summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett4-3/+5
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19507: Merge my DSO fixes branch. Building Samba's libraries as shared ↵Jelmer Vernooij1-1/+1
libraries works again now, by specifying --enable-dso to configure. (This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
2007-10-10r19481: - reset the vuid before trying a new session setupStefan Metzmacher1-3/+14
- only touch session->vuid when needed - it make no sense to set an .spnego.out.vuid metze (This used to be commit 1940fbed154c89d29214ddf293128a70a97bf923)
2007-10-10r19480: - clear the whole session struct (only let the pid untouched)Stefan Metzmacher1-1/+4
- zero state struct metze (This used to be commit 97fb407a4cfcf71e95663e437cb7f638ac4028fc)
2007-10-10r19464: Reject passwords that cannot be converted into UCS2.Andrew Bartlett1-2/+8
Andrew Bartlett (This used to be commit c843fce7a0e9b91c4d2de44e7a9ad9599b33ec5c)
2007-10-10r19200: Implement smbcli_rap_netservergetinfo. To be used in ↵Volker Lendecke1-0/+14
RPC-SAMBA3SPOOLSS and others that might need the server name. Volker (This used to be commit 03eaf0edf9f8a6d70375f9f12810b4fbb860290a)
2007-10-10r19162: Merge WERR code from Samba 3.Günther Deschner2-0/+2
Guenther (This used to be commit d9562e0f83d76043da7955e89b1fff8a1d921a36)
2007-10-10r18989: Fixes found by these two LDAP testsuites:Andrew Bartlett2-5/+43
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ - http://gleg.net/protover_ldap_sample.shtml Also fixes found by a subsequent audit of the code for similar issues. (This used to be commit 441a4f6262459dabfefd9bb12622ada9c007a60c)
2007-10-10r18971: avoid strndup is a few places. Fixes a minor memory leak, and shouldAndrew Tridgell1-3/+8
fix RPC-LSA on AIX. (This used to be commit 6cce709d08579f4e00b44b692332a557b0ea3b86)
2007-10-10r18968: EWOULDBLOCK should also be mapped to STATUS_MORE_ENTRIESAndrew Tridgell1-1/+4
(This used to be commit 27114fe1752f20c58948b34264e38db263f7a0ea)
2007-10-10r18965: fixed the bug with RPC-NETLOGON and solaris sparc machines. This bugAndrew Tridgell1-0/+6
took a _LONG_ time to find. The problem was that when encoding/decoding password buffers we use the pull/push string functions, which by default align unicode strings. But on solaris sparc the buffer is not aligned always (its a stack variable, an array of uint8_t). That perfectly OK in C, so we just tell the pull/push functions not to auto-align. (This used to be commit bb7835eced00607eb6b1725be6d96a6dcb842049)
2007-10-10r18916: fixed the messaging layer on *BSD systems. When a socket was full weAndrew Tridgell1-1/+1
were getting ENOBUFS, which mapped to NT_STATUS_NO_MEMORY, which in turn caused the messaging code to loop trying until it gave up. Now it correctly falls back to select. Messaging speed goes from 3 messages per second to over 7000 on my test vmware box. Not bad for a one line change :) (This used to be commit 6568f30adf980c572f9ffd6ff884336ebe652f90)
2007-10-10r18847: Add WERR_NO_SYSTEM_RESOURCES showing up in dfs torture testing.Günther Deschner2-0/+2
Guenther (This used to be commit 692746ff8d1352a93a19ba9d537ca894a2ea186f)
2007-10-10r18835: expand IO limits on SMB2. Samba4 now tops out at 16.7MB IOs.Andrew Tridgell1-1/+1
(This used to be commit 1e34e4d5a1fd3d74080424140e4ab276b6042d12)
2007-10-10r18715: 0x8 style status returns should also fail here (thanks metze)Andrew Tridgell1-1/+1
(This used to be commit f55de25ab30f9270bbd139dc1e683101db1069c8)
2007-10-10r18633: Add a couple of new WERR codes encountered with dfs torture testing.Günther Deschner2-2/+12
Guenther (This used to be commit e2879f6fc21e5ca96b24ed11e4a460a0ebada8c3)
2007-10-10r18309: FreeBSD 6.1 has a symbol ldap_new_connection() in the system ldapAndrew Tridgell1-1/+1
library. Even though we don't like to that library, it gets loaded via nss-ldap, which means nss-ldap calls into the samba ldap lib with the wrong parameters, and crashes. We really need to use a completely different namespace in libcli/ldap/ (This used to be commit c440e0eed9afae5fe69995a7416971e7c8560779)
