summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8111: fixed the client library to work against w2k3 with nt status codesAndrew Tridgell2-271/+31
disabled. The main change is to turn off spnego, which cannot work at all without nt status codes (w2k3 gives a ERRHRD:ERRgeneral error when you try) I also modified NT_STATUS_EQUAL() to allow for nt->dos code equality, but only when nt status codes are disabled in smb.conf. That keeps all the existing torture code working, while still allowing us to correctly catch the cases where forced dos error codes are needed The dos->ntstatus mapping table has been removed completely, as it doesn't really make sense, is impossible to get right, and with the new dos status handling isn't needed. When matching a nt status code to a dos status code it makes far more sense to map from the nt code to the dos code and compare, rather than the reverse, as the nt->dos mapping is what windows has to do internally, so there really is a valid mapping table. (This used to be commit f21274e07b361ef40fdc0fe23e96f1c9c63a091c)
2007-10-10r8106: the use of a static string for dos error codes was causing problems inAndrew Tridgell3-186/+121
the torture code. To fix this, get rid of dos_errstr() and instead move the strings into the nt_errstr() table, using cpp to generate the strings (This used to be commit 3136ad9634f0a5ab46e4f83e093df87fdd36484d)
2007-10-10r8104: - added support for our client library to not negotiate nt status ↵Andrew Tridgell5-53/+32
codes, controlled with 'nt status support' option. - make nt_errstr() display nice strings for dos status codes encoded using NT_STATUS_DOS() - no longer map between dos and nt status codes in the client library, instead return using NT_STATUS_DOS() - fixed the RAW-CONTEXT test to look for NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE (This used to be commit ff5549e87ffae9f062394f30d8fd1ae95b614735)
2007-10-10r8003: ensure that we don't try to send a trans request with more than 64k ↵Andrew Tridgell1-0/+8
data or params (This used to be commit b4f2d17ace6a609ec87da103a89e36edee8903f9)
2007-10-10r8002: favor addresses on our local interfaces in NBT name resolution ifAndrew Tridgell1-1/+14
possible. This is needed because w2k3 will return bogus IPs in its name resolution replies when it has an unplugged network interface. (This used to be commit 2fafc230520fb5bbe9f763de94aaba87b56f5411)
2007-10-10r7970: This SMB signing code (merged from 3.0) turned out to be bogus.Andrew Bartlett1-8/+0
Andrew Bartlett (This used to be commit 817160ec1a85724c8bf482f128ea687396de0888)
2007-10-10r7941: fixed handling of ASN.1 objects bigger than 64kAndrew Tridgell1-1/+10
(This used to be commit f88a6018821163a52bdf384142c7d16f5011ab4e)
2007-10-10r7865: changed pidl to take a "const void *" instead of a "void *" for theAndrew Tridgell1-1/+1
structure in ndr_push_*() and ndr_print_*(). The push and print functions really should not modify the structure. metze, to make this work I had to change your spoolss hand marshaller. Can you please check it is OK? I think that the IN and OUT sides of that function are not ever called on the same structure, so I think that attempt at remembering the value by assigning to r->in._offered was not doing anything anyway, but please correct me if I have misunderstood it. If you really do need to remember something on those structures I'd suggest the ndr_token_store() and ndr_token_retrieve() functions, which are used by pidl for just this sort of thing. (This used to be commit eee528be97fa43ca53bdc5652b4d29a0a2caf563)
2007-10-10r7860: switch our ldb storage format to use a NDR encoded objectSid. This isAndrew Tridgell1-1/+1
