summaryrefslogtreecommitdiff
path: root/source4/libnet
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r12930: Fix ADS join: I wasn't filling in the flag 'realm' variable any more.Andrew Bartlett1-3/+1
Andrew Bartlett (This used to be commit 5c5a2974c94ae6b929ada7aaa2cd12a15b7468b8)
2007-10-10r12928: This patch improves the interaction between the vampire and provsion ↵Andrew Bartlett2-1/+3
code. Previously, we had to know (or guess) the host and domain guid at the provision stage. Now we query the database post-provision, to extract the values and fill in the zone file. This allows us to generate a correct zone file in the Windows migration case. In an effort to make SWAT easier to use, I have removed and renamed some of the provision options. I have also fixed a nasty issue in my js code. I had implictly declared a global variable of the name 'join', with disasterious results for any subsequent user of the string utility function: esp exception - ASSERT at lib/appweb/ejs/ejsParser.c:2064, 0 Backtrace: [ 0] substitute_var:20 -> list[i] = join("", list2) [ 1] setup_file:9 -> data = substitute_var(data, subobj) Andrew Bartlett (This used to be commit a38ceefd11f8b748f30383ef36a4752f178bfca1)
2007-10-10r12926: Syncronsise GUIDs on users and domains from the server. These alsoAndrew Bartlett5-67/+114
appear in DNS, so need to match. Andrew Bartlett (This used to be commit d092b0493d7c61112ef132c8fb259c15f189c5f6)
2007-10-10r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect toAndrew Bartlett9-251/+440
the remote sever, and to query it for domain information. Provide and use this information in the SamSync/Vampire callbacks, to allow a parallel connection to LDAP, if we are talking to AD. This allows us to get at some important attributes not exposed in the old protocol. With this, we are able to do a all-GUI vampire of a AD domain from SWAT, including getting all the SIDs, servicePrincipalNames and the like correct. Andrew Bartlett (This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
2007-10-10r12894: Add more detail to error messages.Andrew Bartlett1-4/+12
Andrew Bartlett (This used to be commit 31fd39f356c9bc40827b22c0cdb622044d896a85)
2007-10-10r12893: Filling in *error_string is critical for SWAT, as the errors otherwiseAndrew Bartlett1-182/+215
do not propogate back to the user, they just end up in the logfile. Andrew Bartlett (This used to be commit 7c9f8e524bf7f030c56ed42ee7e3a25563a34db4)
2007-10-10r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.Andrew Bartlett2-0/+69
Doing this required reworking ejsnet, particularly so it could take a set of credentials, not just a username and password argument. This required fixing the ejsnet.js test script, which now adds and deletes a user, and is run from 'make test'. This should prevent it being broken again. Deleting a user from ejsnet required that the matching backend be added to libnet, hooking fortunetly onto already existing code for the actual deletion. The js credentials interface now handles the 'set machine account' flag. New functions have been added to provision.js to wrap the basic operations (so we can write a command line version, as well as the web based version). Andrew Bartlett (This used to be commit a5e7c17c348c45e61699cc1626a0d5eae2df4636)
2007-10-10r12886: Rename 'secure_channel_type' parameter to domain join as 'join_type'.Andrew Bartlett2-7/+7
Andrew Bartlett (This used to be commit a3b3e09a9acc66dff7baf1a4ba0ea913bccdbd7d)
2007-10-10r12883: Fix the build...Andrew Bartlett1-3/+1
Andrew Bartlett (This used to be commit 8f7d14048fe29fd2c8b3e3c7aa73b4a854615016)
2007-10-10r12882: Allow the netbios name to be specified at all times.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit f4f4dcf217314980aa114d61a1546d2c18b55baa)
2007-10-10r12881: Hard-coded defaults are silly. We have smb.conf for a reason.Andrew Bartlett1-4/+1
Andrew Bartlett (This used to be commit c9402f9227a02ff0ee77f264f79ef47207ad50ef)
2007-10-10r12873: Fix valgrind-found uninitialised value.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 38e8a6477a112faa78e0791d20ce9bd2e68fd619)
2007-10-10r12872: Add some more detail to debug message.Andrew Bartlett1-3/+9
Andrew Bartlett (This used to be commit cefba10bd5ed1f6d10a071e4239088d91f661a36)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett7-188/+163
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12861: Cope when we are not supplied the messaging context. This is justAndrew Bartlett1-3/+0
another case where we have to fallback to the node status request. Andrew Bartlett (This used to be commit 181064dbcf102de80937fc30b3d3ba5114194a72)
2007-10-10r12858: This moves the libnet_LookupPdc code to use a GetDC request to findAndrew Bartlett11-65/+160
