Age | Commit message (Collapse) | Author | Files | Lines |
|
composite_connect, so in io.in.dest_host I'm setting the IP address. Gensec
does not like that as a target hostname, so if a called name is present, use
that. So we can session setup using kerberos now.
Volker
(This used to be commit c26b432c27954c8dc6ac8e702bd5e34a351d15bd)
|
|
(This used to be commit 13ebdea11532f4810d01095a54d430c36c91d826)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
Andrew Bartlett
(This used to be commit 24dbf3435277a51dd49c5e2189fc6655260eddf4)
|
|
- added nicer error display, giving a string version of the error code
(This used to be commit 5ec486bb81536b38a5f40cae7555cbcbbfa52263)
|
|
Tridge, if you have the time, you might want to look at a problem I'm having
with unix domain stream sockets. From a comment in this commit:
/* Using composite_trigger_error here causes problems with the client
* socket. Linux 2.6.8 gives me a ECONNRESET on the next read after
* writing the reply when I don't wait the 100 milliseconds. */
This is in winbind/wb_cmd_userdomgroups.c:93.
The problem I have is that I can not *immediately* send an error reply to the
client because the next receive fails. Waiting 100 milliseconds helps. It
might also be a problem with epoll(), I don't really know.
I'd appreciate if you took a brief look at this, maybe I'm doing something
wrong.
Thanks,
Volker
(This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
|
|
metze
(This used to be commit 3f7b09a3086a8b6d255bc3fc5cd8882e12f05d10)
|
|
before the bad merge
metze
(This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
|
|
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
|
|
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere
(tridge: can you review this please, (make test works)
metze
(This used to be commit a599d7a4ae881c94be2c2d908a398838549942bb)
|
|
authentication out of the various callers and into the kitchen
sink.. err, credentials subsystem.
This should ensure consistant logic, as well as get us one step closer
to security=server operation in future.
Andrew Bartlett
(This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb)
|
|
most of the changes are fixes to make all the ldb code compile without
warnings on gcc4. Unfortunately That required a lot of casts :-(
I have also added the start of an 'operational' module, which will
replace the timestamp module, plus add support for some other
operational attributes
In ldb_msg_*() I added some new utility functions to make the
operational module sane, and remove the 'ldb' argument from the
ldb_msg_add_*() functions. That argument was only needed back in the
early days of ldb when we didn't use the hierarchical talloc and thus
needed a place to get the allocation function from. Now its just a
pain to pass around everywhere.
Also added a ldb_debug_set() function that calls ldb_debug() plus sets
the result using ldb_set_errstring(). That saves on some awkward
coding in a few places.
(This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
|
|
* rename the composite helper functions from comp_* to composite_*
* Move the lsa initialization to wb_connect_lsa.c
* Equip smb_composite_connect with a fallback_to_anonymous
The latter two simplify wb_init_domain.c quite a bit.
Volker
(This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
|
|
metze
(This used to be commit b436206c498ea166b8b9fa47638d5f8f6f4752bf)
|
|
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
|
|
(This used to be commit 48d22a991024f19eccaa63848566b311524260c8)
|
|
it in the RPC-SAMLOGON test.
Andrew Bartlett
(This used to be commit 675b7df2eedbcb7ea89c0411f76429d8e2357222)
|
|
Andrew Bartlett
(This used to be commit 6d24d8d12cdc64b180fd6277f0775e943f26e82b)
|
|
idea...
metze
(This used to be commit e7ee73a747a025a66ac6563172e51f160bc28e0a)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
used for WREPL_REPL_INFORM* messsages
- make it possible to close the connection after a request was send
used for WREPL_ASSOCIATION_STOP
- fix the torture test that tests the assoc context handling
between connections, you can issue a request and get the reply
on another connection, I think we should not implement that in our server
code, as I think it's a security hole, you can cause a windows server
to send the replies to someone another client, that doesn't wait for data,
and as there're no massage_id in the protocol the client would be confused
by a replies that doesn't belong to a query
metze
(This used to be commit dfc95de8fa7ded8ea92cafe58cf86efcc7920156)
|
|
because we can
only use a pointers to unknown types in proto.h
metze
(This used to be commit 2f46e54e1bcf43f1bee062ff9a21e646cc3676e9)
|
|
(This used to be commit b714ab64fd79d5cabc39779774fae7c3861a84da)
|
|
Andrew Bartlett
(This used to be commit 1f6fec8e6b0845ae6000eeda65641435fb18c9e3)
|
|
once, use the
first one that replies correctly.
