summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4682: A LDB-based secrets implementation in Samba4.Andrew Bartlett1-21/+22
This uses LDB (a local secrets.ldb and the global samdb) to fill out the secrets from an LSA perspective. Some small changes to come, but the bulk of the work is now done. A re-provision is required after this change. Andrew Bartlett (This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
2007-10-10r4658: (grr, commited wrong file last time).Andrew Bartlett1-1/+1
We really should have a seperate structure for this (the ARCFOUR sbox), but for now, get the declaration right. Andrew Bartlett (This used to be commit 2e16f3a8d31954fdfe4a8832637fcd9191ecab96)
2007-10-10r4650: - make more use of bitmap and enum'sStefan Metzmacher2-2/+4
- move some structs out of misc.idl metze (This used to be commit b6543a6e3057b5588ec50a2ebf6c7c932209efe6)
2007-10-10r4641: Push a few more details into the schannel ldb, and into theAndrew Bartlett2-2/+9
credentials struct it maintains. Clearly much of this will be replaced with some system to pass and store the session_info, as that is the 'right way' to handle this. Andrew Bartlett (This used to be commit c6fcb33a887fbf0c0b42c3bc331df942a985128c)
2007-10-10r4635: Fix NTLMSSP to return NT_STATUS_OK when it has constructed the authAndrew Bartlett2-32/+34
token in the client (the final token in the negotiation). Consequential fixes in the SPNEGO code, which now uses the out.length as the indicator of 'I need to send something to the other side'. Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client. Fix the RPC-MULTIBIND test consequent to this merge. Andrew Bartlett (This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
2007-10-10r4620: - add interface functions to the auth subsystem so that callers ↵Stefan Metzmacher3-152/+108
doesn't need to use function pointers anymore - make the module init much easier - a lot of cleanups don't try to read the diff in auth/ better read the new files it passes test_echo.sh and test_rpc.sh abartlet: please fix spelling fixes metze (This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
2007-10-10r4618: - tidied up the alter_context client code a bitAndrew Tridgell1-0/+1
- there is no alter_nak or alter_ack packet, its all done in an alter_response - auto-allocated the contex_ids - tried to fix up the dcom code to work again with alter_context. Jelmer, please take a look :) (This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
2007-10-10r4616: the first phase in the addition of proper support forAndrew Tridgell1-1/+7
dcerpc_alter_context and multiple context_ids in the dcerpc client library. This stage does the following: - split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has the context dependent part. This is similar to the layering in libcli_*() for SMB - disable the current dcerpc_alter code. I've used a #warning until i get the 2nd phase finished. I don't know how portable #warning is, but it won't be long before I add full alter context support anyway, so it won't last long - cleanup the allocation of dcerpc_pipe structures. The previous code was quite awkward. (This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
2007-10-10r4591: - converted the other _p talloc functions to not need _pAndrew Tridgell7-15/+16
- added #if TALLOC_DEPRECATED around the _p functions - fixes the code that broke from the above while doing this I fixed quite a number of places that were incorrectly using the non type-safe talloc functions to use the type safe ones. Some were even doing multiplies for array allocation, which is potentially unsafe. (This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
2007-10-10r4589: forgot to commit the new NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED error codeAndrew Tridgell1-0/+1
(This used to be commit f4337c988c15dc84e3cfd77b628e92a0996717ea)
2007-10-10r4565: Make the order of the initialisation more sensible.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 5598cda08b46e61695b753e049288a0b498502c4)
2007-10-10r4549: got rid of a lot more uses of plain talloc(), instead usingAndrew Tridgell8-16/+16
talloc_size() or talloc_array_p() where appropriate. also fixed a memory leak in pvfs_copy_file() (failed to free a memory context) (This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell3-6/+6
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4531: Include the OID locally, as it seems to be hard to get the includesAndrew Bartlett1-1/+5