quite a large change as we had lots of code that assumed that objectSid was a string in S- format. metze and simo tried to convince me to use NDR format months ago, but I didn't listen, so its fair that I have the pain of fixing all the code now :-) This builds on the ldb_register_samba_handlers() and ldif handlers code I did earlier this week. There are still three parts of this conversion I have not finished: - the ltdb index records need to use the string form of the objectSid (to keep the DNs sane). Until that it done I have disabled indexing on objectSid, which is a big performance hit, but allows us to pass all our tests while I rejig the indexing system to use a externally supplied conversion function - I haven't yet put in place the code that allows client to use the "S-xxx-yyy" form for objectSid in ldap search expressions. w2k3 supports this, presumably by looking for the "S-" prefix to determine what type of objectSid form is being used by the client. I have been working on ways to handle this, but am not happy with them yet so they aren't part of this patch - I need to change pidl to generate push functions that take a "const void *" instead of a "void*" for the data pointer. That will fix the couple of new warnings this code generates. Luckily it many places the conversion to NDR formatted records actually simplified the code, as it means we no longer need as many calls to dom_sid_parse_talloc(). In some places it got more complex, but not many. (This used to be commit d40bc2fa8ddd43560315688eebdbe98bdd02756c)
2007-10-10r7856: fixed warning of 'methods' shadowed variableAndrew Tridgell1-4/+4
(This used to be commit c435843c66a5dcc003d157374529c3c5ac733e36)
2007-10-10r7855: fixed a typoAndrew Tridgell1-1/+1
(This used to be commit a1155651e722e28496be02b729c950afae5db9a9)
2007-10-10r7814: Propagate the change in resolve_name_send function.Rafal Szczesniak1-1/+1
(This used to be commit 7abd634701e2f07ad0497cdbb41467b8911369c7)
2007-10-10r7813: Make async request independent from config file routines.Rafal Szczesniak1-11/+3
rafal (This used to be commit 84315cdf0d535ed0fe43bfc7cc4c83bc405c2cfb)
2007-10-10r7810: don't give errors when the ldap server sends us reference repliesAndrew Tridgell1-1/+2
(This used to be commit f2b2d2626f5eb4fbd7d7c5cdcde486d00fc19447)
2007-10-10r7770: added ldaps support to our ldap client libraryAndrew Tridgell3-9/+19
(This used to be commit 8f5c2e8682795258a6361b9516a38a8fabdef150)
2007-10-10r7763: fixed some circular dependenciesAndrew Tridgell1-1/+1
(This used to be commit 3bdf89b0f7521ca39d48dc4c32fe96971d4d60fd)
2007-10-10r7757: Add NTLMv2 support to the NT1 Session setup (ie, not SPNEGO/NTLMSSP)Andrew Bartlett2-45/+80
Session Setup code. Add a mem_ctx argument to a few of the NTLMv2 support functions, and add smb.conf options to control client NTLMv2 behaviour. Andrew Bartlett (This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
2007-10-10r7749: some bug fixes from testing with socket:testnonblockAndrew Tridgell2-6/+11
- fixed some infinite loops in asn1.c - ensure asn1 callers know if an error is end of buffer or bad data - handle npending 0 in ldap server (This used to be commit f22c3b84c8912ccd36e676a782b58f1841be8875)
2007-10-10r7747: - simplified the ldap server buffer handlingAndrew Tridgell1-1/+1
- got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2007-10-10r7746: - added TLS support to our ldap serverAndrew Tridgell1-20/+0
- this involved changing the buffer handling in the ldap server quite a lot, as it didn't handle partial packets at all - removed completely bogus asn1_object_length() function. You can't do that with BER/DER (This used to be commit fed6f4cc6ceaf83aacb581499aeaf6af4ee8ddd2)
2007-10-10r7736: Propagate change in resolve_name function. Let's use default methodsRafal Szczesniak1-1/+1