2007-10-10r18301: I discovered how to load the warnings from a build farm build intoAndrew Tridgell3-6/+9
emacs compile mode (hint, paste to a file, and compile as "cat filename"). This allowed me to fix nearly all the warnings for a IA_64 SuSE build very quickly. (This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
2007-10-10r18280: more portability tidyups, ensuring we use libreplace everywhereAndrew Tridgell1-1/+1
(This used to be commit 4860d0256547b33709cdc109bdf7bb0310c2a5b6)
2007-10-10r18256: use the right status variableAndrew Tridgell1-2/+1
(This used to be commit f4b4bd945f5c3955aab0c3cf89ad6cdda7529dac)
2007-10-10r18243: when setting up a composite continuation, if the context has alreadyAndrew Tridgell1-0/+7
finished when we need to trigger the continuation immediately. Via a fairly complex path, this fixes the problem where all hosts in the build farm that do not have ipv6 failed a lot of the RPC tests. This happened because the dcerpc_connect() async code used a composite_continue() on a context which was already in an error state, due to the socket backend saying that ipv6 was unavailable (This used to be commit dbf935d38b6b1fea5ed00e94c9b1a518cb14768b)
2007-10-10r18213: don't list LIBREPLACE depdendecies explicit andStefan Metzmacher2-2/+1
always at it as first private dependencies metze (This used to be commit 135d096776b53ae09ffc2b4f767dfbd18139570f)
2007-10-10r18211: wct is not a size, so don't use size_tAndrew Tridgell1-1/+1
this should fix a pile of printf format warnings (This used to be commit fe209e360e3857f39355335e4fa6a43b2db23038)
2007-10-10r18130: the move to system/ in libreplace broke some things ... should beAndrew Tridgell2-1/+2
happier now (This used to be commit 18542f184f75074e56a9793a9e3b6c6d747bb9e6)
2007-10-10r18025: Don't try to set a target host if there isn't one (such as with ↵Andrew Bartlett1-5/+7
ldapi://). Andrew Bartlett (This used to be commit 556a21faeed0b6e3cc6efcfa8e0939b151a802de)
2007-10-10r18024: The %c sscanf format I'm using doesn't null terminate.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 1920cb8b3978f745cba7e854410deb9174de2dc0)
2007-10-10r18021: Add ldapi support to our LDAP client. To be used for testing anAndrew Bartlett1-34/+93
OpenLDAP backend. Andrew Bartlett (This used to be commit da66b53e6ac39c5f020781830ee69d460aa0cae5)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij16-14/+607
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17848: Ok, this did not do it. Still got the same problem.Volker Lendecke1-8/+1
(This used to be commit bb393603707ada3d4b917f8374b7738f16c78f46)
2007-10-10r17846: Ok, this is a patch that needs further discussion. On Solaris, ↵Volker Lendecke1-1/+8
snprintf seems to be broken. The %lu modifies apparently can not cope with the high bit==1. In dom_sid_string I added some printfs and got: auth: 21 auth: 2666793276 auth: 679821296 auth: 2310223117 auth: 1206 sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206 The "auth:" values are direct printfs, the sid= is the resulting code from dom_sid_string. I could not reproduce it with a simple test program, and #ifdef'ing out HAVE_SNPRINTF in config.h manually does not help either, probably because the dynamic linker overwrites the symbol in lib/replace. Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host "sunx", I would like to see whether it also fixes IRIX and AIX. Volker (This used to be commit 1a9401738f652a87d377a32086342f5f98525fc2)
2007-10-10r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on theStefan Metzmacher3-3/+3
configure check for the interfaces. should fix the build on some old sun boxes metze (This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
2007-10-10r17567: add error code I got from DsGetNCChangesStefan Metzmacher2-0/+4
when I don't use the DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION flag on DsBind metze (This used to be commit 8458ee72c5c1005ab80b9f7ea6efe617e5c76106)