the remote server's name, or in the absence of a local nbt_server to communicate with (or without root access), a node status request. The result is that we are in a better position to use kerberos, as well as to remove the 'password server' mandatory parameter for the samsync and samdump commands. (I need this to put these into SWAT). The only problem I have is that I must create a messaging context, which requires a server ID. As a client process, I don't expect to get messages, but it is currently required for replies, so I generate a random() number. We probably need the servers to accept connections on streamed sockets too, for client-only tasks that want IRPC. Because I wanted to test this code, I have put the NET-API-* tests into our test scripts, to ensure they pass and keep passing. They are good frontends onto the libnet system, and I see no reason not to test them. In doing so the NET-API-RPCCONNECT test was simplified to take a binding string on the command line, removing duplicate code, and testing the combinations in the scripts instead. (I have done a bit of work on the list shares code in libnet_share.c to make it pass 'make test') In the future, I would like to extend the libcli/findds.c code (based off volker's winbind/wb_async_helpers.c, which is why it shows up a bit odd in the patch) to handle getting multiple name replies, sending a getdc request to each in turn. (posted to samba-technical for review, and I'll happily update with any comments) Andrew Bartlett (This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
2007-10-10r12724: fix warningsStefan Metzmacher1-5/+5
metze (This used to be commit 4ca1a9a6063ef0caee09eb5310d079ee054d91b4)
2007-10-10r12719: Rename unicodePwd -> sambaPassword.Andrew Bartlett1-1/+1
Because we don't know the syntax of unicodePwd, we want to avoid using that attribute name. It may cause problems later when we get replication form windows. I'm doing this before the tech preview, so we don't get too many supprises as folks upgrade databases into later versions. Andrew Bartlett (This used to be commit 097d9d0b7fd3b1a10fb7039f0671fd459bed2d1b)
2007-10-10r12696: Reduce the size of include/structs.hJelmer Vernooij3-1/+2
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij2-1/+2
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12670: Make a couple of dependencies stricterJelmer Vernooij1-1/+1
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force specific modules to always be included (This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
2007-10-10r12611: fix compiler warningsStefan Metzmacher2-8/+8
metze (This used to be commit 50940879f6e373adbc83ae6e19168486dafaec34)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij12-23/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij4-0/+6
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12538: Clarify why we are doing the delete here.Andrew Bartlett1-1/+2
Andrew Bartlett (This used to be commit 6d8405038f0033439e1e24eb43c2b7990e01b70c)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij8-39/+16
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-3/+2
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12430: Clarify libnet_join code. Add/fix comments.Andrew Bartlett1-10/+10
Andrew Bartlett (This used to be commit a3372935eee12c99d8c4a29eda45e8d0f1039896)
2007-10-10r12423: Remove DEBUG(0) printouts in favor of more information to the caller.Andrew Bartlett2-5/+4
I assume this works better with SWAT and the like anyway. Andrew Bartlett (This used to be commit b11975703d5e32f6f3ad10079106b1345fa56b5c)
2007-10-10r12421: Handle the case where we are a joining as different account types ↵Andrew Bartlett1-32/+78
far better. Andrew Bartlett (This used to be commit 0ce82e8a41f0fdea9928e3e341680232cc640e18)
2007-10-10r12411: Add 'net samdump keytab <keytab>'.Andrew Bartlett3-0/+151
This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2007-10-10r12254: Add some (hopefully correct) descriptions for libraries that are ↵Jelmer Vernooij1-0/+1
installed. Install pkg-config files. (This used to be commit a86abe84e2cae7c6188c094a92c6b62aace02fdf)
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-3/+4
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)
2007-10-10r12105: Formatting.Rafal Szczesniak1-3/+3
rafal (This used to be commit 13d7b8fa43fe7ae74d511820c4d28f5caf44f006)
2007-10-10r11995: A big kerberos-related update.Andrew Bartlett1-0/+35
This merges Samba4 up to current lorikeet-heimdal, which includes a replacement for some Samba-specific hacks. In particular, the credentials system now supplies GSS client and server credentials. These are imported into GSS with gss_krb5_import_creds(). Unfortunetly this can't take an MEMORY keytab, so we now create a FILE based keytab as provision and join time. Because the keytab is now created in advance, we don't spend .4s at negprot doing sha1 s2k calls. Also, because the keytab is read in real time, any change in the server key will be correctly picked up by the the krb5 code. To mark entries in the secrets which should be exported to a keytab, there is a new kerberosSecret objectClass. The new routine cli_credentials_update_all_keytabs() searches for these, and updates the keytabs. This is called in the provision.js via the ejs wrapper credentials_update_all_keytabs(). We can now (in theory) use a system-provided /etc/krb5.keytab, if krb5Keytab: FILE:/etc/krb5.keytab is added to the secrets.ldb record. By default the attribute privateKeytab: secrets.keytab is set, pointing to allow the whole private directory to be moved without breaking the internal links. (This used to be commit 6b75573df49c6210e1b9d71e108a9490976bd41d)