right. Andrew Bartlett (This used to be commit a742ea1e1221058ae6a99e317fbf18c80bc49aed)
2007-10-10r4530: Start adding a bit of Doxygen compatible documentation comments to ↵Andrew Bartlett1-3/+23
GENSEC. Andrew Bartlett (This used to be commit c7acea9d5a097b51693f41de93274b857f7be0e3)
2007-10-10r4504: SettingAndrew Bartlett6-9/+10
.enabled = True on modules we know are good (and we want on be default) seems neater. Andrew Bartlett (This used to be commit 18850c66b7c8ac5e8caf08151dbb9b72cf93230f)
2007-10-10r4500: Allow GENSEC modules to be disabled by setting a flag on their moduleAndrew Bartlett4-3/+8
definition, not by hardcoded reference in loadparm.c Andrew Bartlett (This used to be commit 43558eaf7604d2bb0187e0d1ba0686935a965ad7)
2007-10-10r4499: Almost make our Samba4 server pass the RPC-SAMLOGON torture test.Andrew Bartlett1-3/+8
I just need to fix a couple of NTLMv2 issues before we can fully pass, and put this in test_rpc.sh, as a 'should pass' test. Andrew Bartlett (This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)
2007-10-10r4494: Allow gensec_gssapi to use the SPNEGO mech provided by Heimdal (off byAndrew Bartlett1-7/+44
default at this point), and include the GSSAPI OIDs in our source, per advice by lha that this is easier than getting the includes right. Andrew Bartlett (This used to be commit 9ff8b2b4d12d364084df5c95a752ce2a0546053d)
2007-10-10r4470: Try not to have GSSAPI built unless we detected krb5. We should splitAndrew Bartlett1-0/+2
these tests out a bit, but for now it's an indicator we can use. Andrew Bartlett (This used to be commit 2b0605dbaee18da4ebb676fc292b324d21805ef7)
2007-10-10r4460: Add a new GENSEC module: gensec_gssapiAndrew Bartlett4-9/+375
(disabled by default, set parametric option: gensec:gssapi=yes to enable). This module backs directly onto GSSAPI, and allows us to sign and seal GSSAPI/Krb5 connections in particular. This avoids me reinventing the entire GSSAPI wheel. Currently a lot of things are left as default - we will soon start specifiying OIDs as well as passwords (it uses the keytab only at the moment). Tested with our LDAP-* torture tests against Win2k3. My hope is to use this module to access the new SPNEGO implementation in Heimdal, to avoid having to standards-verify our own. Andrew Bartlett (This used to be commit 14b650c85db14a9bf97e24682b2643b63c51ff35)
2007-10-10r4459: GENSEC refinements:Andrew Bartlett5-11/+212
In developing a GSSAPI plugin for GENSEC, it became clear that the API needed to change: - GSSAPI exposes only a wrap() and unwrap() interface, and determines the location of the signature itself. - The 'have feature' API did not correctly function in the recursive SPNEGO environment. As such, NTLMSSP has been updated to support these methods. The LDAP client and server have been updated to use the new wrap() and unwrap() methods, and now pass the LDAP-* tests in our smbtorture. (Unfortunely I still get valgrind warnings, in the code that was previously unreachable). Andrew Bartlett (This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
2007-10-10r4446: attempt to fix the build - andrew, can you check I've done this right?Andrew Tridgell1-1/+1
(This used to be commit 9f0bf657aeee86d859742fb4da3a0f806e7060b6)
2007-10-10r4441: gensec_krb5 update:Andrew Bartlett1-6/+21
- Use more of the clikrb5.c wrapper calls - Don't use the session keytab if we kinit for the user. Andrew Bartlett (This used to be commit e15dbee00628475d5e1c1f329a7f9b199bc36360)
2007-10-10r4435: add another error codeStefan Metzmacher1-0/+1
metze (This used to be commit 02861f63052c48fc85c6694ad8164cc6cc5443d4)
2007-10-10r4431: add WERR_NET_NAME_NOT_FOUNDStefan Metzmacher1-1/+2
metze (This used to be commit 74e65680fa9a6b8f04c6ae62ec1da49659879fb5)
2007-10-10r4429: the owner of a file always gets SEC_STD_DELETEAndrew Tridgell1-6/+5
(This used to be commit 81630d3014c8cbd970bc917e3e9aef337fa211cd)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher6-5/+158
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4413: login failure doesn't warrant a level 1 debug (its filling my logs ↵Andrew Tridgell1-1/+1
during torture tests) (This used to be commit b9284c16dc37bf14fceeaa694e82f36a38b0dd93)
2007-10-10r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logicAndrew Tridgell1-0/+4
(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
2007-10-10r4388: - allow ACE flags to be specified in security_descriptor_create()Andrew Tridgell1-1/+2