2007-10-10r17430: implement the LDAP_SERVER_PERMISSIVE_MODIFY control in the clientStefan Metzmacher1-0/+20
metze (This used to be commit 96259f0f24b114e505241c9d2deb702a8b40f1b6)
2007-10-10r17429: implement the LDAP_SERVER_SHOW_DELETED control in the clientStefan Metzmacher1-0/+20
metze (This used to be commit 40dc7c1787c16bfc15ac87fee81d2d2d1f3d2fde)
2007-10-10r17420: add client support for the LDAP_SERVER_DOMAIN_SCOPE controlStefan Metzmacher1-0/+20
metze (This used to be commit 84e74a759cfa49ebc8b4ba1b8e729d6d920fc55a)
2007-10-10r17419: add client support for the LDAP_SERVER_SEARCH_OPTIONS support.Stefan Metzmacher1-0/+59
with this you can limit a search to a specific partitions or a search over all partitions without getting referrals. (Witch is the default behavior on the Global Catalog Port) metze (This used to be commit 4ccd0f8171f3748ee6efe1abd3f894d2cdf46bf4)
2007-10-10r17418: add client support for the LDAP_SERVER_SD_FLAGS controlStefan Metzmacher1-0/+59
metze (This used to be commit 23759a1e9b05c4fde475a9016cb0b7447656d7e7)
2007-10-10r17414: add new error codeStefan Metzmacher2-0/+2
metze (This used to be commit e15a015a1d9aa3872271c0c5542e7d055a6f673a)
2007-10-10r17319: make better usage of the composite apiStefan Metzmacher1-28/+20
metze (This used to be commit 8f9e201b9a797c0772672efab0f8e6a7a6312eb0)
2007-10-10r17318: make better usage of the composite apiStefan Metzmacher2-51/+13
metze (This used to be commit 683fc25f6524a3821ba70529251aabe97bad9370)
2007-10-10r17317: - add a composite_create() function that allocates and initializeStefan Metzmacher2-0/+29
the composite_context structue, we should try to convert all code to use this because there're a lot of places where the we have bugs with this task... - add a composite_continue_smb2() helper We should try to hide the internals of the composite code from the users to avoid errors (and I found a lot of them... and will fix then step by step) metze (This used to be commit a16180f20246844d05996d385fcb71893e08f589)
2007-10-10r17278: fix un uninitialized value found by valgrindStefan Metzmacher1-0/+1
metze (This used to be commit fe463bc568e8ac78ca161bcba3e867d33bb828b3)
2007-10-10r17277: we need to trigger an event when we return directly,Stefan Metzmacher1-1/+1
otherwise the callers callback function will not be called and the caller is hanging forever... metze (This used to be commit e231eba828486e68c9d3a246e1e0c943fdb8301c)
2007-10-10r17230: don't overwrite the error with NT_STATUS_NO_MEMORYStefan Metzmacher1-10/+7
metze (This used to be commit f2196bf9b662d3f38d59eceb8c54f9d2e3f7b505)
2007-10-10r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett2-14/+18
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett4-95/+26
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17083: - implement SMB2 Cancel in the clientStefan Metzmacher5-5/+105
- the 0xffffffffffffffff seqnum is reserved for SMB2 Break (oplock breaks) so don't use it in a request. we should someday try to test this... metze (This used to be commit 730cdc4475822e28cb400116641294a7f98ad0b5)
2007-10-10r17082: Add a test that walks and tests denying tconX access via the share ↵Volker Lendecke1-0/+18
security descriptor. This is something that W2k3 does _not_ pass and probably is not expected to, it seems the don't check access at tconX time. Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the length of the sd can be encoded in idl. As metze says, there's probably more to the share secdesc, this needs more testing. This one is here to walk the samba3 code. Volker (This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
2007-10-10r17081: add idle handler support to the smb2 client lib tooStefan Metzmacher2-0/+45
metze (This used to be commit 1f48e7dca6a06078f3655a7f7a8f109bd6c0cb8e)
2007-10-10r17020: pass the real error to the failing requestsStefan Metzmacher2-8/+16
metze (This used to be commit 49b96ac44a883c020c69df7a12df154dc4faa4d5)