2007-10-10r11815: A bit more comments and spaces for better readability.Rafal Szczesniak2-1/+11
rafal (This used to be commit 1e831aead17b399289b8161e521e1afd5873c556)
2007-10-10r11813: Const-ify name resolution method list and use string listRafal Szczesniak2-11/+2
utilities to set the context field. rafal (This used to be commit 5da8b457c34236b21f6e88e3a7a12338d0390a4f)
2007-10-10r11794: - fixed a valgrind error in libnet, caused by using a stack variableAndrew Tridgell3-10/+8
after the function has returned (the *address variable was assigned into the state). - changed libnet to use event_context_find() instead of event_context_init(), so it works as a child of existing code that uses a event context (This used to be commit 47ceb2d3558304b4c4fb00582fb25a885cea2ef5)
2007-10-10r11750: More comments.Rafal Szczesniak1-3/+4
(This used to be commit d277b13ced0983d67b22d78e06d692a966e3c6f1)
2007-10-10r11749: 1) Buffer allocation's been moved and isn't needed here.Rafal Szczesniak1-3/+1
2) Connect to a server instead of pdc after locating it. rafal (This used to be commit a7bf9ada34c31f26d13c1575de2ec79ea5948a71)
2007-10-10r11747: Move buffer allocation to libnet_Lookup function so that theRafal Szczesniak1-1/+6
caller is not required to ensure it. rafal (This used to be commit 85456e6c0b50540d9f6ae15a460148a328cf002c)
2007-10-10r11708: Fix allocation of too small buffer to hold ip address.Rafal Szczesniak1-1/+1
Thanks metze for catching that. rafal (This used to be commit 5114ef8d1cc9b6f2206463d4ba76653669728403)
2007-10-10r11705: Fix segfaulting create user function.Rafal Szczesniak1-0/+4
rafal (This used to be commit 6b0c083c9b714bf25709e1db3b2113eb8305e8ef)
2007-10-10r11567: Ldb API change patch.Simo Sorce1-7/+8
This patch changes the way lsb_search is called and the meaning of the returned integer. The last argument of ldb_search is changed from struct ldb_message to struct ldb_result which contains a pointer to a struct ldb_message list and a count of the number of messages. The return is not the count of messages anymore but instead it is an ldb error value. I tryed to keep the patch as tiny as possible bu as you can guess I had to change a good amount of places. I also tried to double check all my changes being sure that the calling functions would still behave as before. But this patch is big enough that I fear some bug may have been introduced anyway even if it passes the test suite. So if you are currently working on any file being touched please give it a deep look and blame me for any error. Simo. (This used to be commit 22c8c97e6fb466b41859e090e959d7f1134be780)
2007-10-10r11410: Fix rejoin as a BDC by modifying, rather than trying to recreate, theAndrew Bartlett1-2/+37
server reference. Andrew Bartlett (This used to be commit 302219928f47cdc3822c3a7d9444339092d9d33c)
2007-10-10r11409: The use of 'password server = ' here is still bogus, but for now atAndrew Bartlett1-0/+2
least don't allow binding to become uninitialised. Andrew Bartlett (This used to be commit e754234a17ebc601720caa66a229d9a842dfebda)
2007-10-10r11407: Push 'recreate account' logic into libnet/libnet_join.c. We don'tAndrew Bartlett2-2/+34
return the pesky USER_EXISTS 'error' code any more, and it is much easier to handle this inline. Andrew Bartlett (This used to be commit a7eb796cf544db3fe16986d8e233d2defe7a7d1b)
2007-10-10r11382: Require number of required M4 macrosJelmer Vernooij1-0/+3
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM Add some more PUBLIC_HEADERS (This used to be commit 875eb8f4cc658e6aebab070029fd499a726ad520)
2007-10-10r11377: Add support for building LIBRARY elements as shared libraries:Jelmer Vernooij1-1/+4
- Adds -rpath bin/ so you don't have to install Samba in order to use compiled binaries. - Writes out pkg-config files when building shared libs - Supports automatic fallback to MERGEDOBJ (which is the default) or OBJ_LIST (if ld -r is not supported) Building with shared libs reduces the size of the Samba binaries from 197 Mb to 60 Mb (including libraries) on my system (GCC4, with debugging). To build with shared libraries support enabled, run: LIBRARY_OUTPUT_TYPE=SHARED_LIBRARY ./config.status init functions don't get called correctly yet when using shared libs, so you won't be able to actually run anything with success :-) Once init functions are done, I'll look at support for loading shared modules once again. Based on a patch by Peter Novodvorsky (nidd on IRC). (This used to be commit 0b54405685674a2b19a28d77aae5b1136b5a4728)
2007-10-10r11349: Actually add all the new spns...Andrew Bartlett1-12/+6
Andrew Bartlett (This used to be commit 63eede2ad3f0238e1a925325c0be08d79f48c33b)