suite to exercise the multiple reply logic in smbd for trans2 search replies. (This used to be commit 865159016ab1e806465a55697444228fb3fa286e)
2007-10-10r3352: make smbcli_read() and smbcli_write() work with very small negotiated ↵Andrew Tridgell1-3/+2
SMB buffer sizes (This used to be commit 320ca0214d97dc6cebb00ddc98a1eb71e2b4c917)
2007-10-10r3331: Add string descriptions for a couple more WERROR'sJelmer Vernooij1-0/+10
(This used to be commit 1d374cdeb09b856449287cf12a77b23296c82a1d)
2007-10-10r3323: more warning reductionsAndrew Tridgell1-4/+0
(This used to be commit 5921587ec26e4892efc678421277e4969417d7f5)
2007-10-10r3322: fixed a bunch of warnings in the build, including one case where it ↵Andrew Tridgell7-9/+12
was a real bug (This used to be commit 02d5d0f685e44bd66aff4a007f0bf34c8f915574)
2007-10-10r3319: fixed a bug in the client library found by the new non-block testing codeAndrew Tridgell1-10/+0
(This used to be commit 1e62aa262aac1c8e3676caac7b65086d21b7a01e)
2007-10-10r3315: converted the libcli/raw/ code to use the generic socket library. ThisAndrew Tridgell2-40/+49
allows me to test with the socket:testnonblock option. It passes. (This used to be commit 7cb4bf8662825d507d8246647ffb10aa08bad794)
2007-10-10r3295: Fix for SMB signing with 56-bit DES session keys. From Nalin ↵Jeremy Allison1-2/+11
Dahyabhai <nalin@redhat.com>. Jeremy. (This used to be commit afed78f359a15809b2d9b7566e16ade294944fa9)
2007-10-10r3289: Mr. L. and Mr. B.!Stefan Metzmacher2-8/+6
can we decide to not break WinXP clients:-) metze (This used to be commit 5eb0ff78d5e68f488a439545fdaec90c28ef877a)
2007-10-10r3278: - rewrote the client side rpc connection code to use lib/socket/Andrew Tridgell2-38/+41
rather than doing everything itself. This greatly simplifies the code, although I really don't like the socket_recv() interface (it always allocates memory for you, which means an extra memcpy in this code) - fixed several bugs in the socket_ipv4.c code, in particular client side code used a non-blocking connect but didn't handle EINPROGRESS, so it had no chance of working. Also fixed the error codes, using map_nt_error_from_unix() - cleaned up and expanded map_nt_error_from_unix() - changed interpret_addr2() to not take a mem_ctx. It makes absolutely no sense to allocate a fixed size 4 byte structure like this. Dozens of places in the code were also using interpret_addr2() incorrectly (precisely because the allocation made no sense) (This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
2007-10-10r3237: - allow for readx calls larger than 64kAndrew Tridgell1-2/+2
- combine setattre and standard levels in setfileinfo, as they use the same structure (This used to be commit e9aa1f789955533aca4fe43d5d74ffa1e8d1300b)
2007-10-10r3219: Hi, Andrew B.!Volker Lendecke1-0/+2
Not sure which Samba3 you mean, but *my* one bails out with INVALID_PARAMETER... Volker (This used to be commit d91659b0370a6bd5eebd5730d304b5a2cf496594)
2007-10-10r3206: - added the reverse map for ERRbaduid to NT_STATUS_INVALID_HANDLEAndrew Tridgell1-0/+1
- force disable spnego in the RAW-CONTEXT test (it breaks the test) (This used to be commit 3f247ec21c59af92b420a3e550552b5a1f1f08e2)
2007-10-10r3197: fixed error code mapping for ENOTDIRAndrew Tridgell1-1/+1
(This used to be commit 2c852539ed089b584b721a31cd411667bb5669c7)
2007-10-10r3190: When we don't have a PAC, do a lookup in the local ldb instead.Andrew Bartlett2-30/+57
This required reworking the auth_sam code, so that it would export the 'name -> server_info' functionality. It's a bit ugly from a modular point of view, but it's what we have to do... Fix up some of the code to better use the new talloc() Andrew Bartlett (This used to be commit 18e08b4497ebabc2f31210254e145458b7c6a198)
2007-10-10r3187: This 'optional' part of the ASN.1 in SPNEGO is required by Samba3 (butAndrew Bartlett1-5/+4
not Microsoft). Unfortunetly it's harder to fix Samba3 than to make Samba4 cope... Andrew Bartlett (This used to be commit bbd52ab2641d5d6fc184235ac838ce4a022174a9)
2007-10-10r3131: - make map_nt_error_from_unix() return NT_STATUS_UNSUCCESSFUL if ↵Andrew Tridgell1-3/+3