- added a test for all combinations of the inheritance ACE flags and how they are propogated to child directories and files (This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
2007-10-10r4386: Grr, fix copy-and-paste bug.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 13aa88ed65a8914000cccbecf80929db3df65037)
2007-10-10r4385: Set the correct target service.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 722f59c7c8d09f548d9325c6051d6687d7aa16c2)
2007-10-10r4364: - added support for testing of chained SMB operations in smbtortureAndrew Tridgell3-6/+140
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell - fixed a bug in handling chained fnum in openx and ntcreatex in the server (yes, I'm on holiday, but this bug was annoying me ....) (This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
2007-10-10r4361: fix the buildStefan Metzmacher1-2/+3
metze (This used to be commit 78b2af77e9e4b97c698d6d9e680207b1df289cb4)
2007-10-10r4358: At metze's request, the Christmas elves have removed gensec_end inAndrew Bartlett2-33/+16
favor of talloc_free(). Andrew Bartlett (This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10r4357: Return a more sensible error code if a NULL (as opposed to the validAndrew Bartlett1-2/+3
"") username is asked for. Andrew Bartlett (This used to be commit 9c9055603e1171e204f67b019900339f88414841)
2007-10-10r4356: Allow anonymous connections to use NTLMSSP. The silly bugs thatAndrew Bartlett1-1/+0
prevented this are gone. Andrew Bartlett (This used to be commit 87dad5ec538abad93d621078a82f162675847f9f)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett10-211/+891
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
2007-10-10r4338: reuse netlogon structs in the krb5 PACStefan Metzmacher1-105/+19
that simplifies the code a lot... also add a note: we should fail the krb5 auth if there's no PAC present (when heimdal is ready for that:-) metze (This used to be commit 532641a7003d23b034a253d166482f18c2de6191)
2007-10-10r4326: fix memory leakStefan Metzmacher1-1/+1
metze (This used to be commit 1ceeb77fc716729c69f2dba4a84579c366eefa1c)
2007-10-10r4325: add the GENSEC_FEATURE_DCE_STYLE flagStefan Metzmacher2-0/+2
this will be used by krb5 dcerpc auth metze (This used to be commit 04dc7fb9b24a1e38f31559ec6032701a176209ae)
2007-10-10r4316: - now that the trans2 code properly supports multi-part requests, we ↵Andrew Tridgell4-7/+7
can set a maximum sized max_data in libcli trans2 code - fixed string termination in the EA_LIST trans2 findfirst level (This used to be commit a2a5f147f4faac8a48ff8f1b3e5f1334c92575bb)
2007-10-10r4315: use the remote hosts max_xmit, not the local hosts, in calculating ↵Andrew Tridgell1-1/+1
max trans2 data sizes (This used to be commit 827008cfebf29d081b457ba7162d89c8150cb24b)
2007-10-10r4263: added support for the trans2 RAW_SEARCH_EA_LIST informationAndrew Tridgell2-2/+61
level. This is quite a strange level that we've never seen before, but is used by the os2 workplace shell. note w2k screws up this level when unicode is negotiated, so it only passes the RAW-SEARCH test when you force non-unicode (This used to be commit 25189b8fbf6515d573e3398dc9fca56505dc37b9)
2007-10-10r4261: added the RAW_FILEINFO_EA_LIST trans2 qfileinfo and qpathinfoAndrew Tridgell2-10/+170
level. Interestingly, this level did now show up on our trans2 scanner previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in the client code. Now that we set that bit, new levels appear in windows servers. (This used to be commit 0b76d405a73e924dc2706f28bbf1084a59c9b393)
2007-10-10r4243: a sniff from kukks showed that the ea_set interface in trans2 ↵Andrew Tridgell2-4/+4
setfileinfo allows for multiple EAs to be set at once. This fixes all the ea code to allow for that. (This used to be commit b26828bef5d55e5eef0e34a164e76292df45e207)
2007-10-10r4229: - added support for multi-part SMBtrans and SMBtrans2 requests in theAndrew Tridgell2-18/+106
client code. This was essential to test the multi-part server code (which I will commit soon) - when the request state is an error, ensure that req->status is not NT_STATUS_OK (This used to be commit ef502c403044b68ccdff15b1a94d447d0f53473d)
2007-10-10r4228: make sure the caller knows the packet is in error when a signing ↵Andrew Tridgell1-0/+1
error occurs (This used to be commit 5e13571e6b9f5eb35f710c2c8bd85b5569665613)
2007-10-10r4202: added smbclient commands "addprivileges" and "delprivileges" forAndrew Tridgell1-0/+46
easily adding/removing privileges from users (This used to be commit 8764909c05c4829d1e4f7eaf8c18e8ef1e53645f)