summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11532: Enable kerberos session setup for winbind smb connectionsVolker Lendecke1-0/+9
(This used to be commit f0e4075db5e913d2262058bb7234c446160823d9)
2007-10-10r11528: Separate finding dcs from initializing a domain. Makes it easier to ↵Volker Lendecke1-0/+2
possibly support cldap and other stuff in the future. This temporarily disables wbinfo -t, but that will come back soon. Try an ldap bind using gss-spnego. This got me krb5 binds against "our" w2k3 and a trusted w2k, although with some memleaks from krb5 and a BAD_OPTION tgs-rep error. Volker (This used to be commit d14948fdf687c8f70ef9ec35445b7eb04da84253)
2007-10-10r11523: Working towards having Samba3 join Samba4, this allows the SASLAndrew Bartlett1-3/+7
credentials to be NULL, where the client is requesting a CIFS style server-first negTokenInit. Andrew Bartlett (This used to be commit eba652ecc89766304fdad14463072dc311693701)
2007-10-10r11521: Add in client support for checking supportedSASLmechanisms, and thenAndrew Bartlett1-2/+55
determining a mechanism to use. Currently it doesn't to fallbacks like SPNEGO does, but this could be added (to GENSEC, not to here). This also adds a new function to GENSEC, which returns a list of SASL names in our preference order (currently determined by the build system of all things...). Also make the similar function used for OIDs in SPNEGO do the same. This is all a very long-winded way of moving from a hard-coded NTLM to GSS-SPNEGO in our SASL client... Andrew Bartlett (This used to be commit 130eb9bb9a37957614c87e0e6846a812abb51e00)
2007-10-10r11487: thanks to make test I noticed a dead lock bug, in the last change,Stefan Metzmacher1-19/+39
this only happens with socket_wrapper as socket_connect() returns NT_STATUS_OK instead of NT_STATUS_MORE_PROCESSING_REQUIRED, and we missed to replace the fde event handler... metze (This used to be commit f04001f28007ad6bbecdcdf0d1d5887e378d2467)
2007-10-10r11485: prevent us from calling the request handler recursiv whenStefan Metzmacher1-0/+3
the handler calls talloc_free(wrepl_socket) metze (This used to be commit bf0b96f057c7f4ac39409c8710ec0cfb55d9fb04)
2007-10-10r11466: Clear up some memory leaks in smbclient.Andrew Bartlett1-2/+6
Andrew Bartlett (This used to be commit 6535959fd7dfddd6bafb77a266ec3a641025f880)
2007-10-10r11424: Fix an uninitialized variable warningVolker Lendecke1-1/+1
(This used to be commit fed26bc4fdb47b5bd1aaa6374b09252c239bbac4)
2007-10-10r11404: Another torture test and a new WERR.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit de83b8cd187b28ecb30550c44f9f84e373df692e)
2007-10-10r11377: Add support for building LIBRARY elements as shared libraries:Jelmer Vernooij1-4/+16
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries. - Writes out pkg-config files when building shared libs - Supports automatic fallback to MERGEDOBJ (which is the default) or OBJ_LIST (if ld -r is not supported) Building with shared libs reduces the size of the Samba binaries from 197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging). To build with shared libraries support enabled, run: LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status init functions don't get called correctly yet when using shared libs, so you won't be able to actually run anything with success :-) Once init functions are done, I'll look at support for loading shared modules once again. Based on a patch by Peter Novodvorsky (nidd on IRC). (This used to be commit 0b54405685674a2b19a28d77aae5b1136b5a4728)
2007-10-10r11369: Implement socket_connect_multi: Connect to multiple ipv4 tcp ports inVolker Lendecke6-426/+154
sequence, with a 2-millisecond timeout between firing the syn packets. Build smbcli_sock_connect_send upon that. Volker (This used to be commit 5718df44d90d113304c5deed1e2e7f82ff9e928f)
2007-10-10r11334: Print error status in debug.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit 3b5ef4208d8e9492fbed1b68251bc62063909854)
2007-10-10r11303: Support defining and installing public headers for libraries.Jelmer Vernooij1-1/+1
Support installing libraries. Get rid of pkg-config file (will be autogenerated later on). (This used to be commit b4745032a2c55752c527026feb221ccc3dce10c8)
2007-10-10r11274: Start a connection attempt to the DC's port 389. To do this ↵Volker Lendecke1-18/+79
properly, make socket_connect and ldap_connect properly async. Volker (This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
2007-10-10r11271: Fix a warning and an infinite recursionVolker Lendecke1-2/+3
(This used to be commit 7bc855359a82010fefa9fd1d4c719292bfc83528)
2007-10-10r11264: Winbind does not rely on the hostname resolution mechanisms ofVolker Lendecke1-1/+5
composite_connect, so in io.in.dest_host I'm setting the IP address. Gensec does not like that as a target hostname, so if a called name is present, use that. So we can session setup using kerberos now. Volker (This used to be commit c26b432c27954c8dc6ac8e702bd5e34a351d15bd)