in this case. rafal (This used to be commit b0bae584a4936845732d68aa7d2ccce4411dd1d7)
2007-10-10r7735: Extend resolve_name function so that it's possible to pass resolveRafal Szczesniak1-8/+16
methods explicitly or NULL for defaults saved in smb.conf. rafal (This used to be commit 121cf5ec3e075a6e37df52caad9fbc8bf7d59339)
2007-10-10r7731: change debug level to not spam the build-farm smbd logStefan Metzmacher1-1/+1
metze (This used to be commit 3a1ed83fd0714fa46055c8fe5b039986909f9a45)
2007-10-10r7725: fixed a bug with partial asn1 frames in the ldap clientAndrew Tridgell1-0/+3
(This used to be commit 0f22306a9c61c1b00aeb0f3bf7e875d9b7b4606d)
2007-10-10r7724: added encoding of LDB_OP_NOT search componentsAndrew Tridgell1-1/+6
(This used to be commit 82b1feeafea57ca1b8d7bf79f777eebcc703769c)
2007-10-10r7723: - fix a mismatched asn1 push/pop on bindAndrew Tridgell1-29/+26
- add error checking to ldap_encode() - fixed the asn1 codes for extended search - use asn1 context macros (This used to be commit 25d500b6e559b9a530ae65a21046cfde0f8c41af)
2007-10-10r7722: when we get a zero read, the connection is deadAndrew Tridgell1-2/+1
(This used to be commit 060323530454edf21b217550b373513e5860146c)
2007-10-10r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage ofAndrew Tridgell3-4/+6
the fact that the ldap data structures now use ldb_message_element. - fixed null termination of elements in ildap (This used to be commit 09060994c1ed12073ae6e1131d7074db8fdc523c)
2007-10-10r7717: fixed some typosAndrew Tridgell1-4/+4
(This used to be commit fc8feee56034fe165359c804d111f80e5b3ebb65)
2007-10-10r7716: a single wrapped ldap blob can contain multiple ldap messagesAndrew Tridgell1-3/+3
(This used to be commit de5f265b6c586335965a6de844c203206261cc3b)
2007-10-10r7715: ensure we don't print null strings in ldap_errstr()Andrew Tridgell1-1/+3
(This used to be commit dc419fc89973c2d7fa333df389b75cb218e8a848)
2007-10-10r7713: fixed error display in ildap_search()Andrew Tridgell1-0/+6
(This used to be commit abc9f4bd89d0eda655f7de01db49cbbb64682bf4)
2007-10-10r7705: prevent SIGPIPE. this is what causes BASE-NEGNOWAIT to sometimes failAndrew Tridgell1-0/+3
(This used to be commit 0163d7fe99caee54c6c2bd614e4f076fd00a6176)
2007-10-10r7704: - fixed open_nbt_connection() to return NULL when the connection failedAndrew Tridgell1-8/+0
- got rid of smbcli_shutdown() and use talloc_free() instead. (This used to be commit 1011b1bf51d420d6702ef448c894ea8ebeafa284)
2007-10-10r7679: update the documentation of security_description_create()Stefan Metzmacher1-2/+5
metze (This used to be commit 6ad7ffab043c3b510f4dff052973a054e5a75779)
2007-10-10r7665: - added a ildap_*() interface to our internal ldap library. ThisAndrew Tridgell5-2/+241
interface is very similar to the traditional ldap interface, and will be used as part of a ldb backend based on the current ldb_ldap backend - fixed some allocation issues in ldb_msg.c (This used to be commit b34a29dcf26f68a2f47380a6c74a4095fdfd2fbe)
2007-10-10r7654: - add a timeout to all smb requests (default 60 seconds)Andrew Tridgell2-0/+50
- add a request destructor, to make it safe to destroy a pending request with talloc_free() (This used to be commit 72c6988767249caa585f37fec4c0afbf41557ec2)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell6-9/+12
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r7626: a new ldap client library. Main features are:Andrew Tridgell8-1001/+776
- hooked into events system, so requests can be truly async and won't interfere with other processing happening at the same time - uses NTSTATUS codes for errors (previously errors were mostly ignored). In a similar fashion to the DOS error handling, I have reserved a range of the NTSTATUS code 32 bit space for LDAP error codes, so a function can return a LDAP error code in a NTSTATUS - much cleaner packet handling (This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)