errno is 0 - more consistent checking for system call return values in simple backend (This used to be commit 375a9a1347abf0b917cf94ea0cabcdea37d60e98)
2007-10-10r3128: Return the correct error code for a secrets/kerberos login, butAndrew Bartlett1-7/+15
skipping 'bad encryption type'. Andrew Bartlett (This used to be commit 4efb87eb03acfa888d455e4ca0aff18bda7f7ba5)
2007-10-10r3115: Bugfixes and extra debug in our kerberos verify code.Andrew Bartlett2-27/+26
Andrew Bartlett (This used to be commit 9f19aae0c0812b156054385ef77785971488e21c)
2007-10-10r3110: Fix the krb5 client and server, so that it doesn't segfault. ThereAndrew Bartlett3-49/+49
were also gensec bugs that didn't turn up until we hit error paths in the krb5 code. Andrew Bartlett (This used to be commit e08366ffeb52e8c522d3808a2af1aa0bc632b55f)
2007-10-10r3096: typoStefan Metzmacher1-1/+1
metze (This used to be commit c730d7d638875c239f0b67c1d4b25eb1fb01c5ff)
2007-10-10r3094: import all LDAP error codes from the RFC 2251Stefan Metzmacher1-5/+39
metze (This used to be commit f1d8f4bc5df5b4f284739096684c9dbc76352511)
2007-10-10r3081: several updates to ntvfs and server side async request handling inAndrew Tridgell2-18/+0
preparation for the full share modes and ntcreatex code that I am working on. highlights include: - changed the way a backend determines if it is allowed to process a request asynchronously. The previous method of looking at the send_fn caused problems when an intermediate ntvfs module disabled it, and the caller then wanted to finished processing using this function. The new method is a REQ_CONTROL_MAY_ASYNC flag in req->control_flags, which is also a bit easier to read - fixed 2 bugs in the readbraw server code. One related to trying to answer a readbraw with smb signing (which can't work, and crashed our signing code), the second related to error handling, which attempted to send a normal SMB error packet, when readbraw must send a 0 read reply (as it has no header) - added several more ntvfs_generic.c generic mapping functions. This means that backends no longer need to implement such esoteric functions as SMBwriteunlock() if they don't want to. The backend can just request the mapping layer turn it into a write followed by an unlock. This makes the backends considerably simpler as they only need to implement one style of each function for lock, read, write, open etc, rather than the full host of functions that SMB provides. A backend can still choose to implement them individually, of course, and the CIFS backend does that. - simplified the generic structures to make them identical to the principal call for several common SMB calls (such as RAW_WRITE_GENERIC now being an alias for RAW_WRITE_WRITEX). - started rewriting the pvfs_open() code in preparation for the full ntcreatex semantics. - in pvfs_open and ipc_open, initially allocate the open file structure as a child of the request, so on error we don't need to clean up. Then when we are going to succeed the open steal the pointer into the long term backend context. This makes for much simpler error handling (and fixes some bugs) - use a destructor in the ipc backend to make sure that everthing is cleaned up on receive error conditions. - switched the ipc backend to using idtree for fnum allocation - in the ntvfs_generic mapping routines, use a allocated secondary structure not a stack structure to ensure the request pointer remains valid even if the backend replies async. (This used to be commit 3457c1836c09c82956697eb21627dfa2ed37682e)
2007-10-10r3079: make code more pretty :-)Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 9c911b361c4dbb058eb48150c113c2e95b8053da)
2007-10-10r3075: Initialise (and check for intialisation) of the private pointer toAndrew Bartlett1-2/+4
ensure we don't segfault on the cleanup from an incomplete schannel bind. Andrew Bartlett (This used to be commit 173f29a1d8db111d5adb258eead5379d681d3bb2)
2007-10-10r3044: resolve the error code for WERR_DS_OBJ_NOT_FOUND to the nameStefan Metzmacher1-0/+1
metze (This used to be commit c79bbe54b400f8e088401e1d59a626cb2a37ee34)