2007-10-10r11248: Fix anon fallback with spnegoVolker Lendecke1-0/+5
(This used to be commit 13ebdea11532f4810d01095a54d430c36c91d826)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij4-79/+83
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11214: Remove scons files (see ↵Jelmer Vernooij4-119/+0
http://lists.samba.org/archive/samba-technical/2005-October/043443.html) (This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
2007-10-10r11198: The recent changes to netlogon changed this from a RID to a SID.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 24dbf3435277a51dd49c5e2189fc6655260eddf4)
2007-10-10r11114: - fixed error handling on bad bind in ildap clientAndrew Tridgell2-2/+64
- added nicer error display, giving a string version of the error code (This used to be commit 5ec486bb81536b38a5f40cae7555cbcbbfa52263)
2007-10-10r11095: Implement wb_getuserdomgroups.Volker Lendecke1-0/+7
Tridge, if you have the time, you might want to look at a problem I'm having with unix domain stream sockets. From a comment in this commit: /* Using composite_trigger_error here causes problems with the client * socket. Linux 2.6.8 gives me a ECONNRESET on the next read after * writing the reply when I don't wait the 100 milliseconds. */ This is in winbind/wb_cmd_userdomgroups.c:93. The problem I have is that I can not *immediately* send an error reply to the client because the next receive fails. Waiting 100 milliseconds helps. It might also be a problem with epoll(), I don't really know. I'd appreciate if you took a brief look at this, maybe I'm doing something wrong. Thanks, Volker (This used to be commit 3e535cce743710a68a4264e4f66e9c0c4d6770c6)
2007-10-10r11090: we need this to run correct under socket_wrapperStefan Metzmacher1-1/+1
metze (This used to be commit 3f7b09a3086a8b6d255bc3fc5cd8882e12f05d10)
2007-10-10r11052: bring samba4 uptodate with the samba4-winsrepl branch,Stefan Metzmacher4-13/+1
before the bad merge metze (This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
2007-10-10r11037:Stefan Metzmacher4-1/+13
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
2007-10-10r10997: r11980@SERNOX (orig r10037): metze | 2005-09-05 14:21:40 +0200Stefan Metzmacher12-87/+104
add struct nbt_peer_socket and use it instead of passing const char *addr, uint16 port everyhwere (tridge: can you review this please, (make test works) metze (This used to be commit a599d7a4ae881c94be2c2d908a398838549942bb)
2007-10-10r10981: Pull code to decide between and implement NTLMv2, NTLM and LMAndrew Bartlett1-71/+47
authentication out of the various callers and into the kitchen sink.. err, credentials subsystem. This should ensure consistant logic, as well as get us one step closer to security=server operation in future. Andrew Bartlett (This used to be commit 09c95763301c0f7770d56462e8af4169b8c171fb)
2007-10-10r10913: This patch isn't as big as it looks ...Andrew Tridgell1-6/+5
most of the changes are fixes to make all the ldb code compile without warnings on gcc4. Unfortunately That required a lot of casts :-( I have also added the start of an 'operational' module, which will replace the timestamp module, plus add support for some other operational attributes In ldb_msg_*() I added some new utility functions to make the operational module sane, and remove the 'ldb' argument from the ldb_msg_add_*() functions. That argument was only needed back in the early days of ldb when we didn't use the hierarchical talloc and thus needed a place to get the allocation function from. Now its just a pain to pass around everywhere. Also added a ldb_debug_set() function that calls ldb_debug() plus sets the result using ldb_set_errstring(). That saves on some awkward coding in a few places. (This used to be commit f6818daecca95760c12f79fd307770cbe3346f57)
2007-10-10r10878: Reply to some comments by tridge and metze:Volker Lendecke6-23/+107
* rename the composite helper functions from comp_* to composite_* * Move the lsa initialization to wb_connect_lsa.c * Equip smb_composite_connect with a fallback_to_anonymous The latter two simplify wb_init_domain.c quite a bit. Volker (This used to be commit deb127e04ea01ae93394da5ebffb39d81caeb6d9)
2007-10-10r10867: add WERR_UNKNOWN_REVISION errorcodeStefan Metzmacher1-0/+1
metze (This used to be commit b436206c498ea166b8b9fa47638d5f8f6f4752bf)
2007-10-10r10852: Continuation-based programming can become a bit spaghetti...Volker Lendecke1-1/+73
Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker (This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
2007-10-10r10848: Fix warningJelmer Vernooij1-1/+1
(This used to be commit 48d22a991024f19eccaa63848566b311524260c8)
2007-10-10r10847: Fix up new 'decrypt samlogon reply' routine to be more robust, and useAndrew Bartlett1-4/+18
it in the RPC-SAMLOGON test. Andrew Bartlett (This used to be commit 675b7df2eedbcb7ea89c0411f76429d8e2357222)