2007-10-10r7599: it turns out we were not using the ldif code in libcli/ldap/ at all,Andrew Tridgell1-393/+0
so best to just remove it. If we need it again, then it will be easy to just use a wrapper around the ldb code. (This used to be commit b316e1c2d3e4dc09c321ec72b40d78ffb855e101)
2007-10-10r7598: take advantage of struct data_blob and struct ldb_val being the sameAndrew Tridgell2-14/+3
structure in a couple of places (This used to be commit bcd4671acae2be51958cbae23a0ab2dd2b194a5e)
2007-10-10r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pastedAndrew Tridgell4-25/+19
ldif parsing code in libcli/ldap/ldap_ldif.c, and instead use the ldb ldif code. To do that I have changed the ldap code to use 'struct ldb_message_element' instead of 'struct ldap_attribute'. They are essentially the same structure anyway, so by making them really the same it will be much easier to use the ldb code in libcli/ldap/ I have also made 'struct ldb_val' the same as a DATA_BLOB, which will simplify data handling in quite a few places (I haven't yet removed all the code that maps between these two, that will come later) (This used to be commit 87fc3073392236221a3a6b933284e9e477c24ae5)
2007-10-10r7593: simplified the memory management in the ldap code. Having a mem_ctxAndrew Tridgell5-104/+95
element in a structure is not necessary any more. (This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
2007-10-10r7569: Fix typo in comments.Tim Potter1-2/+2
(This used to be commit 64fb327ccf80d2d501ae559a6c4336a066191df0)
2007-10-10r7567: added wire parsing of NOT and extended ldap search requests. ThisAndrew Tridgell1-37/+97
allows us to parse and handle the complex queries we are getting from w2k, such as (|(|(&(!(groupType:1.2.840.113556.1.4.803=1))(groupType:1.2.840.113556.1.4.803=2147483648)(groupType:1.2.840.113556.1.4.804=6))(samAccountType=805306368))(samAccountType=805306369)) (This used to be commit 041bce591306a0fb26bd31fe371e30021ea5c0c1)
2007-10-10r7566: added support for LDAPString types in the asn.1 libraryAndrew Tridgell1-5/+20
(This used to be commit 1a81d28456261ad77181fd12c0b4a9df6aa6a47d)
2007-10-10r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_treeAndrew Tridgell4-36/+17
instead of a search expression. This allows our ldap server to pass its ASN.1 parsed search expressions straight to ldb, instead of going via strings. - updated all the ldb modules code to handle the new interface - got rid of the separate ldb_parse.h now that the ldb_parse structures are exposed externally - moved to C99 structure initialisation in ldb - switched ldap server to using ldb_search_bytree() (This used to be commit 96620ab2ee5d440bbbc51c1bc0cad9977770f897)
2007-10-10r7524: make the ldap ASN.1 filter parse code go via a structAndrew Tridgell1-77/+107
ldb_parse_tree. This also fixes the error handling. next step will be to pass the parse tree straight into ldb, avoiding the string encoding completely. (This used to be commit 235cf625e20767c8d5d30c5955ae45e1fdf88bf2)
2007-10-10r7519: rip the copy of the ldap expression parser out of libcli/ldap/ and useAndrew Tridgell4-421/+43
the original one in lib/ldb/ instead. Having two copies of this code is silly. (This used to be commit 0e9f18c44858b692c724c004f362de9e3dc15db5)
2007-10-10r7483: ensure we try reading from a socket if epoll says we can, and don'tAndrew Tridgell4-4/+6
just do the write. This is needed because the write could return -1/EAGAIN for dgram sockets, if the socket buffer is nearly full. The epoll loop then goes on forever. This was causing some failures in 'make test' (This used to be commit b7fefe76a2d3c288611868f41d65af4e13ac460b)