summaryrefslogtreecommitdiff
path: root/source4/libnet/libnet_vampire.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect toAndrew Bartlett1-9/+34
the remote sever, and to query it for domain information. Provide and use this information in the SamSync/Vampire callbacks, to allow a parallel connection to LDAP, if we are talking to AD. This allows us to get at some important attributes not exposed in the old protocol. With this, we are able to do a all-GUI vampire of a AD domain from SWAT, including getting all the SIDs, servicePrincipalNames and the like correct. Andrew Bartlett (This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
2007-10-10r12872: Add some more detail to debug message.Andrew Bartlett1-3/+9
Andrew Bartlett (This used to be commit cefba10bd5ed1f6d10a071e4239088d91f661a36)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-37/+79
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12858: This moves the libnet_LookupPdc code to use a GetDC request to findAndrew Bartlett1-1/+1
the remote server's name, or in the absence of a local nbt_server to communicate with (or without root access), a node status request. The result is that we are in a better position to use kerberos, as well as to remove the 'password server' mandatory parameter for the samsync and samdump commands. (I need this to put these into SWAT). The only problem I have is that I must create a messaging context, which requires a server ID. As a client process, I don't expect to get messages, but it is currently required for replies, so I generate a random() number. We probably need the servers to accept connections on streamed sockets too, for client-only tasks that want IRPC. Because I wanted to test this code, I have put the NET-API-* tests into our test scripts, to ensure they pass and keep passing. They are good frontends onto the libnet system, and I see no reason not to test them. In doing so the NET-API-RPCCONNECT test was simplified to take a binding string on the command line, removing duplicate code, and testing the combinations in the scripts instead. (I have done a bit of work on the list shares code in libnet_share.c to make it pass 'make test') In the future, I would like to extend the libcli/findds.c code (based off volker's winbind/wb_async_helpers.c, which is why it shows up a bit odd in the patch) to handle getting multiple name replies, sending a getdc request to each in turn. (posted to samba-technical for review, and I'll happily update with any comments) Andrew Bartlett (This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-2/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-2/+1
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r11409: The use of 'password server = ' here is still bogus, but for now atAndrew Bartlett1-0/+2
least don't allow binding to become uninitialised. Andrew Bartlett (This used to be commit e754234a17ebc601720caa66a229d9a842dfebda)
2007-10-10r8744: Split 'net samdump' out into a separate fileAndrew Bartlett1-230/+42
Work on the talloc memory tree, as I think talloc_reference and other things were biting me. Crush unions in the name of code reform. ;-) Andrew Bartlett (This used to be commit 2eadcf46699f1cc7adb2066e17096f70c7b73998)
2007-10-10r8741: Kill warnings about enums not fully enumerated, as we will never useAndrew Bartlett1-0/+5
all the branches. Andrew Bartlett (This used to be commit 258e5e302e461d789e5c353e1a0d81ce33b52f6b)
2007-10-10r7633: this patch started as an attempt to make the dcerpc code use a givenAndrew Tridgell1-1/+1
event_context for the socket_connect() call, so that when things that use dcerpc are running alongside anything else it doesn't block the whole process during a connect. Then of course I needed to change any code that created a dcerpc connection (such as the auth code) to also take an event context, and anything that called that and so on .... thus the size of the patch. There were 3 places where I punted: - abartlet wanted me to add a gensec_set_event_context() call instead of adding it to the gensec init calls. Andrew, my apologies for not doing this. I didn't do it as adding a new parameter allowed me to catch all the callers with the compiler. Now that its done, we could go back and use gensec_set_event_context() - the ejs code calls auth initialisation, which means it should pass in the event context from the web server. I punted on that. Needs fixing. - I used a NULL event context in dcom_get_pipe(). This is equivalent to what we did already, but should be fixed to use a callers event context. Jelmer, can you think of a clean way to do that? I also cleaned up a couple of things: - libnet_context_destroy() makes no sense. I removed it. - removed some unused vars in various places (This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
2007-10-10r6928: Add support for printing trusted domain names, sids and passwords inAndrew Bartlett1-52/+188
the Samba4 'net samdump'. Andrew Bartlett (This used to be commit b7eeea53b2f0e7b3a25a739e6b4774e2505735d3)
2007-10-10r6927: Make it easier to program with the SamSync callback interface, performAndrew Bartlett1-35/+96
the decryption seperate to the callback functions. Andrew Bartlett (This used to be commit 4209f813add258bf7d805494fc0220696880a0b0)
2007-10-10r6603: More work on the samdump puzzle. This implements a function pointerAndrew Bartlett1-45/+100
callback interface, so we can start dumping into more than just stdout soon. Also use the enums instead of uint32 where possible and valid. Andrew Bartlett (This used to be commit f0c67a4a24dbd7fc32fc864d61a21eeee587178e)
2007-10-10r6573: Start on my project to implement an NT4 compatible BDC in Samba4.Andrew Bartlett1-0/+225
This brings in a compatability layer for Samba3 in Samba4 - where we will start to define file formats and similar details. The 'net samdump' command uses 'password server = ' for now, and performs a similar task to Samba3's 'net rpc samsync'. Andrew Bartlett (This used to be commit 550f17f9924fe783917318753de7d1a388423908)