summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6817: - fixed empty ldap search elements in filtersAndrew Tridgell3-1/+19
- added support for guids in cldap netlogon searches. the cldap server now passes the LDAP-CLDAP torture test (This used to be commit eb7979d9def389942fa1c54693d2dfcb8828f544)
2007-10-10r6766: some more cldap tests ...Andrew Tridgell1-3/+13
my best guess now is that w2k3 converts the & in the cldap query to an | for the ldap search. at least it behaves roughly like that. (This used to be commit 1d6ab9aaefee71e3d0f87c1afae8ccdbae1f0e04)
2007-10-10r6764: added support for DomainGuid, DomainSid, AAC, and User attributes inAndrew Tridgell2-8/+40
cldap netlogon queries (This used to be commit 7c1d0f449d3922a309fc86e5d9cb1e962a39805d)
2007-10-10r6763: added functions in libcli/ldap/ to binary encode some NDR structures intoAndrew Tridgell4-2/+89
ldap friendly filter strings (This used to be commit 8890dd3ac331cffe83226a356c52df89c917c2b0)
2007-10-10r6745: - escape spaces in binary ldap blobsAndrew Tridgell2-3/+15
- expose the ldap filter string parsing outside of ldap.c (This used to be commit b644ff6fe164fbe359c47e4d34f5ad490ff61d5b)
2007-10-10r6744: added support for reply packets in libcli/cldap/Andrew Tridgell2-7/+184
(This used to be commit 992858e1b91c3ff05077afa8a7abe155198597d4)
2007-10-10r6732: - move sasl send recv code to the ldap libStefan Metzmacher2-1/+188
- support 'modrdn' ldif metze (This used to be commit b6a1734699953964fcde6fe6ea7048496492eb33)
2007-10-10r6726: support binary search elements in ldap_decode()Andrew Tridgell1-6/+42
(This used to be commit 2b36f1dfdd6cf3ab89f63b541ae4cd905fb03c8d)
2007-10-10r6724: added "cldap port" smb.conf parameterAndrew Tridgell2-4/+26
(This used to be commit 04af0e7c5de467a24b965ce1de2fb07621133164)
2007-10-10r6720: added support for the remaining 2 types of CLDAP netlogonAndrew Tridgell2-3/+4
response. To work around the fact that the type of the returned data is not encoded in the packet, this required adding ndr_pull_union_blob() which allows us to pull a blob into a union with a specified switch value, in this case the switch value comes from the calling NtVer field. (This used to be commit bd27e626c27be72913d1a1569ee6e2e2711df84e)
2007-10-10r6708: Another type of monitor message.Rafal Szczesniak1-0/+5
rafal (This used to be commit f7aaa0bfcae7fd4518256a703ad237693ff0c295)
2007-10-10r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 77b67da5b8187951ba8c25af85bbf716cf5b3561)
2007-10-10r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 6d7f1daaf2a521864994e06b013c36287f27a129)
2007-10-10r6693: first version of cldap client library, with async interfaceAndrew Tridgell3-0/+619
(This used to be commit cbeffe830b2d3aee2ba346034548fa273a08f409)
2007-10-10r6692: used idr_get_new_random() in the nbt client libraryAndrew Tridgell1-13/+4
(This used to be commit a3f64357af75587a855cfedb58ce2583658c7d04)
2007-10-10r6691: fixed a commentAndrew Tridgell1-1/+1
(This used to be commit a0fa871c3fda9fce7da0b110ed313c930a677a80)
2007-10-10r6689: minor ldap client library workAndrew Tridgell2-24/+63
- added support for binary encoded search filters - fixed some const handling - changed the message type to an enum, to help debugging (This used to be commit d5353b63428698d1ce95c50e2626f1841fa637e3)
2007-10-10r6614: Basic approach to monitoring messages for composite functions.Rafal Szczesniak2-0/+53
rafal (This used to be commit 47a7a6c3fcfd1ab159a6baa71cd5c7984334fddb)
2007-10-10r6462: Move the arcfour sbox state into it's own structure, and allocate itAndrew Bartlett1-26/+22
with talloc() for the NTLMSSP system. Andrew Bartlett (This used to be commit 7a93ac49c28d433ccf0f077294f473fe728b9995)
2007-10-10r6460: Push the client credentials into NTLMSSP, allowing logins of the formAndrew Bartlett1-1/+1