2007-10-10r3017: nicer memory handling for event_context_merge()Andrew Tridgell1-1/+0
(This used to be commit 1cef44505e5de9b8ae5206522b624082ad2343b2)
2007-10-10r3016: - converted the events code to tallocAndrew Tridgell1-1/+1
- added the new messaging system, based on unix domain sockets. It gets over 10k messages/second on my laptop without any socket cacheing, which is better than I expected. - added a LOCAL-MESSAGING torture test (This used to be commit 3af06478da7ab34a272226d8d9ac87e0a4940cfb)
2007-10-10r3005: added talloc wrappers around tdb_open() and ldb_connect(), so that theAndrew Tridgell1-12/+14
caller doesn't have to worry about the constraint of only opening a database a single time in a process. These wrappers will ensure that only a single open is done, and will auto-close when the last instance is gone. When you are finished with a database pointer, use talloc_free() to close it. note that this code does not take account of the threads process model, and does not yet take account of symlinks or hard links to tdb files. (This used to be commit 04e1171996612ddb15f84134cadded68f0d173b2)
2007-10-10r2884: parse LDAP Control messagesStefan Metzmacher1-0/+41
metze (This used to be commit e23dcb18870450be4252a0dba3e427f73291da25)
2007-10-10r2883: set BOOL to the internal values not the wire onesStefan Metzmacher1-1/+7
metze (This used to be commit ad7b0385cfdb989d69a5c42c21fdaf8cd816999e)
2007-10-10r2861: encode and decode BindRequest/Response correctStefan Metzmacher1-69/+82
and some minor changes - make ldap_encode/decode_response maore usable metze (This used to be commit cc77baf729a56499e19a50dcb1a404a4777b36d5)
2007-10-10r2860: add gensec_have_feature() to check what feature are used in the ↵Stefan Metzmacher1-0/+15
connection metze (This used to be commit 30aa8af04498d674dbcf428a9e62df9055f53ea2)
2007-10-10r2859: It seems useful to allow the seal/unseal functions in gensec to passAndrew Bartlett1-0/+12
though to the sign/check_sig functions. Andrew Bartlett (This used to be commit 18367c4235cf16f3c2fee003153ec9b19b02aa9b)
2007-10-10r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots ↵Andrew Tridgell3-32/+29
of associated functions. The motivation for this change was to avoid having to convert to/from ucs2 strings for so many operations. Doing that was slow, used many static buffers, and was also incorrect as it didn't cope properly with unicode codepoints above 65536 (which could not be represented correctly as smb_ucs2_t chars) The two core functions that allowed this change are next_codepoint() and push_codepoint(). These functions allow you to correctly walk a arbitrary multi-byte string a character at a time without converting the whole string to ucs2. While doing this cleanup I also fixed several ucs2 string handling bugs. See the commit for details. The following code (which counts the number of occuraces of 'c' in a string) shows how to use the new interface: size_t count_chars(const char *s, char c) { size_t count = 0; while (*s) { size_t size; codepoint_t c2 = next_codepoint(s, &size); if (c2 == c) count++; s += size; } return count; } (This used to be commit 814881f0e50019196b3aa9fbe4aeadbb98172040)
2007-10-10r2853: add torture test to find the defaultNamingContext on the RootDSEStefan Metzmacher1-0/+2
try a sasl sealed CompareRequest abartlet: we need to check how SINGING only can work, it failed for me:-( metze (This used to be commit 1dabd04e265bbc1e8335f816708c2639746d9afd)
2007-10-10r2851: don't destroy the gensec context it's used for sign and sealStefan Metzmacher1-2/+3
check the result of ldap_receive() metze (This used to be commit 778cf6d92bc3c50add43b573652c2aefef65026c)
2007-10-10r2850: - check for GENSEC_WANT_SEAL in gensec_unseal_packet()Stefan Metzmacher2-2/+4
- pass functions to the subcontext in spnego metze (This used to be commit d02fab41f8261095ca8f9a819e0c25bef41b5807)
2007-10-10r2787: force masktest to use RAW_SEARCH_BOTH_DIRECTORY_INFO so it can obtain ↵Andrew Tridgell1-7/+11
the short name (This used to be commit ad5a5ea08d5be812e0ef662948477add2433bc6f)