Age | Commit message (Collapse) | Author | Files | Lines |
|
this allows you to specify a target SPN for a connection
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
NT_STATUS_NET_WRITE_FAULT
metze
|
|
metze
|
|
dcerpc_binding_handle stubs
metze
|
|
metze
|
|
metze
|
|
metze
|
|
this works around some terrible use of talloc in the libnet code
|
|
We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.
The anonymous connection can then change the password with SAMR.
Andrew Bartlett
|
|
Guenther
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
Andrew Bartlett
(This used to be commit def46f6852075e1efe2bb7c5a7cffa5defdbb4ee)
|
|
(This used to be commit eeb2251d22b3d6e0379444a73af69d1014692b07)
|
|
metze
(This used to be commit 84651aee81aaabbebf52ffc3fbcbabb2eec6eed5)
|
|
convention change.
rafal
(This used to be commit 6ab10b2ed256fa3c55d1af8ddcc9dfdaf4598a1e)
|
|
laptop for a while.
rafal
(This used to be commit c257363adbc2e8ab577bb86a5b4dbef3caf802ef)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
rename private -> private_data
metze
(This used to be commit 58551f2f28fce8f1fcd04736c47ecd7458f32ea2)
|
|
rafal
(This used to be commit 969b175c739ca29b04c15a26a05f317703eed656)
|
|
rafal
(This used to be commit 16f1f075fb5c1afb959511a075e59fd908ca4b03)
|
|
mimir: please take a look!
metze
(This used to be commit 0b4da84d7044c31a84491c4d61dcdfff38177f44)
|
|
tests). The issue is that Win2k3 SP1 will not answer many LSA
requests on that port (I think this is as a security measure).
In this case, we need to skip ahead in the composite functions.
We were also checking the wrong variable to determine sucess/failure
of the LsaOpenPolicy2.
Andrew Bartlett
(This used to be commit 67c191305fa97470017e7e8a5b55fc0949d432ad)
|
|
a composite call - don't leave it unset.
rafal
(This used to be commit 8bd57beca19bd2c76d58b64ddd12553b0adce595)
|
|
to perform a lookup once, resolve the name to an IP, while still
communicating the full name to the lower layers, for kerberos etc.
This fixes 'net samdump', which was failing due to the schannel target
name being *smbserver.
Andrew Bartlett
(This used to be commit 0546f487f4cc99b5549dc1e457ea243d4bd66333)
|
|
properties more consistently reflected.
2) Add domain open routine for lsa pipe - this is needed for ongoing
name resolve function.
Tests (still neglected) and comments to follow.
rafal
(This used to be commit fe5652c2b8121bbe3b9932c43164035355478611)
|
|
rafal
(This used to be commit 04c94e4a52b9253c6d2ae6e8376338f0b20dd070)
|
|
on ncacn_np, as abartlet suggested. Also, named pipe remains the default
transport for all kinds of servers to be contacted.
rafal
(This used to be commit 76888c74a66317a9888ea4c0965f0d33124c222f)
|
|
using different transport and possibly address type, when
the first attempt fails (only if it makes any sense, of course).
This may be especially useful when connecting DCs and PDCs in
mixed environments.
Also, add monitor messages issuing.
rafal
(This used to be commit d69b31230dd01efadd9c0cc6ef31c794c6165881)
|
|
rafal
(This used to be commit fa6b52dbf7321d1a7f0fdea32ab2605951c2b35a)
|
|
the current API we need to check both that the RPC didn't fault, and
that the query succeeded.
Also print the right things in debug messages.
Andrew Bartlett
(This used to be commit d18e515391f8f5038e9aaaba596099052011b53a)
|
|
- don't check for mem_ctx, ctx and r, we should crash when they're wrong
as it's a programmer error!
- pass the error string to the caller
metze
(This used to be commit 5f65447f5dfafa6771a532c86fe2f87287c5467d)
|
|
a bit more smart and more aware of what libnet_context can offer.
The context is a help when some of the arguments are not passed
(programmer counts on using sensible defaults) and stores some of
results so that similar subsequent calls don't need to reopen some
of policy handles, pipes, etc. again. It also helps to hide some
of details the library user don't really want to know much about.
Also, change domain open function to be part of public api, as
it is going to be used in ejsnet interface.
Note, this is work in progress. Comments are welcome.
rafal
(This used to be commit 1ed80c594c2f466e364a11194d6fdc30ac4a8f27)
|
|
rafal
(This used to be commit 12d0faf9bc4c97b61879e8f7bb0419f4553bb340)
|
|
from returning uninitialised structure member. Thank heavens for build
farm and valgrind :)
rafal
(This used to be commit daca283990c7a8b6efc952c9308c43b68dd49f06)
|
|
and comment-fixes.
rafal
(This used to be commit d35f1e07bed594dfae5421209c4318fe5e66a5aa)
|
|
and make it async. Also, update any other usages of old function.
Build goes fine and so do tests, comments to follow.
rafal
(This used to be commit aef0a2de9d2f01a6f619e3fccc8715288f5c37a3)
|
|
rafal
(This used to be commit 44b89cd47a1eb635f09ef97e6a828c40962c2322)
|
|
rafal
(This used to be commit 473d6c8e685a0c730c57534cfa079e465de9b233)
|
|
rafal
(This used to be commit 1ba4245fcbe808b4537eff74792d1bc7b94108b9)
|
|
rpc-related calls.
rafal
(This used to be commit 860f9bcb1ef76ccee59187aa182d4fb765ef5ecd)
|
|
(This used to be commit f7312dab3b9aba2b2b82e8a6e0c483a32a03a63a)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
|
|
appear in DNS, so need to match.
Andrew Bartlett
(This used to be commit d092b0493d7c61112ef132c8fb259c15f189c5f6)
|
|
the remote sever, and to query it for domain information.
Provide and use this information in the SamSync/Vampire callbacks, to allow a
parallel connection to LDAP, if we are talking to AD. This allows us
to get at some important attributes not exposed in the old protocol.
With this, we are able to do a all-GUI vampire of a AD domain from
SWAT, including getting all the SIDs, servicePrincipalNames and the
like correct.
Andrew Bartlett
(This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
|
|
In librpc, always try SMB level authentication, even if trying
schannel, but allow fallback to anonymous. This should better
function with servers that set restrict anonymous.
There are too many parts of Samba that get, parse and modify the
binding parameters. Avoid the extra work, and add a binding element
to the struct dcerpc_pipe
The libnet vampire code has been refactored, to reduce extra layers
and to better conform with the standard argument pattern. Also, take
advantage of the new libnet_Lookup code, so we don't require the silly
'password server' smb.conf parameter.
To better support forcing traffic to be sealed for the vampire
operation, the dcerpc_bind_auth() function now takes an auth level
parameter.
Andrew Bartlett
(This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
|
|
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.
The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands. (I need this to put these into SWAT).
The only problem I have is that I must create a messaging context, which
requires a server ID. As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number. We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.
Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing. They are good
frontends onto the libnet system, and I see no reason not to test them.
In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.
(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')
In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.
(posted to samba-technical for review, and I'll happily update with
any comments)
Andrew Bartlett
(This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
|
|
dcerpc_interface_table struct rather then a tuple of interface
name, UUID and version.
This removes the requirement for having a global list of DCE/RPC interfaces,
except for these parts of the code that use that list explicitly
(ndrdump and the scanner torture test).
This should also allow us to remove the hack that put the authservice parameter
in the dcerpc_binding struct as it can now be read directly from
dcerpc_interface_table.
I will now modify some of these functions to take a dcerpc_syntax_id
structure rather then a full dcerpc_interface_table.
(This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
|