user@REALM for the first time. Fix the build for smbencrypt.c Andrew Bartlett (This used to be commit 5a6a57cd93e22e612bfbb8a8f7bc29269a9a3ac6)
2007-10-10r6352: Two new composite calls:Alexander Bokovoy5-4/+628
- qfsinfo (query file system information) - appendacl (append an ACL to existing file's security descriptor and get new full ACL) The second one also includes an improvement to security descriptor handling which allows to copy security descriptor. Written by Peter Novodvorsky <peter.novodvorsky@ru.ibm.com> Both functions have corresponding torture tests added. Tested under valgrind and work against Samba 4 and Windows XP. ToDo: document composite call creation process in prog_guide.txt (This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
2007-10-10r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machinesAndrew Tridgell2-2/+2
Thanks to lars and agruen for finding this (This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
2007-10-10r6338: ADS style GETDC response now works well enough that WinXP can joinAndrew Tridgell1-2/+10
Samba4 without Samba3 nmbd (This used to be commit f4d07d7d3b6973b503d8c98f177471dd6cebfa92)
2007-10-10r6335: at debug level 10, save netlogon and ntlogon packets that fail to parseAndrew Tridgell2-6/+6
(This used to be commit c29279355c679e821665d028f207ee9ed6f857ef)
2007-10-10r6333: removed an extraneous line (pointed out by metze)Andrew Tridgell1-1/+0
(This used to be commit 61d65d100d38529966f3f1803f66ed47540dc852)
2007-10-10r6331: added IDL and test suite for the ADS style response to a datagram ↵Andrew Tridgell1-78/+128
netlogon query. Note that this response is almost identical to the CLDAP netlogon response, so adding that will now be quite easy. (This used to be commit 1ea4ed4ad1d9336f8288283688fa2d7bebfa533c)
2007-10-10r6323: added server side support for dgram NTLOGON requests. NT4 ↵Andrew Tridgell4-9/+28
workstations can now login to a Samba4 domain. (This used to be commit df146d64ebce6b462c08a1f30919390fcf8196cb)
2007-10-10r6321: added IDL and test suite for NBT dgram 'sam logon' request (sent byAndrew Tridgell3-1/+134
clients when a user tries to login) (This used to be commit 08ded62156b387457bc56b5910e1ddc813b375bd)
2007-10-10r6320: some minor netlogon datagram fixes - NT4 can now join a Samba4 domain ↵Andrew Tridgell2-3/+8
without Samba3 nmbd (This used to be commit 4507bdc339505e91118d403948946f4a98a4f562)
2007-10-10r6288: the nbt dgram server now responds to GETDC requests. It works with ourAndrew Tridgell3-2/+44
test suite, but doesn't yet seem to satisfy a nt4 client. I'm investigating. (This used to be commit 406217262dff5adb5d0cb0028198e08f66cc85f4)
2007-10-10r6287: sorted out a small but surprisingly tricky dependency problem with theAndrew Tridgell2-32/+8
ndr code for handling sids and security descriptors now that we have a sid in the nbt IDL (This used to be commit f8e77fcdeac704aed5e501aa9108f3ed0ab26ca4)
2007-10-10r6248: added parsing of type 10 UAS announce netlogon packetsAndrew Tridgell1-0/+7
(This used to be commit d7e6e395cedef47dc182094c91f764e248b9b149)
2007-10-10r6247: added the server side code for receiving mailslot requests, andAndrew Tridgell2-2/+2
parsing incoming netlogon requests. No replies are sent yet. (This used to be commit 3b34df6a674cd2aeddc354cdadae3f0e1c000d45)
2007-10-10r6245: receive and parse the GETDC response in the NBT-DGRAM test. The testAndrew Tridgell3-2/+22
now tries to bind to port 138 if possible, so if you run it as root and smbd/nmbd is not running then it works against windows servers (This used to be commit 52ccdb79bc922be52c24dd393323dbbee83a2aea)
2007-10-10r6223: added a bit more datagram infrastructure and the beginnings of a testAndrew Tridgell4-6/+132