Add a talloc context to smb_composite_connect()
Volker
(This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
|
|
(This used to be commit fd6d895ebdb201ac6afaf5c8ec84d003765cdff6)
|
|
directory now looks like the config.mk file but with different
punctuation.
The only weird bit is that it creates a proto.h file for each subsystem.
(This used to be commit 09d4abecb01fa9159243cfcb33051092f92cef3b)
|
|
of an existing socket, that is needed to handle WREPL_REPL_UPDATE
in the server, because we need to flig the connection and act as client on it
metze
(This used to be commit 131e5dfe695d427e992b840439743f880b14d82d)
|
|
rafal
(This used to be commit ef29863d999089c47140bd37731c60659a200421)
|
|
rafal
(This used to be commit 7b3a4096b5922e4a98ea0a74c0b92bc10d18cddd)
|
|
- the unknown flag 0x10 seems to mean that this name was localy registered on this
currently asked server, that flag is not present in replica records
metze
(This used to be commit ba3685c41dc934692bd653f4fe9c0ee451146c40)
|
|
- add wrepl_nbt_name scalar type and do the pull/push in the ndr layer
instead of the caller
- give the flags and group_flag in the wrepl_name a meaning
metze
(This used to be commit b98efc2905e1147eb97111b46a877bdb9d8dd154)
|
|
Andrew Bartlett
(This used to be commit 0d757b169a3d521a0d228bed51aa96cf199d5c42)
|
|
then StaticLibrary()
(This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
|
|
replication :-)
metze
(This used to be commit bfd548ca10134d5a17b87a0507917721aa251223)
|
|
- when we got an unexpected READ event, we need to do a socket_recv() to find connection errors
and we need to mark the socket as dead (and remove the fde_event) to prevent,
endless loops on broken connections
tridge: we should look carefull at other protocol, to handle broken connections without spinning
metze
(This used to be commit ff1272347739696dcdf2fd191b8f47ca82c205de)
|
|
metze
(This used to be commit e753114e863ff0ea32b35ef30a6f0056cfa7c902)
|
|
tridge: I think this is correct, comments?
metze
(This used to be commit e06ca726f3df013d869d943338bc6b7a151cdd3f)
|
|
the events code replaces a destructor to one that returns allways -1
while it's calling the event handler
- we don't need the composite and winsrepl specific fixes any more
- this also fixes the problem with smbcli, dcerpc, cldap, ldap and nbt
request timeouts
metze
(This used to be commit 495996cfc49a1c6eefde6ff04fc75e0739be3aab)
|
|
metze
(This used to be commit 0983452bf8b0922f6df7af4aa16b14835d39d036)
|
|
composite_trigger_done() code
the event subsystem wants to free timed_events!
metze
(This used to be commit dc5d5953b60662b895ad148525e84d82882d62a8)
|
|
use pstring is next_token() now.
(This used to be commit a5b88bcd420eb7ae42283293541519e142be36e3)
|
|
stuff.
- don't use SMBCLI_REQUEST_* state's in the genreic composite stuff
- move monitor_fn to libnet.
NOTE: I have maybe found some bugs, in code that is dirrectly in DONE or ERROR
state in the _send() function. I haven't fixed this bugs in this
commit! We may need some composite_trigger_*() functions or so.
And maybe some other generic helper functions...
metze
(This used to be commit 4527815a0a9b96e460f301cb1f0c0b3964c166fc)
|
|
(This used to be commit 3c9c3a52e3999f15df747bbd69479896bbec3a6b)
|
|
domain and gets the DC's name via a mailslot call.
Metze, I renamed wbsrv_queue_reply to wbsrv_send_reply in accordance with
irpc_send_reply. Having _queue_ here and _send_ there is a bit confusing. And
as everything is async anyway, the semantics should not be too much of a
problem.
Volker
(This used to be commit 4637964b19c6e9f7d201b287e2d409d029fced01)
|
|
(This used to be commit 4a03773c99f81d706307d69cb14af731dc8a8783)
|
|
that are then included by include/proto.h
(This used to be commit 703ffbaaaca11f3d8781cfe9e7542fcaa626d991)
|
|
that a given set of (working) POSIX functions are available (without
prefixes to their names, etc). See lib/replace/README for a list.
Functions that behave different from their POSIX specification
(such as sys_select, sys_read, etc) have kept the sys_ prefix.
(This used to be commit 29919a71059b29fa27a49b1f5b84bb8881de65fc)
|
|
I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own
test for the moment, but I'm working on these issues :-)
This required a change to the credentials API, so that the special
case for NTLM logins using a principal was indeed handled as a
special, not general case.
Also don't set the realm from a ccache, as then it overrides --option=realm=.
Andrew Bartlett
(This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3)
|