2007-10-10r10845: Add new function to decrypt the session keys in samlogon responses.Andrew Bartlett1-0/+44
Andrew Bartlett (This used to be commit 6d24d8d12cdc64b180fd6277f0775e943f26e82b)
2007-10-10r10836: giving NT_STATUS_NO_MEMORY, when the connection fails wasn't a good ↵Stefan Metzmacher1-1/+8
idea... metze (This used to be commit e7ee73a747a025a66ac6563172e51f160bc28e0a)
2007-10-10r10810: This adds the hooks required to communicate the current user from theAndrew Bartlett1-0/+25
authenticated session down into LDB. This associates a session info structure with the open LDB, allowing a future ldb_ntacl module to allow/deny operations on that basis. Along the way, I cleaned up a few things, and added new helper functions to assist. In particular the LSA pipe uses simpler queries for some of the setup. In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't been worked on (other than making it continue to compile) since January, and I think the features of this module are being put into ldb anyway. I have also changed the partitions in ldap_server to be initialised after the connection, with the private pointer used to associate the ldb with the incoming session. Andrew Bartlett (This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
2007-10-10r10766: - make it possible to mark a wrepl_request as send only,Stefan Metzmacher2-11/+103
used for WREPL_REPL_INFORM* messsages - make it possible to close the connection after a request was send used for WREPL_ASSOCIATION_STOP - fix the torture test that tests the assoc context handling between connections, you can issue a request and get the reply on another connection, I think we should not implement that in our server code, as I think it's a security hole, you can cause a windows server to send the replies to someone another client, that doesn't wait for data, and as there're no massage_id in the protocol the client would be confused by a replies that doesn't belong to a query metze (This used to be commit dfc95de8fa7ded8ea92cafe58cf86efcc7920156)
2007-10-10r10761: we need to use a pointer to a nbt_name to fix compiler warnings, ↵Stefan Metzmacher2-17/+23
because we can only use a pointers to unknown types in proto.h metze (This used to be commit 2f46e54e1bcf43f1bee062ff9a21e646cc3676e9)
2007-10-10r10754: fixed a valgrind error for unmatched SMB repliesAndrew Tridgell1-3/+3
(This used to be commit b714ab64fd79d5cabc39779774fae7c3861a84da)
2007-10-10r10712: Use data_blob_talloc, thanks to valgrind for finding the errors.Andrew Bartlett1-5/+5
Andrew Bartlett (This used to be commit 1f6fec8e6b0845ae6000eeda65641435fb18c9e3)
2007-10-10r10677: Add smb_composite_connectmulti: Send out multiple SYN packets at ↵Volker Lendecke6-10/+246
once, use the first one that replies correctly. Add a talloc context to smb_composite_connect() Volker (This used to be commit 6b88de182e40cb00a833c085f801fd47c92bbe94)
2007-10-10r10668: added a ildap_search_bytree() functionAndrew Tridgell1-5/+20
(This used to be commit fd6d895ebdb201ac6afaf5c8ec84d003765cdff6)
2007-10-10r10646: Hey Jelmer what do you think of this? The SConscript for the libcliTim Potter1-68/+117
directory now looks like the config.mk file but with different punctuation. The only weird bit is that it creates a proto.h file for each subsystem. (This used to be commit 09d4abecb01fa9159243cfcb33051092f92cef3b)
2007-10-10r10638: - add wrepl_socket_merge() function that creates a wrepl_socket on topStefan Metzmacher1-0/+43
of an existing socket, that is needed to handle WREPL_REPL_UPDATE in the server, because we need to flig the connection and act as client on it metze (This used to be commit 131e5dfe695d427e992b840439743f880b14d82d)
2007-10-10r10636: Formatting for better readability.Rafal Szczesniak2-6/+15
rafal (This used to be commit ef29863d999089c47140bd37731c60659a200421)
2007-10-10r10635: Formatting for better readability.Rafal Szczesniak1-4/+4
rafal (This used to be commit 7b3a4096b5922e4a98ea0a74c0b92bc10d18cddd)
2007-10-10r10627: - use a wrepl specific enum for the node typeStefan Metzmacher2-4/+4
- the unknown flag 0x10 seems to mean that this name was localy registered on this currently asked server, that flag is not present in replica records metze (This used to be commit ba3685c41dc934692bd653f4fe9c0ee451146c40)
2007-10-10r10608: - fix hierachical memory handling in ndr_pull_nbt_nameStefan Metzmacher3-49/+140
- add wrepl_nbt_name scalar type and do the pull/push in the ndr layer instead of the caller - give the flags and group_flag in the wrepl_name a meaning metze (This used to be commit b98efc2905e1147eb97111b46a877bdb9d8dd154)
2007-10-10r10598: Factor out common code, in preperation for a move elsewhere.Andrew Bartlett1-11/+7
Andrew Bartlett (This used to be commit 0d757b169a3d521a0d228bed51aa96cf199d5c42)
2007-10-10r10586: Add MergedObject() builder. Default to Library() ratherJelmer Vernooij1-17/+17
then StaticLibrary() (This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)