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a windows server sends a reply, but the windows server sends the reply to the wrong port (it always sends to 138), so the test suite doesn't see it. (This used to be commit a7634625dbc944dd8256a822be290010f341a571)
2007-10-10r6209: started added code to support mailslot requests over UDP/138Andrew Tridgell4-7/+305
datagrams. This adds the IDL to parse mailslot packets, plus mailslot dispatch and listener registration code. mailslots are used for UDP/138 browse and netlogon packets (This used to be commit f20e7e5200de736b3451d748ed716be638f93502)
2007-10-10r6185: added LIBCLI_DGRAM to the list of libs to be built as part of LIBCLIAndrew Tridgell1-1/+7
(This used to be commit 47e1452da08d06b0b9f15545b3b2b0631f15bac2)
2007-10-10r6184: the beginnings of the libcli/dgram/ library, and the dgramAndrew Tridgell2-0/+194
server. Currently just listens on port 138 and parses the packets (using IDL like the rest of NBT). This allows me to develop the structures and test with real packets (This used to be commit 10d64a525349ff96695ad961a3cfeb5bc7c8844f)
2007-10-10r6113: Move GENSEC and the kerberos code out of libcli/auth, and intoAndrew Bartlett24-9464/+0
auth/gensec and auth/kerberos. This also pulls the kerberos configure code out of libads (which is otherwise dead), and into auth/kerberos/kerberos.m4 Andrew Bartlett (This used to be commit e074d63f3dcf4f84239a10879112ebaf1cfa6c4f)
2007-10-10r6094: Work on the Kerberos code recently merged from Samba 3.0. This fixesAndrew Bartlett3-31/+53
up issues I introduced during the merge, that caused a segfault. I've still not got the keytab code to work for me (using Samba3 to generate the keytab) so this is still not fully tested, but it's better than it was. To add debugging, I now use the krb5_get_error_message() function from Heimdal when present, to return the custom error string, which contains far, far more information than the simple error code does. (This last point may well be worth merging back into 3.0) Andrew Bartlett (This used to be commit ed5755d9d1e48df7ae77a9410d30e10cb8b0cbd7)
2007-10-10r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in theAndrew Bartlett1-4/+0
client. The issue was actually a cut-and-paste bug, I was filling in the .old not the .nt1 part of the union. I've also removed the 'error checks' - I'll shortly document the API for the credentials code to clarify that it will always return a pointer here, except in cases of programmer error. Tridge: I hope this is OK. Andrew Bartlett (This used to be commit 6439de9ec8c8d24197ea69dc337473e54c8b36b8)
2007-10-10r6074: fixed non-spnego connections for new credentials codeAndrew Tridgell1-1/+5
(This used to be commit ff6663aac8ed475bf65d9c06d7f2447a9827898c)
2007-10-10r6030: Missing from previous commit, a small header file to linkAndrew Bartlett1-0/+35
libcli/auth/schannel.c and libcli/auth/schannel_sign.c Andrew Bartlett (This used to be commit 1e0e66d7202d3f0e7fb3c90f2ca608fa08a713a6)
2007-10-10r6028: A MAJOR update to intergrate the new credentails system fully withAndrew Bartlett22-410/+431
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'. GENSEC now no longer has it's own handling of 'set username' etc, instead it uses cli_credentials calls. In order to link the credentails code right though Samba, a lot of interfaces have changed to remove 'username, domain, password' arguments, and these have been replaced with a single 'struct cli_credentials'. In the session setup code, a new parameter 'workgroup' contains the client/server current workgroup, which seems unrelated to the authentication exchange (it was being filled in from the auth info). This allows in particular kerberos to only call back for passwords when it actually needs to perform the kinit. The kerberos code has been modified not to use the SPNEGO provided 'principal name' (in the mechListMIC), but to instead use the name the host was connected to as. This better matches Microsoft behaviour, is more secure and allows better use of standard kerberos functions. To achieve this, I made changes to our socket code so that the hostname (before name resolution) is now recorded on the socket. In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now in libcli/auth/schannel.c, and it looks much more like a standard GENSEC module. The actual sign/seal code moved to libcli/auth/schannel_sign.c in a previous commit. The schannel credentails structure is now merged with the rest of the credentails, as many of the values (username, workstation, domain) where already present there. This makes handling this in a generic manner much easier, as there is no longer a custom entry-point. The auth_domain module continues to be developed, but is now just as functional as auth_winbind. The changes here are consequential to the schannel changes. The only removed function at this point is the RPC-LOGIN test (simulating the load of a WinXP login), which needs much more work to clean it up (it contains copies of too much code from all over the torture suite, and I havn't been able to penetrate its 'structure'). Andrew Bartlett (This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
2007-10-10r6027: Add copyright, and add a useful debug message.Andrew Bartlett1-2/+3
Andrew Bartlett (This used to be commit b5260cf0d4c4f2e81a310d1c94160c9fbaaa331f)
2007-10-10r6026: Update the kerberos keytab code to match Samba3 again.Andrew Bartlett1-80/+122
(untested at this point). Andrew Bartlett (This used to be commit ef7f9a01b4f3fa41fd7981b260fa2fadc7ce10ad)
2007-10-10r6025: Remove unused variables. This code will be modified again for the newAndrew Bartlett1-6/+2
cli_credentials code shortly. Andrew Bartlett (This used to be commit 13d09c8e9a50ae265059e4a0d92a07c651018a6c)
2007-10-10r5992: Rename schannel.c -> schannel_sign.c. The rest of the schannel codeAndrew Bartlett2-1/+1
(from librpc) will be moved into schannel.c soon. Andrew Bartlett (This used to be commit d6c80ff74b0550641c253316b37f1050c207791c)
2007-10-10r5988: Fix the -P option (use machine account credentials) to use the Samba4Andrew Bartlett1-2/+2
secrets system, and not the old system from Samba3. This allowed the code from auth_domain to be shared - we now only lookup the secrets.ldb in lib/credentials.c. In order to link the resultant binary, samdb_search() has been moved from deep inside rpc_server into lib/gendb.c, along with the existing gendb_search_v(). The vast majority of this patch is the simple rename that followed, (Depending on the whole SAMDB for just this function seemed pointless, and brought in futher dependencies, such as smbencrypt.c). Andrew Bartlett (This used to be commit e13c671619bd290a8b3cae8555cb281a9a185ee0)
2007-10-10r5941: Commit this patch much earlier than I would normally prefer, but ↵Andrew Bartlett2-11/+2
metze needs a working tree... The main volume of this patch was what I started working on today: - Cleans up memory handling around DCE/RPC pipes, to have a parent talloc context. - Uses sepereate inner loops for some of the DCE/RPC tests The other and more important part of this patch fixes issues surrounding the new credentials framwork: This makes the struct cli_credentials always a talloc() structure, rather than on the stack. Parts of the cli_credentials code already assumed this. There were other issues, particularly in the DCERPC over SMB handling, as well as little things that had to be tidied up before test_w2k3.sh would start to pass. Andrew Bartlett (This used to be commit 0453f9d05d2e336fba1f85dbf2718d01fa2bf778)